AZ Lamps #14 — Defender for Storage
Any internet user repeatedly downloads something to his computer or phone: photos, videos, documents, executables, etc. However, a malicious program can disguise itself in a file and turn your device into a crypto-mining farm. Of course, we bear the same risks designing a cloud system, so there are better strategies than closing your eyes and finger-crossing. However, we may solve the problem as we do at home — by installing antivirus software.
To protect an Azure Virtual Machine, the developers utilized Microsoft Defender by installing the appropriate extension. This solution gives solid protection against malware for VMs. However, it did not cover the Storage Account, often the primary file storage within cloud systems. A huge gap!
Microsoft released Defender for Storage last week. As the name prompts, the new solution addresses the gap (see image). In addition to scanning files for viruses, you get an Activity Monitoring feature — near real-time analysis of users’ actions that detect redundant permissions and suspicious activity.
Unfortunately, Microsoft Defender for Storage only supports Storage Accounts with public access (including VNet whitelisting). It seems it would be nice of Microsoft to offer something for more isolated ecosystems, but probably that’s not their target audience now. However, I plan to leverage the new solution where possible, especially in projects where security is in the foreground.
