주요 콘텐츠로 건너뛰기

Remediate & Review Attack Path Risks

Implementation Effort: Medium
Customer IT and Security Operations teams must use Defender for Cloud’s attack path analysis and remediation tools to identify and mitigate risks to sensitive data.

User Impact: Low
All actions are performed by administrators; no user-facing changes or notifications are required.

Overview

Microsoft Defender for Databases, through its integration with Defender for Cloud, enables organizations to identify and remediate attack paths that could lead to data breaches. These attack paths are visualized in the Attack Path Analysis tool, which highlights how misconfigurations, vulnerabilities, and excessive permissions can be exploited to access sensitive data.

Key Capabilities

  1. Explore Attack Paths

    • Go to Microsoft Defender for Cloud > Attack path analysis.
    • Use the Risk Factors filter to select Sensitive data.
    • Review predefined attack paths such as:
      • Internet-exposed databases with sensitive data
      • VMs with high-severity vulnerabilities and access to data stores
      • Publicly accessible AWS S3 buckets or RDS snapshots 1

  2. Investigate Risks

    • Click on a specific attack path to view affected resources.
    • Expand the Insights section to see sensitivity labels and data exposure details 1.

  3. Remediate Recommendations

    • Select the attack path and click Remediation.
    • Choose a recommendation and follow the guided steps to resolve it.
    • Remediation may involve:
      • Restricting public access
      • Enabling encryption
      • Reducing permissions
      • Applying vulnerability patches 2

  4. Track Resolution

    • Once all recommendations in an attack path are resolved, it may take up to 24 hours for the path to disappear from the dashboard 2.

  5. Use Cloud Security Explorer (Optional)

    • For advanced queries, use Cloud Security Explorer to search for sensitive data exposure scenarios using built-in templates 1.

This process supports the Zero Trust principle of "Assume Breach" by proactively identifying and closing potential attack paths before they can be exploited. Without this capability, organizations may overlook complex risk chains that expose sensitive data to unauthorized access.

Reference