メインコンテンツへスキップ

Remediate & Review Security Risk Concerns via Cloud Security Explorer

Implementation Effort: Medium
Customer IT and Security Operations teams must use graph-based queries and contextual insights to identify and remediate risks across cloud environments.

User Impact: Low
All actions are performed by administrators; no user-facing changes or notifications are required.

Overview

Cloud Security Explorer in Microsoft Defender for Cloud enables security teams to proactively identify and remediate security risks that could impact databases and other sensitive assets. It uses graph-based path-finding queries to analyze misconfigurations, vulnerabilities, and lateral movement opportunities across Azure, AWS, and GCP environments.

Key Capabilities

  1. Run Security Risk Queries

    • Navigate to Microsoft Defender for Cloud > Cloud Security Explorer.
    • Use built-in or custom queries to identify:
      • Misconfigured database access
      • Publicly exposed data stores
      • Secrets stored in plaintext on VMs 1

  2. Explore Contextual Attack Paths

    • Combine asset metadata (e.g., exposure, sensitivity, access level) with security findings.
    • Identify how attackers could move laterally from one resource to another to reach sensitive databases 1.

  3. Review Secrets and Sensitive Data Risks

    • Use queries to find secrets on machines that could lead to database compromise.
    • Review metadata such as last access time, token expiration, and exposure level 2.

  4. Remediate Findings

    • Go to Defender for Cloud > Recommendations.
    • Select relevant recommendations (e.g., “Machines should have secrets findings resolved”).
    • Expand Affected resources and follow the Remediation steps provided 2.

  5. Prioritize Based on Risk

    • Focus on assets exposed to the internet or those with access to sensitive data.
    • Use the Attack Path Analysis tool to validate whether a finding is part of a known attack path 3.

This process supports the Zero Trust principle of "Assume Breach" by identifying and closing potential attack vectors before they can be exploited. Without using Cloud Security Explorer, organizations may miss complex, multi-step risks that expose databases to compromise.

Reference