跳到主要内容

Review & Remediate Security Risk Concerns via Cloud Security Explorer

Implementation Effort: Medium
Security and IT teams must build and run graph-based queries, analyze contextual risk data, and take remediation actions across cloud and hybrid workloads.

User Impact: Low
Security risk analysis and remediation are handled by administrators and security teams; end users are not directly involved.

Overview

The Cloud Security Explorer in Microsoft Defender for Servers enables security teams to proactively identify and remediate security risks by querying the cloud security graph. This graph includes contextual data such as misconfigurations, vulnerabilities, exposed secrets, and lateral movement paths across Azure, AWS, and GCP environments.

Key Capabilities

  • Run graph-based queries to detect:
    • Exposed secrets
    • Misconfigured resources
    • Vulnerable machines
    • Attack paths and lateral movement risks
  • Prioritize risks based on resource criticality, exposure, and blast radius
  • Drill into findings and take remediation actions directly from the interface 1 2 3

How to Use Cloud Security Explorer

  1. Sign in to the Azure portal.
  2. Navigate to Microsoft Defender for Cloud > Cloud Security Explorer.
  3. Build a query:
    • Select a resource type (e.g., Virtual Machines, Storage Accounts).
    • Choose a risk category (e.g., secrets, misconfigurations, vulnerabilities).
    • Apply filters such as environment, region, or exposure level 3.
  4. Review the query results:
    • Each result includes metadata such as resource name, severity, and attack path presence.
    • Click on a result to view detailed findings.

How to Remediate

  • From the query results, select a resource with a risk finding.
  • Click Remediate or follow the linked recommendation.
  • For secrets:
    • Navigate to Microsoft Defender for Cloud > Inventory > VM > Secrets tab.
    • Review and remove or rotate exposed secrets 1.
  • For misconfigurations or vulnerabilities:
    • Follow the remediation steps provided in the recommendation pane.

Additional Tools

  • Attack Path View: Visualize how a risk could be exploited to reach critical assets.
  • Security Exposure Management: Centralized dashboard for prioritizing and tracking remediation efforts.

Failing to use Cloud Security Explorer can result in missed opportunities to detect and mitigate high-risk exposures. This capability supports the "Assume Breach" and "Verify Explicitly" principles of Zero Trust by enabling proactive, data-driven risk management.

Reference