Agentless container posture in Defender CSPM

The Defender for Cloud Security Posture Management (CSPM) plan in Defender for Cloud provides container posture capabilities for Azure, AWS, and GCP. For requirements and support, see the Containers support matrix in Defender for Cloud.

Agentless container posture provides easy and seamless visibility into your Kubernetes assets and security posture, with contextual risk analysis that empowers security teams to prioritize remediation based on actual risk behind security issues, and proactively hunt for posture issues.

Capabilities

Agentless container posture provides the following capabilities:

  • Agentless discovery for Kubernetes - provides zero footprint, API-based discovery of your Kubernetes clusters, their configurations, and deployments.
  • Comprehensive inventory capabilities - enables you to explore Kubernetes resources: clusters, workloads, networking, node pools, container registries, container image software, K8s configuration, and security insights through security explorer to easily monitor and manage your assets.
  • Agentless vulnerability assessment - provides vulnerability assessment for Kubernetes node pools, container images, including recommendations for registry and runtime, near real-time scans of new images, daily refresh of results, exploitability insights, and more. Vulnerability information is added to the security graph for contextual risk assessment and calculation of attack paths, and hunting capabilities.
  • Attack path analysis - Contextual risk assessment exposes exploitable paths that attackers might use to breach your environment and are reported as attack paths to help prioritize posture issues that matter most in your environment.
  • Enhanced risk-hunting - Enables security admins to actively hunt for posture issues in their containerized assets through queries (built-in and custom) and security insights in the security explorer.
  • Control plane hardening - Defender for Cloud continuously assesses the configurations of your clusters and compares them with the initiatives applied to your subscriptions. When it finds misconfigurations, Defender for Cloud generates security recommendations that are available on Defender for Cloud's Recommendations page. The recommendations let you investigate and remediate issues. For details on the recommendations included with this capability, check out the container recommendations of the type control plane.
  • Critical Asset protection - enables security administrators to automatically tag "crown" jewels" resources that are most critical to their organizations, allowing Defender for Cloud to provide them with the highest level of protection and prioritize security issues on those assets above anything else.

Next steps