Securing Containers with Microsoft Defender for Containers

Microsoft Defender for Containers is a cloud-native container security solution that allows you to manage, monitor, and maintain the security of your clusters, containers, and applications.

Defender for Containers aids you in the three most important elements of container security:

1. Environment Hardening - Defender for Containers secures your Kubernetes clusters by continuously monitoring them no matters whether they are running on Azure Kubernetes Service, Kubernetes on-premises/IaaS, or Amazon EKS. Defender for Containers regularly evaluates clusters to give visibility into misconfigurations as well as advice to assist in mitigating detected risks. When Defender for Cloud detects misconfigurations, it creates security suggestions, which are shown on the Recommendations page. The recommendations allow you to investigate and remediate issues
2. Vulnerability assessment - Do Vulnerability Assessment for Container images stored in ACR Registry Tools for assessing and managing vulnerabilities in container images saved in ACR registries and operating on Azure Kubernetes Service.
3. Threat protection for nodes and clusters at runtime - Threat protection for clusters and Linux nodes creates security warnings for suspicious activities. Admin can use these recommendations to quickly rectify security risks and improve container security. Defender for Containers goes beyond the Kubernetes management layer and also provides host-level threat detection along with over 60 Kubernetes-aware analytics, AI, and anomaly detections that are focused on your runtime workload.

Enabling Defender for Containers in your environment

1. From Defender for Cloud's menu, open the Environment settings page and select the relevant subscription.

In the Defender plans page, enable Defender for Containers. As Auto Provisioning is enabled by default, Microsoft Defender for Cloud will automatically install the required components to provide the protection, as soon as you enable the plan. You can disable auto provisioning in case needed selecting Edit Configuration.

Post analysis, you can view recommendations given by Microsoft Defender for Containers in Defender for Cloud Console.

Conclusion

Microsoft Defender for Containers is a cloud-native container security solution that allows you to manage, monitor, and maintain the security of your clusters, containers, and applications. It provides environment hardening, vulnerability assessment, and threat protection for nodes and clusters at runtime.