Microsoft has announced two new security products – Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management to provide organizations with a deeper context into threat actor activity and help them lock down their infrastructure and reduce their overall attack surface.
News Updates is Brought to You by SATiiTV.COM
Today, any device connected to the internet is susceptible to vulnerabilities. For organizations, the key to building resilience is understanding the gaps that can lead to these vulnerabilities. We recognize the importance of working together as a security community to help protect the planet from threats. These new threat intelligence offerings expand our growing security portfolio, offer deeper insights into threat actors and their behaviors, and help security teams accelerate identification and prioritization of risks, Microsoft said.
Microsoft Defender Threat Intelligence maps the internet every day, providing security teams with the necessary information to understand adversaries and their attack techniques. Customers can now access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, and procedures, and can see active updates within the portal as new information is distilled from Microsoft’s security signals and experts. This allows organizations to lift the veil on attackers and threat family behavior, helping security teams find, remove and block hidden adversary tools within their organization.
This depth of threat intelligence is created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender security research teams. The volume, scale and depth of intelligence is designed to empower security operations centers to understand the specific threats their organization faces and to harden their security posture accordingly. This intelligence also enhances the detection capabilities of Microsoft Sentinel and the family of Microsoft Defender products.
Microsoft Defender External Attack Surface Management scans the internet and its connections every day, and this builds a complete catalogue of an organization’s environment, discovering internet-facing resources that includes even the agentless and unmanaged assets. Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities. This complete view of the organization allows businesses to take recommended steps to mitigate risk and bring these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response tools.
Microsoft has also announced a new Microsoft Sentinel Solution for SAP, which allows security teams to monitor, detect, and respond to SAP alerts, such as privilege escalation and suspicious downloads, all from its cloud-native SIEM. Given how business-specific risks can be unique and complicated, this new innovative solution will allow organizations to build custom detections for the threats they face to reduce the risk of catastrophic interruption.