Microsoft last Wednesday added threat intelligence and external attack surface management capabilities to its suite of Defender Security software.
Besides gaining unique visibility into threat actor activity, behaviour patterns, and targeting, the new security products allow companies to view their organisation as an attacker would. And this outside-in view delivers even deeper insights to help organisations predict malicious activity and secure unmanaged resources.
“These new threat intelligence offerings expand our growing security portfolio and help security teams accelerate identification and prioritisation of risks,” said Vasu Jakkal, corporate vice president for security, compliance, identity, and management at Microsoft.
The new offerings comes from technologies that Microsoft obtained from acquiring security firm RiskIQ last year for US$500 million.
Microsoft Defender Threat Intelligence maps the internet every day, providing security teams with the necessary information to understand adversaries and their attack techniques.
“Customers can now access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, and procedures, and can see active updates within the portal as new information is distilled from Microsoft’s security signals and experts,” said Microsoft in a statement
This allows companies to lift the veil on attackers and threat family behaviour, helping security teams find, remove, and block hidden adversary tools within their organisation.
This depth of threat intelligence is created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender security research teams.
The volume, scale and depth of intelligence is designed to empower security operations centers to understand the specific threats their organisation faces and to harden their security posture accordingly.
On the other hand, Microsoft Defender External Attack Surface Management scans the internet and its connections every day. This builds a complete catalogue of an organisation’s environment, discovering internet-facing resources that includes even the agentless and unmanaged assets. Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities.
“This complete view of the organisation allows businesses to take recommended steps to mitigate risk and bring these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response tools,” said Microsoft