Binary drift detection released as GA

October 2024 Update

Binary drift detection released as GA
Binary drift detection is now released as GA in the Defender for Container plan. Please note that binary drift detection now works on all AKS versions.

Updated containers runtime recommendations (preview)
The preview recommendations for "Containers running in AWS/Azure/GCP should have vulnerabilities findings resolved" are updated to group all containers that are part of the same workload into a single recommendation, reducing duplications and avoid fluctuations due to new and terminated containers.

Kubernetes Identity and Access information in the security graph (preview)
Kubernetes Identity and Access information is added to the security graph, including nodes that represent all Kubernetes Role Based Access Control (RBAC) related entitles (service accounts, roles, role bindings, etc.), and edges that represent the permissions between Kubernetes objects. Customers can now query the security graph for their Kubernetes RBAC, and related relationships between Kubernetes entities (Can Authenticate As, Can Impersonate As, Grants Role, Access Defined By, Grants Access To, Has Permission To, etc.)

Kubernetes Identity and Access information-based attack paths (preview)
Using the Kubernetes RBAC data in the security graph, Defender for Cloud now detects to Kubernetes, Kubernetes to Cloud, and inner Kubernetes lateral movement and reports on another attack paths where attackers can abuse Kubernetes and Cloud authorization for lateral movement to, from, and within Kubernetes clusters.

Improved attack path analysis
The new attack path analysis engine released last November now supports container use cases as well, dynamically detecting new types of attack paths in cloud environments based on the data added to the graph. We can now find more attack paths for containers and detect more complex and sophisticated attack patterns used by attackers to infiltrate cloud and Kubernetes environments.

Full discovery of container images in supported registries
Defender for Cloud now collects inventory data for all container images in supported registries, providing full visibility within the security graph to all images in your cloud environments, including images that currently don't have any posture recommendations.

Querying capabilities through the Cloud Security Explorer are improved so users can now search for container images based on their metadata (digest, repository, OS, tag, and etc.)

Containers software inventory with Cloud Security Explorer
Customers are now able to get a list of software installed in their containers and container images through the Cloud Security Explorer. This list can also be used to quickly gain other insights into the customer environment, such as finding all containers and container images with software impacted by a 0-day vulnerability, even before a CVE is published.