Microsoft has released a new security solution that enables security teams to identify Internet-exposed resources in their organization's environment that attackers may use to access their networks.
The emphasis is on unmanaged or unknown assets that have been introduced to the environment as a result of mergers or acquisitions, generated by shadow IT, are absent from inventory owing to insufficient cataloguing, or have been overlooked due to rapid corporate expansion.
This new tool, dubbed Microsoft Defender External Attack Surface Management, offers users an overview of their organisations' attack surface, making it easier to uncover vulnerabilities and prevent possible attack routes.
This tool will develop a database of the organization's full environment, including unmanaged and agentless devices, by continually scanning Internet connections.
Microsoft Corporate VP for Security Vasu Jakkal said, "The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the internet – essentially, the same view an attacker has when selecting a target. Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker."
Microsoft Defender External Attack Surface Management helps security teams to see their environment as an attacker does and uncover exploitable flaws before they do by continually watching connections and hunting for unsecured devices vulnerable to Internet assaults.
Microsoft also introduced Microsoft Defender Threat Information, a second security solution that will provide threat intelligence to security operations (SecOps) teams in order to uncover attacker infrastructure and accelerate attack investigations and remediation efforts.
It will also provide SecOps team members with real-time data from Microsoft's large database of 43 trillion daily security signals, allowing them to actively seek threats in their surroundings.
The data is offered as a library of raw threat intelligence containing information on enemies' identities as well as correlations between their tools, strategies, and techniques.
"This depth of threat intelligence is created from the security research teams formerly at RiskIQ with Microsoft's nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender security research teams," Jakkal added.
"The volume, scale and depth of intelligence is designed to empower Security Operations Centers to understand the specific threats their organization faces and to harden their security posture accordingly."
According to Microsoft, all of this additional information about threat actors' TTPs and infrastructure will assist customers' security teams in detecting, removing, and blocking hidden adversary tools within their organization's environment.
