Microsoft has announced two new products under the Microsoft Defender lineup. Designed for businesses, and powered by their acquisition of cyber security company RiskIQ, Microsoft hopes the new Defender Threat Intelligence, and Defender External Attack Surface Management can aim to help companies reduce their chances of getting hit by cyber-attacks.
We’ll begin by getting into the details of Microsoft Defender Threat Intelligence. This new product is all about offering real-time data from Microsoft’s security signals. It builds on the real-time detections of Microsoft Sentinel. and lets organizations hunt for threats more broadly, and helps them uncover more adversaries. According to Microsoft:
Microsoft Defender Threat Intelligence maps the internet every day, providing security teams with the necessary information to understand adversaries and their attack techniques. Customers can access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, and procedures (TTPs), and can see active updates within the portal as new information is distilled from Microsoft’s security signals and experts. Defender Threat Intelligence lifts the veil on the attacker and threat family behavior and helps security teams find, remove, and block hidden adversary tools within their organization.
Now, for Microsoft Defender External Attack Surface Management. This second product under the Microsoft Defender offering is all about helping businesses see their operations the way an attacker can. More specifically, security teams can use this product to see and discover unmanaged resources that are visible from the internet, which is what an attacker might usually see. In Microsoft’s words:
Microsoft Defender External Attack Surface Management scans the internet and its connections every day. This builds a complete catalog of a customer’s environment, discovering internet-facing resources—even the agentless and unmanaged assets. Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities.
Microsoft says these new offerings come at a time when ransomware losses are hitting businesses hard. The company is citing an FBI report which found that these types of losses totaled more than $50 million, with total cybercrimes costing 6.9 billion. Defender Threat Intelligence and Defender External Attack Surface Management should help reduce these threats.