Microsoft announces Defender Threat Intelligence, management of the external attack surface

Microsoft announced two new security products in the Microsoft Defender family designed to provide IT and security professionals with deeper context of threat actor activity and help organizations better secure their infrastructure and reduce their attack surface.

With Microsoft Defender Threat Intelligence, security operations teams can discover attacker infrastructure and accelerate their investigations and remediation with additional context, insights, and analytics. While the Defender family and Microsoft Sentinel already have built-in real-time detections, the new offering provides direct access to Microsoft’s real-time security signals data, allowing organizations to proactively hunt for threats more broadly and improve the performance of third parties. security products.

Customers can access a library of raw threat intelligence that details threat actors, including their Tools, Tactics, and Procedures (TTPs) as well as active updates in the portal as new information comes from the Microsoft experts and security signals. This is designed to help defenders find, remove, and block adversary tools within their organization, Microsoft explains.

This intelligence will also improve the detection capabilities of Microsoft Sentinel and other Defender products.

Meanwhile, the company says Managing the Microsoft Defender External Attack Surface allows security teams to see their organization as an attacker, helping them discover insecure resources visible to attackers.

According to Microsoft, this can help organizations better secure Internet-accessible resources they may not be aware of, such as those created by shadow computing, mergers, acquisitions, incomplete cataloging, exposure partners or rapid growth.

Customers can use the tool to take recommended actions to mitigate risk by putting these assets under secure management in their SIEM and XDR tools, the company says.

The two new security products come about a year after the Redmond, Washington-based tech giant acquired RiskIQ, a global threat intelligence and attack surface management platform.

In a BlogVice President of Security, Compliance, Identity, and Management Vasu Jakkal says the acquisition has enabled Microsoft to provide customers with unique visibility into user activity, behaviors, and targeting. threatening actors.

“They can also map their digital environment and infrastructure to see their organization as an attacker would,” Jakkal writes. “This outside-in view provides even deeper insights to help organizations predict malicious activity and secure unmanaged assets.”

Microsoft simultaneously announced the new Microsoft Sentinel solution for SAP which enables security teams to monitor, detect and respond to SAP alerts such as elevation of privileges and suspicious downloads from cloud-native SIEM.

Shirlene J. Manley