Microsoft has announced that the malware scanning capability will become generally available on September 1. The new agentless SaaS solution will be available as an add-on for Microsoft Defender for Storage customers and will cost $0.15 (USD)/GB of data scanned.
Microsoft Defender for Storage is a security solution that identifies unusual attempts to access or exploit storage accounts. The service uses AI-powered security capabilities to offer contextual security alerts and recommendations to investigate and remediate threats.
Previously, Microsoft Defender for storage offered protection against data corruption, sensitive data exfiltration, and malicious file uploads. The malware scanning feature, which is currently in preview, lets customers configure their apps to only read non-malicious files. Once detected, it automatically moves or deletes infected files from the system.
“Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It scans all file types and allows you to detect and prevent malware distribution events,” Microsoft explained.
Use-cases for Malware Scanning in Microsoft Defender for Storage
Microsoft detailed several benefits of the malware scanning capability for Defender for Storage customers. It helps to protect storage accounts from malicious content uploaded from untrusted sources (such as CDN and content hub). The security feature also lets organizations adhere to compliance standards (like NIST, SWIFT, and GDPR) that require on-upload malware scanning for non-compute sources.
Additionally, the malware scanning feature makes it easier for customers to ensure the integrity of data pipelines. It also blocks threats coming from third-party data, ML training data, and collaborative platforms.
Microsoft notes that IT admins can use built-in Azure Policy to deploy Malware Scanning protection in their organizations. They can also select various other methods, including Azure portal, REST API, as well as ARM or Bicep templates.