Microsoft is helping organizations add to their security operations center’s threat hunting capabilities with Microsoft Defender Experts for Hunting, a new service featuring Microsoft security experts designed to go beyond the endpoint.
According to Microsoft, experts will hunt for suspicious activity across endpoints, Office 365, cloud app and identities, and hand off that contextual alert information and remediation instructions to the customers’ security professionals so they can quickly respond.
The company says the new service includes advanced threat hunting and analysis that helps expose advanced threats and identify the scope of impact of the malicious activity associated with human attackers or hand-on-keyboard attacks.
Notifications will show up as incidents in Microsoft 365 Defender to help improve incident response with specific information about the scope and method of entry.
For help on a specific threat, users can click an “Ask Defender Experts” button in the Microsoft 365 Defender portal to get expert advice about threats the organization is facing. Security professionals can also ask for help on specific incidents, nation-state actors or an attack vector.
Those experts will share their learnings back into the automated tools they used to help improve threat discovery and prioritization, and an interactive report that summarizes what was found will be generated.
In a blog, Microsoft bills the new offering as a way to help understaffed and under-skilled IT and security teams respond to a constant barrage of cybersecurity threats, with Microsoft saying it blocked more than 9.6 billion malware threats and more than 35.7 billion phishing and malicious emails in 2021. With attacks extending to identity, cloud apps and email, coupled with the cybersecurity skills crisis, organizations are having a hard time protecting all of their IT assets.
This is how the service works, according to Microsoft:
- Step 1: Microsoft Defender Experts monitor telemetry and look for malicious activity across the Microsoft 365 Defender platform associated with human adversaries or hands-on-keyboard attacks.
- Step 2: If a threat is found to be valid, analysts conduct a deep-dive investigation, harnessing machine learning and gathering threat details, including scope and method of entry, to help protect your organization’s endpoints, email, cloud apps, and identities.
- Step 3: Our AI system and human hunters prioritize threat signals. Defender expert notifications appear in Microsoft 365 Defender, alerting you to the threat and sharing threat details.