Microsoft has announced two new key security products in the shape of Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management.
The new solutions have been designed to provide users with deeper context into threat actor activity, Microsoft said, which will help organizations lock down their infrastructure and reduce their overall attack surface.
The move marks the first time the Redmond giant has harnessed the technology from RiskIQ, the security software company it acquired for around $500 million last year.
“These new threat intelligence offerings expand our growing security portfolio, offer deeper insights into threat actors and their behaviors, and help security teams accelerate the identification and prioritization of risks,” commented Vasu Jakkal, Corporate Vice President of Security, Compliance, Identity, and Management at Microsoft.
With Microsoft Defender Threat Intelligence, users can uncover attacker infrastructure and accelerate remediation with deeper context, insights, and analysis.
Direct access to real-time data from Microsoft’s security signals means organizations can proactively look for threats more broadly in their environments, boost custom threat intelligence processes, as well as improve the performance of third-party security products, Microsoft said.
It’s designed to map the internet daily, building a library of raw threat intelligence that details threats by name, and records their tools, tactics, and procedures (TTPs), plus updates from Microsoft’s security signals and experts.
The capability has been created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research teams.
“Microsoft recognizes the importance of working together as a security community to help protect the digital world from threats,” Jakku continued. “As such, the existing free edition will continue to be available.”
The second solution – dubbed Microsoft Defender External Attack Surface Management – ultimately allows the user to see their business the way an attacker can. Security teams can uncover unknown and unmanaged resources that are visible and accessible from the internet, providing visibility of potential entry points for attackers.
The solution scans the internet and its connections daily, building a complete catalogue of a customer’s environment to identify internet-facing resources, and offers continuous monitoring that prioritizes new vulnerabilities.
“With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response (XDR) tools,” Jakkal added.
Microsoft also announced its Microsoft Sentinel solution for SAP, which it said will allow security teams to monitor, detect, and respond to SAP alerts from its cloud-native SIEM.
