Microsoft releases a new security tool for auditing external attack surfaces
Microsoft has unveiled a new security tool that enables security teams to identify resources in their organization’s environment that are accessible to the Internet and could be used by hackers to access their networks.
The emphasis is on unmanaged or unidentified assets that have been introduced to the environment as a result of mergers or acquisitions, formed by shadow IT, absent from inventories due to inadequate cataloging, or overlooked as a result of quick business expansion.
This new product, known as Microsoft Defender External Attack Surface Management, gives clients a snapshot of the attack surface of their companies, making it easier to identify vulnerabilities and stop potential attack routes.
This program will compile a catalogue of the organization’s full environment, including unmanaged and agentless devices, by continuously scanning Internet connections.
“The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the internet – essentially, the same view an attacker has when selecting a target,” Microsoft Corporate VP for Security Vasu Jakkal said.
“Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker.”
Security teams can see their environment through the eyes of an attacker and find exploitable flaws before they do thanks to Microsoft Defender External Attack Surface Management, which continuously tracks connections and scans for unprotected devices exposed to Internet attacks.
“Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities,” Jakkal explained.
“With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their SIEM and XDR tools.”
Additionally, Microsoft today unveiled Microsoft Defender Threat Intelligence, a second security tool that will give security operations (SecOps) teams the threat intelligence they need to find attacker infrastructure and accelerate attack investigations and remediation efforts.
Additionally, it will enable the SecOps team to actively search for vulnerabilities in their settings using real-time data from Microsoft’s enormous library of 43 trillion daily security signals.
The information is delivered as a library of unprocessed threat intelligence, which includes information on the names of the opponents and correlations of their tools, strategies, and procedures.
Microsoft claims that all of this additional knowledge about threat actors’ TTP and infrastructure will aid security teams in their customers’ organizations in finding, removing, and blocking hidden adversary tools.