Microsoft Introduces New Attack Surface Management and Intel Threat Tools
Microsoft announced two new features for its Defender security tools: Threat Intelligence and External Attack Surface Management.
With Microsoft Defender Threat Intelligence, security teams will have additional context, information and data to find attacker infrastructure and move to investigate and remediate faster, the company said in a statement. Security teams will have access to real-time data from Microsoft Defender and Microsoft Sentinel to proactively hunt for threats.
“Microsoft Defender Threat Intelligence maps the Internet every day, providing security teams with the information needed to understand adversaries and their attack techniques,” the company said in its announcement of the new security solutions. “Customers can access a library of raw threat intelligence detailing adversaries by name, correlating their Tools, Tactics, Procedures (TTPs), and can see active updates in the portal as new information is distilled from security signals and Microsoft experts.”
Microsoft’s Defender External Attack Surface Management helps defenders find previously invisible and unmanaged resources that can be seen and attacked from the Internet. The system scans the Internet daily to create a catalog of the environment and uncover unmanaged resources that could be potential entry points for an attacker.
“Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities,” the company explained in a post on the Microsoft Threat Intelligence Blog. “With a complete view of the organization, customers can take recommended actions to mitigate risk by putting these unknown resources, endpoints, and assets under secure management within their SIEM and XDR tools.”