Microsoft Defender Threat Intelligence

Based on its acquisition of RiskIQ just over a year ago, Microsoft today announced two new security services that will offer deeper context into threat actor activity and help organizations protect their infrastructure and reduce the overall attack surface.

Microsoft Defender Threat Intelligence will provide organizations an unparalleled view of the threat landscape. It maps the entire internet to expose threat actors and their infrastructure. They can get the cyberthreat intelligence including adversaries by name, correlating their tools, tactics, and procedures (TTPs) needed to block an entire attack and keep their organization safe from complex threats like ransomware.

Microsoft Defender Threat Intelligence features:

  • Get continuous threat intelligence: Scan the internet to create a complete picture of day-to-day changes. Create threat intelligence for your own business to understand and reduce exposure.
  • Expose adversaries and their methods: Understand the group behind an online attack, their methods, and how they typically operate.
  • Enhance alert investigations: Combine Microsoft Sentinel and Microsoft 365 Defender incident data with external threat intelligence to uncover the full scale of a threat or attack.
  • Accelerate incident response: Investigate and remove a single malicious IP or domain and all the known entities and resources operated by an attacker or threat family.
  • Hunt threats as a team: Easily collaborate on investigations across global teams using the Defender Threat Intelligence workbench. Share insights across the organization.
  • Expand prevention and improve security posture: Export lists of malicious entities, IPs, and domains. Block internal resources from accessing dangerous internet resources and help stop outside threats.

 This intelligence also enhances the detection capabilities of Microsoft Sentinel and the family of Microsoft Defender products.

Microsoft Defender External Attack Surface Management helps cloud security teams find unknown and unmanaged resources outside the firewall. It builds a catalog of a customer’s environment, discovering internet-facing resources including agentless and unmanaged assets. With a complete view of the assets in an organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response (XDR) tools.

Microsoft Defender External Attack Surface Management features:

  • Real-time inventory: Use dynamic, always-on inventory monitoring to find, analyze, and categorize external-facing resources as they appear.
  • Attack surface visibility: Discover external assets across multiple cloud environments, including unknown resources like shadow IT.
  • Exposure detection and prioritization: Uncover vulnerabilities throughout every layer of your external attack surface, including frameworks, web pages, components, and code.
  • More secure management for every resource: Help protect newly discovered resources in the Microsoft Defender for Cloud portal.