Microsoft has unveiled a new security tool that enables security teams to identify resources in their organization’s environment that are accessible to the Internet and might be used by hackers to access their networks.
The emphasis is on unmanaged or unidentified assets that have been introduced to the environment as a result of mergers or acquisitions, formed by shadow IT, absent from inventories owing to inadequate cataloguing, or overlooked as a result of quick corporate expansion.
This new solution, known as Microsoft Defender External Attack Surface Management, gives clients a snapshot of the attack surface of their companies, making it easier to identify vulnerabilities and stop possible attack routes.
This programme will compile a database of the organization’s full environment, including unmanaged and agentless devices, by continually scanning Internet connections.
The new Defender External Attack Surface Management, according to Microsoft Corporate VP for Security Vasu Jakkal, “allows security teams to find unknown and unmanaged resources that are visible and accessible from the internet – effectively, the same perspective an attacker gets when choosing a target.”
Customers may find unmanaged resources that can serve as possible entry points for attackers with the use of “Defender External Attack Surface Management.”
Security teams can view their environment through the eyes of an attacker and find exploitable flaws before they do thanks to Microsoft Defender External Attack Surface Management, which continually tracks connections and scans for unprotected devices susceptible to Internet assaults.
Continuous monitoring prioritises emerging vulnerabilities without the need for agents or credentials, according to Jakkal.
Customers may follow the advice for risk mitigation by bringing these unidentified resources, endpoints, and assets under secure control inside their SIEM and XDR technologies once they have a comprehensive picture of the business.
Additionally, Microsoft today unveiled Microsoft Defender Threat Information, a second security tool that will give security operations (SecOps) teams the threat intelligence they need to find attacker infrastructure and accelerate attack investigations and remediation efforts.
Additionally, it will enable the SecOps team to actively hunt for vulnerabilities in their settings utilising real-time data from Microsoft’s massive collection of 43 trillion daily security signals.
The information is delivered as a library of unprocessed threat intelligence, which includes information on the identities of the opponents and correlations of their tools, strategies, and processes (TTPs).
Microsoft claims that all of this additional knowledge about threat actors’ TTPs and infrastructure will aid security teams in their customers’ organisations in finding, removing, and blocking hidden adversary tools.
The Microsoft Threat Intelligence Center (MSTIC), the Microsoft 365 Defender security research teams, and the nation-state tracking team of Microsoft combined to provide this level of threat intelligence, according to Jakkal.
The volume, scope, and depth of intelligence are intended to enable Security Operations Centers to comprehend the unique dangers that their business confronts and to harden their security posture in accordance with that understanding.