Microsoft boosts risk intelligence with new Defender packages
Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender Threat Intelligence.
Drawing from final 12 months’s acquisition of RiskIQ, Microsoft is including two new threat-intelligence purposes to its Defender product household, and individually providing new detection and response capabilities for SAP ERP methods to its Sentinel SIEM (safety info and occasion administration) product.
Combining intelligence from the safety analysis staff at RiskIQ with current in-house safety findings, Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of uncooked adversary knowledge. Microsoft says it’s providing the library free of charge, accessible instantly by all customers, or from inside its current Defender household of safety merchandise, based on a weblog publish from Vasu Jakkal, a Microsoft vp for safety, compliance, identification, and administration.
Microsoft has additionally launched Microsoft Defender External Attack Surface Management, designed to scan customers’ computing environments and connections to offer safety groups with the identical view an attacker has of their group whereas deciding on a goal.
Threat library affords real-time adversary intelligence
According to Jakkal, Microsoft will mix its in-house safety knowledge—gathered from a monitoring community of 35 ransomware households, 250+ distinctive nation-states, cybercriminals, and risk actors—with the intelligence acquired by RiskIQ, for real-time updating of the brand new Defender Threat Intelligence (DFI) library.
The library will present uncooked risk intelligence detailing adversaries by identify— correlating their instruments, ways, and procedures (TTPs)—and can present updates when new info is distilled from a number of sources together with Microsoft’s nation-state monitoring staff, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender safety analysis groups.
DFI is geared toward serving to safety operations facilities (SOCs) perceive the precise threats their organizations face and harden their safety posture accordingly, added Jakkal.
The DFI intelligence can be anticipated to reinforce the detection capabilities of Microsoft Sentinel and the whole household of Microsoft Defender merchandise. More sources of data for DFI are anticipated to be added later this 12 months, Jakkal mentioned.
Defender EASM supplies “attacker view” of belongings
Designed to offer safety groups with the power to find unknown and unmanaged assets which might be seen and accessible from the web, Defender External Attack Surface Management (EASM) will basically scan the web and related belongings to catalog a buyer’s atmosphere and its internet-facing assets.
Identified assets—together with endpoints, agentless and unmanaged belongings—can then be introduced beneath safe administration with SIEM and prolonged detection and response (XDR) instruments.
“With the same view an attacker has, Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker,” Jakkal mentioned within the weblog publish. The firm didn’t instantly element pricing for the product.
Sentinel will get new SAP monitoring options
Meanwhile, Microsoft Sentinel, the corporate’s cloud-native SIEM and SOAR (safety orchestration, automation, and response) utility, will provide assist for SAP alerts. SAP ERP purposes, which may be run from each on-premises and cloud infrastructure, are complicated and should have dangers akin to privilege escalation and suspicious downloads. These may be monitored, detected, and responded to by new options being added to Microsoft Sentinel, the corporate mentioned.
The Microsoft Sentinel monitoring capabilities for SAP can be usually obtainable with a six-month free promotion beginning this month, and billing will begin on February 1, 2023, as an add-on cost to the prevailing Microsoft Sentinel consumption-billing mannequin, Microsoft mentioned.
Next learn this
- The 10 strongest cybersecurity firms
- 7 sizzling cybersecurity developments (and a couple of going chilly)
- The Apache Log4j vulnerabilities: A timeline
- Using the NIST Cybersecurity Framework to deal with organizational threat
- 11 penetration testing instruments the professionals use