M
Mayunk_Jain
We are excited to share one of the latest security capabilities within the Better Together tab in Azure portal. It is now easier for Azure App Service customers to secure web apps by enabling Defender for App Service – part of Microsoft Defender for Cloud’s Cloud Native Application Platform (CNAPP) solution. The Better Together experience is designed to enhance your development journey by recommending and deploying the right services precisely when you need them, focusing especially on Azure App Service, Azure Container Apps (ACA), and Azure Kubernetes Service (AKS).
In this blog, we will discuss the importance of securing your web apps and explore the new enablement options.
Why secure my web apps in the first place?
Organizations of all sizes are moving their application development process to the cloud at a rapid pace, becoming more productive with the help of generative AI, and are therefore, developing and publishing apps at speed and scale. While this helps businesses grow and quickly get their applications in the hands of those that need it, it also creates a larger attack surface and more opportunity for bad actors to exploit their resources. In addition to the growing attack surface, users are downloading and inputting their information into apps every day – oftentimes, without thinking twice – thanks to the dramatic adoption of smart devices.
Cloud resources have their own identities, which developers use within specific cloud architectures, and without the right protections, these identities can be exploited by attackers. Securing web apps involves safeguarding both their front-end gateway and runtime through native and agentless detection methods. Compromised web apps can lead to data theft (e.g., storage, files, keys, databases), crypto mining, ransomware attacks, DDoS incidents, and significant disruptions to production availability. Securing these applications is essential to prevent unauthorized access that could result in serious consequences. By ensuring robust security, you can maintain user trust, safeguard business operations, and remain compliant with regulations.
Azure App Service and Defender for App Service are Better Together
Migrating and deploying on-premises applications to the cloud on Azure App Service provides you a level of built-in security safeguards out of the box. This includes platform maintenance, like staying compliant with ISO, SOC, and PCI standards, creating IP address restrictions, security patching, and more. Being a fully managed platform as a service (PaaS), Azure App Service automatically patches and maintains the OS and language frameworks for all supported software stacks be it .NET, .NET Core, Java, Node.js, PHP, or Python, including security patches. For a stronger security posture, you might need to manage, monitor, detect and respond to additional emerging threats in your environment.
To gain these continuous and enhanced security assessments and recommendations provided by Defender for App Service, we’ve introduced new ways to enable and find Defender for App Service in Defender for Cloud without ever having to navigate away from Azure App Service. Let's look at some examples:
- Enable in pre-create mode: When creating a new web app in App Service, you’ll now see the option to enable Defender for App Service in the Monitor + secure tab.
- Enable in post-mode: If you’ve already created your web apps, navigate to the new Better Together tab on the lefthand navigation menu. Here, you can select Defender for App Service.
- Get enablement recommendations in Copilot for Azure: Use Copilot for Azure to ask about recommended services that pair with Azure App Service. For example, you may ask “Which security tool should I use with Azure App Service?” and “What popular services are deployed with App Services like mine?”
By enabling Defender for App Service, you can gain peace of mind knowing that that your applications are being proactively monitored for security threats; while also providing the contextual information you need to investigate and respond to incidents. By incorporating security into your software development lifecycle, you can continue focus on what you do best, while automatically and seamlessly identifying potentially harmful attacks targeted at applications – – to get the full lifecycle protection you need and thwart bad actors across your environment.
Get started
The new Better Together capability in the Azure portal is an evolving capability designed to help admins more easily and quickly find guidance for building and deploying applications more efficiently and securely, helping boost productivity and performance. Your feedback is always welcome! With Better Together, we try to provide end-to-end guidance through three key pathways:
- Service Recommendations: Personalized suggestions for the most suitable services to optimize your application performance.
- Scenario Recommendations: Tailored advice based on specific use cases to ensure you achieve the best outcomes.
- Issue Diagnosis: Proactive identification and resolution of potential issues to maintain seamless operations.
New to Azure App Service? Learn more about the features and benefits and try Azure for free. To learn more about protecting your web applications with Defender for Cloud, visit our Defender for App Service product documentation and try it for free with your Azure subscription.
Continue reading...