Microsoft beefs up Defender security with new Threat Intelligence and External Attack Surface Management tools
Microsoft has launched two new security products, bolstering the capabilities of Microsoft Defender. The company says that the aim of the two tools is to help organizations lock down their infrastructure and reduce their overall attack surface.
The tools, Microsoft says, also provide "deeper context into threat actor activity" making it easier to predict malicious activity and secure resources. Microsoft Defender Threat Intelligence works by mapping the internet every day, so that security teams have the data needed to understand current attack techniques, while with Microsoft Defender External Attack Surface Management lets security teams see their system as attackers do.
- Microsoft releases PowerToys v0.61.0 with numerous 'quality of life improvements'
- You can now buy a Windows 11 license direct from Microsoft -- but we know a cheaper option
- Microsoft confirms that KB5014666 update is causing printing problems in Windows
Among the aims of the new Microsoft Defender functionality is to arm security teams with more information than before. Information is power, and with the extra data, it should be possible to identify security tools and attacks faster, as well as prioritizing what needs attention.
Microsoft says that it is constantly tracking 35 ransomware families, and more than 250 unique nation-states, cybercriminals and other threat actors. Amounting to more than 43 trillion daily security signals, it wants to share more of this data with users.
The company says of the new security tools:
- Track threat actor activity and patterns with Microsoft Defender Threat Intelligence. Security operations teams can uncover attacker infrastructure and accelerate investigation and remediation with more context, insights, and analysis than ever before. While threat intelligence is already built into the real-time detections of our platform and security products like the Microsoft Defender family and Microsoft Sentinel, this new offering provides direct access to real-time data from Microsoft’s unmatched security signals. Organizations can proactively hunt for threats more broadly in their environments, empower custom threat intelligence processes and investigations, and improve the performance of third-party security products.
- See your business the way an attacker can with Microsoft Defender External Attack Surface Management. The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the internet -- essentially the same view an attacker has when selecting a target. Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker.
There is more information available on the dedicated pages for Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management