Microsoft wants to solve one of the biggest cybersecurity problems for today’s businesses – vulnerable endpoints (opens in new tab) flying under the security radar.
The company announced Microsoft Defender External Attack Surface Management, which strives to give IT teams a better view of their organization’s attack surface, including Internet-exposed resources that could be leveraged in an attack.
Assuming that IT teams are capable enough to manage their own infrastructure, Microsoft emphasizes devices that enter the network after a merger or acquisition, devices become vulnerable through the use of shadow computing, problems with cataloging the entire stack technology, and so on.
Find unmanaged resources
The tool works by scanning Internet connections and cataloging the company’s technology environment.
“The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the Internet – essentially, the same view an attacker has when choosing a target,” said Microsoft VP Corporate for Security, Vasu Jakkal. , says the announcement’s blog post (opens in new tab).
“Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker.”
By closely monitoring connections and monitoring potentially unguarded endpoints, the tool helps IT teams see their assets through the eyes of a potential attacker.
“Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities,” added Jakkal. “With a comprehensive view of the organization, customers can take recommended actions to mitigate risk by putting these unknown resources, endpoints and assets under secure management in SIEM and XDR tools.”
In addition to Microsoft Defender external attack management, the company also announced Microsoft Defender Threat Intelligence, a support tool for SecOps teams.
The tool is designed to help SecOps identify the threat actor’s infrastructure, thereby accelerating analysis and countermeasures. Through Microsoft Defender Threat Intelligence, SecOps will gain access to real-time data from Microsoft’s 43 trillion daily security signals, the company concluded.
Signals are raw threat intelligence information, which includes threat actor names, tools, and tactics.
