Microsoft Defender for Storage: Threat Detection & Protection for Your Data
Ensuring your environment is secure goes beyond just installing an anti-virus security product on your servers. You need to think about protecting your storage, your apps, containers, databases, identity and much more… And you need to pick the right product to protect those workloads.
In this article, we’ll explore how Defender for Storage works, its key features, pricing, and how to enable it within the Azure portal.
What is Microsoft Defender for Storage?
Microsoft Defender for Storage is a cloud-native security solution that is designed to protect Azure Storage accounts from various threats. It provides threat detection by analysing data access patterns, scanning for malware and leveraging Microsoft’s threat intelligence.
Defender for Storage supports Azure Blob Storage, Azure Files, Azure Data Lake Storage and Azure Queues and Tables.
Defender for Storage integrates with Microsoft Defender for Cloud, ensuring you receive security alerts and recommendations to enhance your cloud security posture.
How Defender for Storage works
Defender for Storage provides multiple layers of protection. One of the layers is malware scanning. It scans any files uploaded to Azure Blob storage for known threats and also uses Microsoft’s threat intelligence database to detect and prevent malware distribution.
Another layer of protection is anomaly detection. Defender for Storage will identify any unusual access patterns that might indicate an insider threat or a cyberattack. It will look for anomalies such as massive file downloads, data exfiltration or repeated failed access attempts.
The other area of protection Defender for Storage offers is threat intelligence integration, where it leverages Microsoft’s global security insights to detect threats. An example would be if a known malicious IP tries to interact with a storage account.
The generated alerts or recommendations are displayed within Microsoft Defender for Cloud and can be integrated into Microsoft Sentinel for automated security responses if necessary.
Defender for Storage pricing
Defender for Storage can be enabled at the resource level or at the subscription level and you do have the ability to exclude specific storage accounts from being included if you wish.
Defender for Storage is charged per storage account per month. Currently, the price is $10 per storage account per month (US Dollars).
It’s worth noting that malware scanning is an add-on and is charged at $0.15/GB of data scanned. But you can configure a monthly cap so that costs are predictable.
Enable Defender for Storage with the Azure portal
You can enable Defender for Storage at the subscription level or at an individual storage account level. It is recommended you enable it at the subscription level to ensure full coverage within your environment.
To enable it at the subscription level follow these steps:
- Sign in to the Azure portal.
- Navigate to Microsoft Defender for Cloud management blade.
- Expand Management then select Environment settings.
- Select the subscription for which you want to enable Defender for Storage.
- Select the three dots on the right and then choose the Edit settings option.
- On the Defender plans page, locate Storage in the list and select On and Save.
Defender for Storage is now enabled across your subscription, including the malware protection. You can turn this off by going back into settings and turning it off.
Any storage accounts that are created after enabling Defender for Storage will be protected up to 24 hours after creation.
Conclusion
Securing your environment requires a well-thought-out strategy and goes beyond traditional anti-virus solutions. Microsoft Defender for Storage provides a cloud-native solution to detect threats, prevent malware, and leverage Microsoft’s threat intelligence to keep your Azure Storage accounts secure.
In today’s landscape, choosing the right security tools is essential, and Defender for Storage is a powerful addition to your overall security strategy.