Microsoft has launched two new Defender tools in response to the growing attack surface with increasingly advanced threat actors.
Microsoft Defender threat intelligence (TI) and external attack surface management (EASM) services, are designed to track threat actors’ activities and patterns and offer an outside-in view of the user’s attack surface, Vasu Jakkal Corporate Vice President, Security, Compliance, Identity, and Management, said in its official security blog.
The offerings, which can be used to protect on-premises and cloud infrastructures, were built with RiskIQ technology, a security intelligence vendor Microsoft acquired in July last year.
With that technology, the new tools aim to assist companies with common mistakes such as unknown exposed ports, which are often used as an initial attack vector, he said.
Defender TI utilises threat intelligence on threats such as malicious files, malware, email campaigns and other attacks observed by Microsoft. It includes reports on specific threats and offers ways to address them, the blog said.
Microsoft Defender External Attack Surface Management scans the internet and its connections every day. This builds a complete catalogue of a customer’s environment, discovering internet-facing resources — even the agentless and unmanaged assets. Continuous monitoring, without the need for agents or credentials, prioritises new vulnerabilities.
Organisations need to see their business the way an attacker can so they can eliminate gaps and strengthen their security posture to help reduce the potential for attack, said Jakkal.
“Many businesses have internet-facing assets they may not be aware of or have simply forgotten about. These are often created by shadow IT, mergers, and acquisitions, incomplete cataloguing, business partners’ exposure, or simply rapid business growth,” he explained.
In April, Microsoft published a blog that examined the growth of attack surface using RiskIQ data. With more than 100,000 hosts and 613 new domains created each minute, Microsoft said both legitimate organisations and threat actors contribute to that growth. Additionally, the blog noted the move to remote work has created a shift where “sometimes, threat actors know more about an organisation’s attack surface than their SOC or security operations centre does.”
The new tools can also serve as a workbench to educate enterprises about how attackers are operating, including what domains and URLs they use, which in turn can be helpful to specific customers, said Microsoft. And like other Microsoft Defender tools, customers can subscribe to the services and access them through online portals.