Analysis on the Serverless Security with Microsoft Defender for Cloud

Microsoft Defender for Cloud (MDC) is a security service that helps keep public cloud workloads safe. It provides security and visibility for workloads in different cloud environments and now its expanding its capability for serverless workloads including Azure Web Apps, Azure Functions, and AWS Lambda. In this blog, let me walkthrough the features of servers less protection with MDC.

Serverless protection in Defender for Cloud automatically finds and lists all Web Apps, Azure Functions, and AWS Lambda functions in the cloud environment. Once it identifies these, it checks for misconfigurations, vulnerabilities, and insecure dependencies. It then gives you guidance on how to fix these issues and continually assesses your security to reduce risks in your serverless applications.

The Serverless protection in MDC currenlty available with Azure and AWS cloud environments.

Serverless protection is included in the Defender Cloud Security Posture Management (Defender CSPM) plan. To activate serverless protection, you need to first enable the Defender CSPM plan on your subscription, and then specifically turn on the Serverless protection component within that plan.

To enable the Serverless Protection in Defender CSPM plan:

  • Login to Azure portal and select Microsoft Defender for Cloud.
  • Select your Azure Subscription and click edit settings.
  • On the Defender plans page, select Settings & Monitoring
  • Select On for Serverless Protection component to enable it.
  • Click Save.

It’s important to note that the features available may differ depending on the portal being used. The following table provides a breakdown of which features are accessible in each portal.

Serverless protection in Defender for Cloud uses automated discovery, continuous monitoring, and risk assessment. When you turn on the Defender CSPM plan and activate serverless protection, Defender for Cloud scans your cloud environment to find all serverless resources, such as Azure Web Apps, Azure Functions, and AWS Lambda functions.

Once Defender for Cloud discovers these resources, it monitors their settings and runtime environments. It checks these resources against security best practices and compliance standards to find misconfigurations, vulnerabilities, and insecure dependencies. If it finds a risk, Defender for Cloud provides security recommendations with clear steps to help you fix the problems.

Defender for Cloud offers a unified inventory of serverless resources, showing details like names, types, locations, and security findings. You can filter results by resource type, such as Web Apps or AWS Lambda functions. After filtering, select a resource to check its security posture and view active security recommendations by severity. Use the Cloud Security Explorer for advanced filtering and custom queries to identify misconfigurations or vulnerabilities in your serverless workloads.

In this section let see how to remediate security recommendations in Defender for Cloud for a Serverless resources. In my test environment, I have an Azure container apps resources and my subscription has enabled with Serverless protection features in MDC.

  • Go to Microsoft Defender for Cloud > Recommendations.
  • Filter the resource type or locate the resource by name and click on it.
  • In the next screen, you will see the active recommendations to remediate for the selected resource.

The below screenshot provides the security related information for a Azure container apps (Serverless Resources) in the Defender for Cloud portal on my test subscription.

  • Locate the Remediate section and follow the remediation instructions.
  • We can see two security recommendations for a resources. Lets click on the first low risk and see the details of it. The below picture provides the recommended actions with a step by step guide.

After remediation finishes, it can take several minutes for the changes to update in the Defender page.

In conclusion, leveraging Microsoft Defender for Cloud in a serverless environment significantly enhances organisations’ security posture. By providing robust threat protection, continuous monitoring, and advanced analytics, it enables teams to focus on developing and deploying applications with confidence, knowing that their serverless architecture is safeguarded against potential threats.

As serverless computing continues to evolve, prioritising security through tools such as Microsoft Defender for Cloud will be essential to maintaining compliance, protecting sensitive data, and ensuring operational resilience.