Explained: What is Microsoft’s new external attack surface audit tool and how will it improve security – Times of India

Cyberattacks have not only harmed companies as a whole but have also affected individuals. Research conducted by Cybersecurity Ventures in 2020 stated that cybercrime costs will reach $10.5 trillion annually by 2025. A report by Check Point Software Technologies Ltd claims that compared to 2020, the overall attacks per week on corporate networks increased by 50% in 2021. However, security teams of different organisations will now be able to spot “Internet-exposed resources” that attackers can misuse to breach their networks.
According to a report by BleepingComputer, Microsoft has announced a new security product that will help companies to spot such vulnerabilities. The report also suggests that the tool will put more focus on “unmanaged or unknown assets,” that were introduced to the company’s environment through — mergers or acquisitions, shadow IT, incomplete cataloguing or just quick business growth.
Microsoft Defender External Attack Surface Management
The new tool is named Microsoft Defender External Attack Surface Management and will offer customers an overview of their businesses’ attack surface which is said to make it easier for the companies to discover vulnerabilities and block potential attacks.

How it will help organisations to improve security
The latest Microsoft Defender tool creates a catalogue of the entire environment of an organisation, that includes “unmanaged and agentless devices” by constantly scanning Internet connections.
Vasu Jakkal, company’s Corporate VP for Security, has explained that the latest Microsoft Defender External Attack Surface Management tool will offer a company’s security team(s) the ability to “discover unknown and unmanaged resources that are visible and accessible from the internet.” More importantly, the security teams will get the same view that attackers see while selecting a target and will also help customers to discover “unmanaged resources that could be potential entry points for an attacker,” she added.
This is possible by constantly monitoring connections and looking for “unprotected devices exposed to Internet attacks.” Jakkal also mentioned that “continuous monitoring, without the need for agents or credentials, prioritises new vulnerabilities.”
She even added that customers “can take recommended steps to mitigate risk by bringing these unknown resources, endpoints and assets under secure management within their SIEM and XDR tools,” once they have a complete view of the organisation.

What is Microsoft Defender Threat Intelligence
The tech giant has also announced a second security product called the Microsoft Defender Threat Intelligence. This tool will offer the security operations (SecOps) teams the threat intelligence that is required to — discover attacker infrastructure and speed up attack investigations along with remediation efforts.
How it will help the customers
Microsoft has a mammoth set of 43 trillion daily security signals that proactively look for security threats in their environments. This tool also allows the SecOps team members access to such massive real-time data.
The mentioned data works as a library of raw threat intelligence where users can find information about the name of the adversaries and their correlating — tools, tactics, and procedures (TTP).
As per Microsoft, all this information about threat actors’ TTP and infrastructure will help security teams — detect, remove and block hidden adversary tools within their org’s environment.
Jakkal mentioned that the depth of threat intelligence was created with the contribution
of several other teams including — the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender security research teams,” Jakkal added.

Source link

Related Articles

Leave a Reply

Stay Connected

- Advertisement -spot_img

Latest Articles

%d bloggers like this: