Microsoft wants to solve one of the biggest cybersecurity problems for businesses today: vulnerable endpoints (opens in a new tab) that slip through the cracks of security.
The company announced Microsoft Defender External Attack Surface Management, which aims to give IT teams a better view of their organization's attack surface, including Internet-exposed resources that could be exploited during an attack.
Assuming IT teams are fully capable of managing their own infrastructure, Microsoft emphasizes devices entering the network as a result of merger or acquisition, with devices made vulnerable by use of shadow IT, cataloging issues of the entire technology stack, etc.
Find unmanaged resources
The tool works by analyzing internet connections and cataloging the technological environment of the company.
"The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the Internet – essentially the same view an attacker has when selecting a target," said Defender Vice President of Microsoft Security Vasu Jakkal. he said in the announcement's blog post (opens in a new tab).
"Defender External Attack Surface Management helps customers discover unmanaged assets that could be potential entry points for an attacker."
By closely monitoring potentially unprotected connections and endpoints, the tool helps IT teams see their assets through the eyes of a potential attacker.
“Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities,” added Jakkal. "With a complete view of the organization, customers can take recommended steps to mitigate risk by putting these unknown resources, endpoints, and assets under secure management within their SIEM and XDR tools."
In addition to Microsoft Defender External Attack Surface Management, the company also announced Microsoft Defender Threat Intelligence, a support tool for SecOps teams.
The tool is designed to help SecOps identify threat actor infrastructure, accelerating analysis and countermeasures. Using Microsoft Defender Threat Intelligence, SecOps will have access to real-time data from Microsoft's 43 billion daily security signals, the company concluded.
Signals are raw threat information, including names, tools, and tactics of threat actors.