With an ever-evolving cybersecurity landscape and continually emerging cyber threats, it’s vital to stay steps ahead. Microsoft has announced the introduction of two new security products to bolster their existing suite, addressing threat intelligence and external attack surface management.
Here, we’ll cover everything you need to know about Microsoft’s new security tools – Defender Threat Intelligence and Defender External Attack Surface Management.
What is Microsoft Defender Threat Intelligence (TI)
Microsoft Defender Threat Intelligence (Defender TI) brings together several functions of a SOC engineer’s threat intelligence and analysis workflow into one portal. This new portal assists a SOC analyst with studying the latest threat intelligence, threat analysis, CVE-ID, and incident response.
Microsoft’s core concept for this platform is Infrastructure chaining, this concept uses the relationships between highly connected datasets to help the SOC team build out a richer and more in-depth investigation into threats, both from alerts SOC analysts have seen in products such as Sentinel or through active threat hunting. This allows them to understand the bigger, so they can respond and keep your environment safe.
The portal is not a solo journey, it allows members of your Security team to gain insights from other Security teams’ actions to detect and prevent threats, so security experts around the world can collaborate to block out threat actors.
What is Microsoft Defender External Attack Surface Management (EASM)
Microsoft Defender External Attack Surface Management (Defender EASM) is located in Azure and provides a SOC team with an understanding of the business’s external attack surface. Unlike the attack surface of an endpoint or firewall, the external attack surface includes data like registered domains, hosted web pages, SSL certificates, and hostnames.
Microsoft Defender EASM works by discovering observed connections on the internet using discovery seeds. Seeds are defined as legitimate assets, they discover and inventory any infrastructure that could belong to the environment or has a relationship with a legitimate asset. This means your SOC team are aware of the full extent of your external attack surface, not only what is within the firewall environment. The process is recursive over time it’ll pick up any new assets, and inventory them ready for the SOC team to assess.
Defender EASM not only inventories the external attack surface, it also provides vulnerability, compliance, and security posture dashboards to help your security team prioritise and protect your assets that would’ve otherwise been vulnerable to attack.
What’s next?
We’ll help you understand more about these new products and how they can support your security posture. Plus, our experts will work with you to detect and close any vulnerabilities in your environment with our industry-leading Threat and Vulnerability Assessment.
As the threat landscape continues to change minute by minute, we’re dedicated to keeping your environment secure and making your security posture stronger every day. Get in touch today.
