< ciso
brief />
Tag Banner

All news with #defender for cloud tag

4 articles

Microsoft named a leader in Frost Radar for CARS

🔒 Microsoft highlights its recognition in Frost & Sullivan’s 2026 Frost Radar for Cloud/Application Runtime Security, emphasizing a shift from visibility to contextual risk reduction across cloud infrastructure, applications, APIs, and runtimes. The post explains how Microsoft Defender for Cloud integrated with Microsoft Defender XDR correlates posture, identity, data, and runtime signals to prioritize exploitable attack paths. It argues that unified platforms reduce alert fatigue, speed remediation, and enable continuous risk operations across development and runtime.
read more →

CNAPP evolution: Microsoft aligns with cloud risk platforms

🔍 Cloud security is shifting from mere visibility to context-aware risk reduction across multicloud, Kubernetes, APIs, and AI workloads. The Frost & Sullivan 2026 Frost Radar positions CNAPP as an operational cloud risk platform that correlates posture, workload, identity, data, and runtime signals. Microsoft Defender for Cloud is highlighted among leading vendors for connecting findings into prioritized, actionable attack paths and enabling continuous risk validation across the application lifecycle.
read more →

Exploitable Misconfigurations in Cloud AI Deployments

🔒 Microsoft Defender research shows AI and agentic applications on cloud-native platforms are frequently deployed with insecure defaults and missing authentication, creating exploitable misconfigurations. Observed exposures include public MCP servers, unsecured Helm chart installs, and unauthenticated agent frameworks that enable remote code execution, credential theft, and access to internal tools. Defender for Cloud can detect exposed Kubernetes services and unsafe deployment patterns to help teams prioritize remediation.
read more →

Storm-0501 Shifts to Cloud-Based Ransomware Tactics

🔒 Microsoft Threat Intelligence reports that financially motivated actor Storm-0501 has shifted from on‑premises endpoint encryption toward cloud‑native ransomware tactics emphasizing rapid data exfiltration, destruction of backups, and extortion. The actor leverages compromised Entra Connect sync accounts, DCSync, and hybrid‑joined devices to escalate to Global Administrator and gain full Azure control. In cloud environments they abuse Azure operations (listing storage keys, AzCopy exfiltration, snapshot and resource deletions) and create malicious federated domains for persistence and impersonation. Microsoft recommends hardening sync configurations, enforcing phishing‑resistant MFA, enabling Defender for Cloud and storage protections, and applying least‑privilege access controls.
read more →