Microsoft has announced two new security tools for companies. Microsoft Defender External Attack Surface Management provides the external view of the company’s devices, Microsoft Defender Threat Intelligence analyzes the attackers on the company networks. Both services are intended to provide customers with real-time access to the analyses.
Microsoft Defender External Attack Surface Management
External Attack Surface Management is intended to provide an overview of all Internet-connected devices in a company. This is particularly important in fast-growing companies, where you can quickly lose track of the entire internal IT. External Attack Surface Management’s complete analysis of the entire IT infrastructure also lists the agentless and non-human managed resources that are often overlooked.
The tool thus provides the same view of the corporate environment, including possible gateways, that potential attackers also find when looking for targets.
Microsoft Defender Threat Intelligence
Microsoft Defender Threat Intelligence is intended to analyze attack patterns and the identities of attackers in real time and make the information available to the SecOps in companies. This is intended to support security teams in preventing attacks, but also in responding to incidents.
As an example, Microsoft cites attacks that are carried out with multiple devices, each with its own IP address. In such cases, it is difficult and time-consuming to reproduce the full attack yourself. With threat intelligence, the provider now wants to automatically disclose these processes with the help of AI and ML. Customers should also receive real-time access to Microsoft’s Security Signals threat library, which lists possible attackers by name with the tools and tactics they use.
The two new tools will be available as standalone tools and are the result of Microsoft’s acquisition of security software company RiskIQ last year Announcement blog post writes.