Microsoft today added two new features to its Microsoft Defender security platform: Microsoft Defender Threat Intelligence as well as Microsoft Defender External Attack Surface Management. These functions are based on the company’s acquisition RiskIQ and with this launch, Microsoft is now bringing some of the core functionality of RiskIQ to its own security platform (with RiskIQ continues to provide its own services).
“Our mission is to build a safer world for all, and threat intelligence [at] the crux of it,” Microsoft’s Vasu Jakkal told me. “If you do not know what is happening in the world around you, it is very difficult to understand what to do with it and how to react to it. Microsoft has the most comprehensive and in-depth threat intelligence to date – we monitor how we just announced 43 trillion signals in our revenue [each day] that we see in individuals, on devices, on platforms, in email, in collaboration tools.”
With Defender Threat Intelligence, Microsoft uses RiskIQ technology to scan the web and provide additional data to an existing Defender service in real time to help security professionals proactively protect their infrastructure. Microsoft already had a big signal map for the Defender platform, of course, but Jakkal noted that RiskIQ data not only helps enrich this existing dataset, but also allows you to build an additional layer on top of Defender that gives security teams a sense of everything. attack chain.
“They can see the entire attack chain, they can react to it, and then – combined with their own human intelligence – they can see where the attack is going and how to prevent it,” Jakkal explained.
The service also provides users with a library of raw threat intelligence and analysis from Microsoft security experts, which in turn should help security teams find, remove, and block malicious tools that may be hidden in their organization.
Meanwhile, a new external attack surface management service helps these security teams understand how a potential attacker sees their network. Like similar services, it provides security teams with the ability to discover all of their resources and find unknown and/or unmanaged resources. Most companies that start using these services end up being surprised at how many unmanaged assets they find with Internet access.
“All organizations ask themselves: how safe am I? This is such a simple question, yet so difficult to answer. Because first, first we need to understand what is happening in the world of threats. And we need to understand what it looks like. The second thing we need to understand is where our resources are,” Jakkal said. With these new tools, Microsoft is giving security professionals more data to protect their networks and other assets.
Credit: techcrunch.com /