Microsoft Defender for Cloud Natively Integrates with Endor Labs
Endor Labs address critical gaps in software supply chain security, vulnerability prioritization, and emerging threats like AI-driven development.
As a Security Operations Center Analyst, your primary responsibility is to safeguard your organization’s applications and data by investigating and responding to threats.
However, increasingly complex cloud native applications have expanded attack surfaces, especially when cloud workloads span across multicloud and hybrid environments.
You need a Cloud Native Application Protection Platform that integrates with a unified security operations platform to help you detect and respond to threats, and this is where Microsoft Defender for Cloud and Microsoft Defender XDR come in.
Defender for Cloud
Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) that is made up of security measures and practices that are designed to protect cloud-based applications from various cyber threats and vulnerabilities. Defender for Cloud combines the capabilities of:
- A development security operations (DevSecOps) solution that unifies security management at the code level across multicloud and multiple-pipeline environments.
- A cloud security posture management (CSPM) solution that surfaces actions that you can take to prevent breaches.
- A cloud workload protection platform (CWPP) with specific protections for servers, containers, storage, databases, and other workloads.
Partner Solutions: Endor Labs
Endor Labs enhances Microsoft’s cybersecurity product range, particularly Microsoft Defender for Cloud, by integrating advanced Software Composition Analysis (SCA) capabilities that focus on software supply chain security. This collaboration strengthens Microsoft’s Cloud-Native Application Protection Platform (CNAPP) by providing deeper visibility and prioritization of vulnerabilities across the software development lifecycle, from code to runtime.
Endor Labs provides a Software-as-a-Service (SaaS) solution that integrates natively with Microsoft Defender for Cloud, enabling function-level reachability analysis directly within the Defender console.
The integration supports hybrid and multi-cloud environments, allowing visibility into vulnerabilities across Azure, AWS, Google Cloud Platform, and Docker Hub. It also supports Kubernetes clusters and container registries, ensuring comprehensive coverage.
The integration consolidates application and cloud security into a single platform, streamlining operations. Security teams can correlate SCA findings with runtime alerts to trace vulnerabilities to potential exploit paths in cloud environments, all from a unified dashboard.
End to End Capability
While Microsoft provides a robust and comprehensive cybersecurity ecosystem, partner solutions can deliver specialized functionality, deeper insights, and tailored capabilities that address complex or niche challenges in the evolving threat landscape.
Microsoft Defender for Cloud and tools like Azure DevOps provide strong cloud security, vulnerability management, and DevSecOps features. However, they lack deep, function-level analysis of software supply chain risks, particularly for open-source software (OSS) dependencies.
Customers need a holistic view of their attack surface to prevent exploits that span development and runtime. For example, a reachable OSS vulnerability in a container running on Azure Kubernetes Service (AKS) could be missed without this integrated perspective, which Microsoft’s tools alone don’t fully provide.
AI Development Security
Furthermore Microsoft is investing in AI-driven security (e.g., GitHub Copilot, Defender for Cloud’s AI workload protection), but its tools may not yet fully address risks in AI models or modern development platforms like HuggingFace.
Endor Labs can be implemented in Azure Pipelines for build-time vulnerability scanning, with results sent to Advanced Security for developer visibility. This enhances Microsoft’s DevSecOps offerings, and features like AI Security Code Review and the MCP Plugin for Cursor scan code in real-time, flagging risks during development, which complements Microsoft’s AI-powered security initiatives.
By integrating natively with Defender for Cloud, Endor Labs consolidates SCA and CNAPP functionalities into a single platform, reducing the need for separate tools. Its streamlined deployment (e.g., via Azure Marketplace) simplifies adoption. The integration also supports Microsoft’s Active Directory and Entra ID systems indirectly by securing applications that interact with these identity systems, aligning with Microsoft’s identity security goals.
