Microsoft has announced two new security products in the Microsoft Defender family designed to provide IT and security professionals with deeper context into threat actor activity and help organizations better secure their infrastructure and reduce their attack surface.
With Microsoft Defender Threat Intelligence, security operations teams can uncover attacker infrastructure and accelerate their investigations and remediation with added context, insight and analysis. While the Defender family and Microsoft Sentinel already have built-in real-time detections, the new offering provides direct access to real-time data from Microsoft’s security signals, allowing organizations to proactively hunt for threats more broadly and improve the performance of third-party security products.
Customers can access a library of raw threat intelligence that details threat actors, including their tools, tactics and procedures (TTPs) along with active updates within the portal as new information comes from Microsoft’s experts and security signals. This is designed to help defenders find, remove and block adversary tools within their organization, Microsoft says.
This intelligence will also enhance the detection capabilities of Microsoft Sentinel and other Defender products.
Meanwhile, the company says Microsoft Defender External Attack Surface Management allows security teams to see their organization the way an attacker does, helping them to discover unsecure resources visible to attackers.
This can help organizations better secure internet-facing assets they may not be aware of, such as those created by shadow IT, mergers, acquisitions, incomplete cataloging, exposure by partners or rapid growth, according to Microsoft.
Customers can use the tool to take recommended steps to mitigate risk by bringing those assets under secure management within their SIEM and XDR tools, the company says.
The two new security products come about a year after the Redmond, Wash.-based tech giant acquired RiskIQ, a global threat intelligence and attack surface management platform.
In a blog, Corporate Vice President of Security, Compliance, Identity and Management Vasu Jakkal says that acquisition has allowed Microsoft to provide customers with unique visibility into threat actor activity, behavior patterns and targeting.
“They can also map their digital environment and infrastructure to view their organization as an attacker would,” Jakkal writes. “That outside-in view delivers even deeper insights to help organizations predict malicious activity and secure unmanaged resources.”
Microsoft simultaneously announced the new Microsoft Sentinel solution for SAP that enables security teams to monitor, detect and respond to SAP alerts such as privilege escalation and suspicious downloads from the cloud-native SIEM.