Review & Remediate Security Risk Concerns via Cloud Security Explorer
Implementation Effort: Medium — Requires enabling Defender CSPM, using Cloud Security Explorer to run queries, and coordinating remediation actions across teams.
User Impact: Low — This is a backend security operation; users are not directly involved.
Overview
Cloud Security Explorer in Microsoft Defender for Cloud enables security teams to proactively identify and remediate security risks related to storage resources, including those with sensitive data. It provides a graph-based query interface that allows you to explore relationships between cloud assets, configurations, and exposures.
Key Capabilities
- Graph-based querying: Explore your cloud environment using Defender for Cloud’s context-aware security graph.
- Predefined query templates: Quickly identify common risks such as:
- Internet-exposed storage containers with sensitive data
- Publicly accessible AWS S3 buckets with sensitive data
- Custom queries: Build tailored queries to match your organization’s specific risk scenarios and compliance needs 1 2.
How to Use Cloud Security Explorer
- Open Microsoft Defender for Cloud in the Azure portal.
- Navigate to Cloud Security Explorer.
- Choose a predefined query template (e.g., “Internet exposed storage containers with sensitive data”).
- Review the query results, which include affected resources and their exposure context.
- Modify the query if needed to refine the scope or focus on specific environments (e.g., Azure, AWS, GCP).
Remediation Steps
- For each identified risk, click on the resource to view detailed insights and recommendations.
- Apply remediations such as:
- Disabling public access to storage containers
- Enabling private endpoints or firewall rules
- Enforcing secure transfer (HTTPS)
- Enabling malware scanning or sensitive data discovery
- Track remediation progress using the Recommendations and Attack Path Analysis views 1.
Failing to review and remediate these risks can lead to data exposure, compliance violations, and increased attack surface.
This activity supports the Zero Trust principle of "Assume Breach" by continuously analyzing and mitigating risks using contextual insights from your cloud environment.