Microsoft / News/PR

Microsoft announces new tools for threat intelligence and attack surface management

Microsoft Threat intelligence

Any device connected to the internet is prone to vulnerabilities. Microsoft has announced two new security products – Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management, that will provide deeper context into threat actor activity and help organizations safeguard their infrastructure and reduce their overall attack surface. 

Microsoft Defender Threat Intelligence 

The Microsoft Defender Threat Intelligence enables security operations teams to track threat actor activity and patterns. This aids in uncovering attacker infrastructure and accelerating investigation and remedial actions with deeper context, insights, and analysis.  

“Customers can access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, and procedures (TTP), and can see active updates within the portal as new information is distilled from Microsoft’s security signals and experts. Defender Threat Intelligence lifts the veil on the attacker and threat family behavior and helps security teams find, remove, and block hidden adversary tools within their organization,” said Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft. 

Microsoft has designed the volume, scale, and depth of intelligence to empower security operations centers (SOCs) to know the specific threats faced by the organizations and accordingly strengthen their security posture. The detection capabilities of Microsoft Sentinel and the family of Microsoft Defender products are also enhanced by this intelligence. 

Defender intelligence

How Microsoft Defender Threat Intelligence works 

This allows organizations to proactively search for threats more widely in their environments, improve the performance of third-party security products, and empower custom threat intelligence processes and investigations. 

MS threat intelligence

Microsoft Defender External Attack Surface Management  

Microsoft Defender External Attack Surface Management enables the security teams to look at the business the way an attacker does, thereby empowering them to discover unknown and unmanaged resources visible and accessible from the internet that could be potential entry points for an attacker. 

“With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response (XDR) tools,” wrote Vasu Jakkal in his blog post. 

Attack surface

Microsoft also announced the new Microsoft Sentinel solution for systems, applications and products (SAP) which will enable security teams to monitor, detect, and respond to SAP alerts like privilege escalation and suspicious downloads from the cloud-native SIEM. Customers can utilize this solution to build custom detections for threats and reduce the risk of disastrous interruption. 

Image credits: Microsoft 

Read next: 84% of IT leaders optimistic about their cybersecurity readiness: Confluera Cloud Research 2022

Share This Post

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>