At today’s Ignite conference, Microsoft announced Defender Cloud Security Posture Management and Defender for DevOps, two new offerings in the company’s Defender for Cloud service (formerly Cloud App Security) aimed at managing software development and runtime security across environments multi-cloud, multi-pipeline. Currently available in public preview, working with GitHub and Azure DevOps to launch, with additional product integrations coming down the line.
In a chat with TechCrunch, Microsoft’s CVP of cloud security Shawn Bice said that Defender for DevOps and Defender Cloud Security Posture Management (or Defender CSPM, to refer to it by its more user-friendly acronym) emerged of the challenges companies increasingly face as they use cloud services to develop and manage applications. These customers often have incomplete visibility and a lack of mitigation priority, he said, making their security reactive as opposed to proactive.
There is truth in this. According to a 2020 report from Orca Security, 59% of cybersecurity teams report receiving more than 500 cloud security alerts per day — a large portion of which are false positives. Proliferation of tools is often cited as a challenge to maintaining code security. Responding to a GitLab survey from August, 41% of DevOps teams said they used six to 10 tools in their development toolchains, causing them to miss security issues.
“The accelerating cloud transformation journey for our customers has created an urgent need for a unified solution to manage security from development to runtime in multicloud and multi-pipeline environments,” Bice said via email.
To this end, Defender CSPM leverages artificial intelligence algorithms to perform risk analyzes in software programming environments. The resulting suggestions and insights are fed into source code management platforms such as GitHub and Azure DevOps to advance remediation efforts. Alternatively, users can create workflows associated with security recommendations to trigger automated remediation.
Defender CSPM also provides “attack queries” that security teams can use to explore risk and threat data, as well as a dashboard that displays all rules applied in developer environments and tools that allow security administrators to define new rules .
As for Defender for DevOps, it shows the security posture of application code and resource configurations before production. Security teams can use the service to enable templates and container images designed to minimize the chance of misconfigured cloud configurations reaching production environments.
“Leverage [insights] in Defender for Cloud, security administrators can help developers prioritize critical code fixes with active remediation and assign developer ownership by enabling custom workflows,” Bice explained.
With the launch of Defender CSPM and Defender for Cloud, it’s clear that Microsoft is looking for a bigger piece of the huge and growing DevSecOps segment. Grand View Research estimates that the DevSecOps market — which spans tools that automate security practices at every step of software development — was worth $2.79 billion in 2020.
Startups including Spectral, which aims to identify potential security issues in codebases and logs, and Cycode, which offers tools to secure DevOps pipelines, can be seen as competitors. However, Microsoft’s scale — and the fact that both Defender CSPM and Defender for Cloud are free for Defender for Cloud customers during the preview period — give it an advantage.
“Microsoft is committed to providing security for everyone,” added Bice, “[with] a comprehensive cloud security benchmark across multiple clouds.”