Microsoft wants to solve one of the biggest cybersecurity problems for today’s enterprises – vulnerable endpoints (opens in new tab) flying under the security radar.
The company has announced Microsoft Defender External Attack Surface Management, which looks to give IT teams a better view of their organization’s attack surface, including internet-exposed resources that could be harnessed in an attack.
Under the assumption that IT teams are quite capable of managing their own infrastructure, Microsoft is placing the emphasis on devices coming into the network following a merger or acquisition, devices becoming vulnerable with the use of shadow IT, problems with cataloging the entire tech stack, etc.
Finding unmanaged resources
The tool works by scanning internet connections and cataloging the company’s tech environment.
“The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the internet – essentially, the same view an attacker has when selecting a target,” Microsoft Corporate VP for Security, Vasu Jakkal, said in the announcement blog post (opens in new tab).
“Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker.”
By keeping a close eye on the connections, and monitoring potentially unguarded endpoints, the tool helps IT teams view their assets through the eyes of a potential attacker.
“Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities,” Jakkal added. “With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their SIEM and XDR tools.”
Microsoft Defender External Attack Surface Management aside, the company also announced Microsoft Defender Threat Intelligence, a support tool for SecOps teams.
The tool is designed to help SecOps identify threat actor infrastructure, thus speeding up analysis and countermeasures. Through Microsoft Defender Threat Intelligence, SecOps will gain access to real-time data from Microsoft’s 43 trillion daily security signals, the company concluded.
The signals are raw threat intelligence information, which includes threat actor names, tools, and tactics.