Highlights:

  • The new Defender External Attack Surface Management allows security teams to discover unknown and unmanaged resources that are visible and accessible from the internet.
  • Microsoft recently unveiled Microsoft Defender Threat Intelligence, a second security tool that will give security operations (SecOps) teams the threat intelligence they need.

Microsoft has unveiled a new security tool that enables security teams to identify Internet-exposed resources in their organization’s environment that hackers could use to access their networks.

The emphasis is on unmanaged or unidentified assets that have been introduced to the environment due to mergers or acquisitions, formed by shadow IT, missing from inventories due to inadequate cataloguing, or overlooked due to quick business expansion.

This new solution, named Microsoft Defender External Attack Surface Management, gives clients a snapshot of the attack surface of their companies, making it easier to identify vulnerabilities and stop potential attack routes.

This program will create a catalogue of the organization’s full environment, including unmanaged and agentless devices, by continuously scanning internet connections.

“The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the internet – essentially, the same view an attacker has when selecting a target,” Microsoft Corporate VP for Security Vasu Jakkal said.

“Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker.”

Thanks to Microsoft Defender External Attack Surface Management, which continuously tracks connections and scans for unprotected devices exposed to internet attacks, security teams can see their environment through the eyes of an attacker and find exploitable flaws before attackers do,

“Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities,” Jakkal explained. “With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their SIEM and XDR tools.”

Additionally, Microsoft recently unveiled Microsoft Defender Threat Intelligence, a second security tool that will give security operations (SecOps) teams the threat intelligence they need to find attacker infrastructure and accelerate attack investigations and remediation efforts.

It will enable the SecOps team to actively search for vulnerabilities in their settings using real-time data from Microsoft’s enormous library of 43 trillion daily security signals. The information is delivered as a library of unprocessed threat intelligence, including information on the opponents’ names and correlations of their tools, tactics, and procedures (TTPs).

Microsoft claims that all this additional knowledge about threat actors’ TTPs and their infrastructure will help security teams find, remove, and block hidden adversary tools within the environment.

“This depth of threat intelligence is created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender security research teams,” Jakkal added.

“The volume, scale and depth of intelligence are designed to empower Security Operations Centers to understand the specific threats their organization faces and to harden their security posture accordingly.”

Assessing the market for threat intelligence

The revelation comes at a time when the market for threat intelligence is expected to grow from USD 11.6 billion in 2021 to a total of USD 15.8 billion by 2026.

IBM, one of Microsoft’s primary rivals in the market, offers X-Force Exchange, a platform for exchanging threat data where security experts may search for threats, upload files for scanning, and access threat intelligence provided by other users. IBM just reported a USD 16.7 billion increase in revenue.

Another rival is Anomali, which offers ThreatStream, a threat intelligence management platform driven by AI intended to automatically gather and evaluate information from hundreds of threat sources. The most recent USD 40 million in funding for Anomali was received as part of a series D funding round in 2018.

The WildFire product line from Palo Alto Networks, the ZeroFOX platform, and Mandiant Advantage Threat Intelligence is further market rivals.

The introduction of a new threat intelligence service could aid security teams in fending off the greatest dangers to the provider’s product ecosystem, given the extensive usage of Microsoft devices among business users.