• To more actively look for threats in their surroundings, Microsoft Defender Threat Intelligence gives enterprises direct access to real-time data from Microsoft’s security signals.
  • External Attack from Microsoft Defender Surface Management enables security teams to identify unknown and unmanaged resources that may serve as possible entry points for an attacker.

Microsoft today unveiled two new security products, Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management, that will give organisations a more thorough understanding of threat actor activity, assist them in securing their systems, and lower their overall attack surface.

Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft said: “Today, any device connected to the internet is susceptible to vulnerabilities. For organizations, the key to building resilience is understanding the gaps that can lead to these vulnerabilities. We recognize the importance of working together as a security community to help protect the planet from threats. These new threat intelligence offerings expand our growing security portfolio, offer deeper insights into threat actors and their behaviors, and help security teams accelerate identification and prioritization of risks.”

Damages have risen and the threat landscape has become more complex than ever. According to the 2021 IC3 report from the Federal Bureau of Investigation, the cost of cybercrime has risen to more than USD6.9 billion. In order to follow threat actors much more precisely and comprehend their behaviour over time, Microsoft continually collects signal and threat information throughout the digital estate to counter these threats. Microsoft now keeps track of more than 250 distinct nation-states, cybercriminals, and other threat actors, as well as 35 ransomware families. Additionally, every single day, its cloud processes and analyses more than 43 trillion security signals.

Microsoft has been able to provide clients unparalleled insight into threat actor activities, behaviour patterns, and targeting because to the enormous quantity of information it gathers from its platform and products and its acquisition of RiskIQ in 2021. Customers may map their digital environment and infrastructure to see their organisation from the perspective of an attacker, and this outside-in perspective offers even more insightful data that enables organisations to identify malicious behaviour and safeguard unmanaged resources.

Unmasking adversaries with Microsoft Defender Threat Intelligence

Every day, Microsoft Defender Threat Intelligence maps the internet, providing security teams the information they need to comprehend adversaries and their attack strategies. Customers now have access to a library of uncensored threat intelligence that lists enemies by name, correlates their tools, strategies, and processes, and displays live updates as new information is gleaned from Microsoft’s security signals and experts. This enables organisations to uncover the tactics used by attackers and threat groups, assisting security teams in discovering, eliminating, and blocking any tools that their adversaries may have buried within the organisation.

The security research teams that were once a part of RiskIQ have merged with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the security research teams for Microsoft 365 Defender to produce this depth of threat intelligence. Security operations centres are empowered by the volume, range, and depth of intelligence to comprehend the unique risks that their business faces and to harden its security posture in response. Additionally, this intelligence improves Microsoft Sentinel’s and the Microsoft Defender family of products’ detection abilities.

Fig 1: Microsoft Defender Threat Intelligence home screen featuring adversary articles for users to read

Many businesses have internet-facing assets that they may not be aware of or have forgotten about. These assets are frequently the result of shadow IT, mergers and acquisitions, insufficient cataloguing, business partners’ exposure, or rapid business growth. Organisations must consider their operations from the perspective of an attacker if they want to close security gaps and improve their security posture to help lower the risk of an attack.

Attack from Microsoft Defender external Every day, Surface Management scans the internet and its connections, compiling a detailed collection of an organisation’s environment that includes all internet-facing resources, including agentless and unmanaged ones. Continuous monitoring prioritises emerging vulnerabilities without the need for agents or credentials. Through the use of their security information and event management (SIEM) and extended detection and response tools, businesses are able to take the recommended precautions to reduce risk and safeguard the management of these unknown resources, endpoints, and assets.

Fig 2: Microsoft Defender External Attack Surface Management summary page featuring Attack Surface Summary and Attack Surface Priorities

Protecting businesses-critical information within SAP with Microsoft Sentinel

A new Microsoft Sentinel solution for SAP has also been unveiled by Microsoft, enabling security teams to track, identify, and react to SAP alerts like privilege escalation and suspicious downloads all from their cloud-native SIEM. This new, cutting-edge technology will enable organisations to develop personalised detections for the dangers they encounter in order to lower the likelihood of a catastrophic disruption, which is important given how business-specific hazards can be sophisticated and one-of-a-kind.

Visit Microsoft Security’s website to learn more about its latest threat intelligence offerings.

Leave a Reply

Your email address will not be published.