Recent Discussions
Defender EASM source IP addresses/location
Hey, I am currently building a service that will leverage EASM for discovery and scan for all our customers. However I have a very specific constraint : the scan must be done from a France-localized IP address. Does the resource location (FranceCentral in my case) make the scan occur from a french IP address? I didn't find anything in the blog nor the documention about the scan source IP address or the the scan source location. I'd be glad to hear from the EASM team! 🙂Analytic rules for Microsoft Sentinel based on MS EASM
Hi, I just imported EASM data to Sentinel, so we can create some analytic rules based on EASM data. I'm now thinking on which use cases are interesting to create alerts. Anyone has already followed this path and has some experience of what kind of alerts make sense based on EASM data? ThanksNew Blog | Leverage Generative AI to expedite attack surface investigations in Defender EASM
BySoham Patel A prerequisite to securing an organization on the internet is first knowing what digital assets in the organization are internet-facing. With the constantly changing internet, the migration to multi-cloud environments, the evolution of organizations with mergers and acquisitions, and the emergence of shadow IT, it is often difficult to maintain an updated external view of an organization’s attack surface, leading to security gaps emerging for attackers to exploit. Microsoft Defender External Attack Surface Management (EASM) solves this challenge by discovering externally facing assets and identifying their risk. Their vulnerabilities can be identified, which helps with prioritizing them, so you know where to start with remediation efforts. While Defender EASM equips organizations with an updated external attack surface view and the risks associated with it, these vast, multifaceted attack surfaces require many resources to analyze each asset and its associated metadata. This often increases the time to remediation and the likelihood of an attacker exploiting a security gap. However, generative AI can expedite this analysis process, enabling security professionals to defend organizations at machine speed. Read the full post here:Leverage Generative AI to expedite attack surface investigations in Defender EASMMicrosoft Defender EASM should be part of Microsoft Defender XDR
Microsoft Defender EASM should be part of Microsoft Defender XDR. Microsoft Defender EASM should not work as one of the service in Microsoft Azure. It should be part of Exposure management in Microsoft Defender XDR.Already Microsoft is trying to consolidate its Security/Defender platforms in to one platform Microsoft Defender XDR. So at the same time why creating new portal for this?New Blog | Leverage Generative AI to expedite attack surface investigations in Defender EASM
BySoham Patel A prerequisite to securing an organization on the internet is first knowing what digital assets in the organization are internet-facing. With the constantly changing internet, the migration to multi-cloud environments, the evolution of organizations with mergers and acquisitions, and the emergence of shadow IT, it is often difficult to maintain an updated external view of an organization’s attack surface, leading to security gaps emerging for attackers to exploit. Microsoft Defender External Attack Surface Management (EASM) solves this challenge by discovering externally facing assets and identifying their risk. Their vulnerabilities can be identified, which helps with prioritizing them, so you know where to start with remediation efforts. While Defender EASM equips organizations with an updated external attack surface view and the risks associated with it, these vast, multifaceted attack surfaces require many resources to analyze each asset and its associated metadata. This often increases the time to remediation and the likelihood of an attacker exploiting a security gap. However, generative AI can expedite this analysis process, enabling security professionals to defend organizations at machine speed. At Microsoft Ignite in November 2023, we announced Defender EASM’sprompting capabilitiesin Copilot for Security. Today, we are thrilled to share that the same capabilities – and more – areavailable in public preview the Copilot chat pane in the Azure portal and can be used alongside Copilot for Security customers’ Defender EASM resources. This allows organizations to stay secure, with ease. Dig into your external attack surface The Copilot chat pane in Azure gives customers AI-driven insights on risky assets within their external attack surface. Instead of manually drilling down to investigate asset details, simply ask Copilot about recently expired SSL certificates and domains, and you’ll get automated answers for each in seconds. To understand which assets may have Common Vulnerabilities and Exposures (CVE), you can quickly find out by asking Copilot “which assets have critical severity CVEs?” or “Does this ‘CVE ID’ impact me?” Knowing where CVEs lie, and how they are classified, will help you in focusing resources and remediation efforts on those that matter most. Our Copilot capabilities also enable customers to quickly identify assets impacted by specific risks and vulnerabilities, such as assets that have Common Vulnerability Scoring System (CVSS) scores, that are still using SHA-1 certificates, or are expiring soon – empowering them to determine what assets must be remediated first. For example, we can investigate which assets are impacted by medium priority CVSS Scores and what vulnerabilities must be remediated to secure the targeted assets. In this scenario in the image below, we can see that because of the jQuery version,https://portal.fabrikam.com/is at risk. Read the full post here:Leverage Generative AI to expedite attack surface investigations in Defender EASMNew Blog | Leverage Generative AI to expedite attack surface investigations in Defender EASM
BySoham Patel A prerequisite to securing an organization on the internet is first knowing what digital assets in the organization are internet-facing. With the constantly changing internet, the migration to multi-cloud environments, the evolution of organizations with mergers and acquisitions, and the emergence of shadow IT, it is often difficult to maintain an updated external view of an organization’s attack surface, leading to security gaps emerging for attackers to exploit. Microsoft Defender External Attack Surface Management (EASM) solves this challenge by discovering externally facing assets and identifying their risk. Their vulnerabilities can be identified, which helps with prioritizing them, so you know where to start with remediation efforts. While Defender EASM equips organizations with an updated external attack surface view and the risks associated with it, these vast, multifaceted attack surfaces require many resources to analyze each asset and its associated metadata. This often increases the time to remediation and the likelihood of an attacker exploiting a security gap. However, generative AI can expedite this analysis process, enabling security professionals to defend organizations at machine speed. At Microsoft Ignite in November 2023, we announced Defender EASM’sprompting capabilitiesin Copilot for Security. Today, we are thrilled to share that the same capabilities – and more – areavailable in public preview the Copilot chat pane in the Azure portal and can be used alongside Copilot for Security customers’ Defender EASM resources. This allows organizations to stay secure, with ease. Dig into your external attack surface The Copilot chat pane in Azure gives customers AI-driven insights on risky assets within their external attack surface. Instead of manually drilling down to investigate asset details, simply ask Copilot about recently expired SSL certificates and domains, and you’ll get automated answers for each in seconds. To understand which assets may have Common Vulnerabilities and Exposures (CVE), you can quickly find out by asking Copilot “which assets have critical severity CVEs?” or “Does this ‘CVE ID’ impact me?” Knowing where CVEs lie, and how they are classified, will help you in focusing resources and remediation efforts on those that matter most. Our Copilot capabilities also enable customers to quickly identify assets impacted by specific risks and vulnerabilities, such as assets that have Common Vulnerability Scoring System (CVSS) scores, that are still using SHA-1 certificates, or are expiring soon – empowering them to determine what assets must be remediated first. For example, we can investigate which assets are impacted by medium priority CVSS Scores and what vulnerabilities must be remediated to secure the targeted assets. In this scenario in the image below, we can see that because of the jQuery version,https://portal.fabrikam.com/is at risk. Read the full post here:Leverage Generative AI to expedite attack surface investigations in Defender EASMNew Blog | Get visibility into your curated external assets with enhanced generative AI capabilities
BySushma Raja Finding, tracking, and managing all the assets found within an organization’s vast – and often unknown – digital attack surface can be a daunting task. A lack of knowing and monitoring all your assets, including shadow IT, leads to security gaps that can be exploited by attackers. Understanding and documenting your entire attack surface with relevant asset tracking is critical to securing your environment. This highlights the importance of adding an external attack surface management (EASM) tool to your security stack. EASM solutions are designed to provide a view of your digital attack surface from the outside in, enabling organizations to see exactly what attackers browsing the internet see when they come across an asset owned by your organization. Microsoft Defender EASM discovers and maps both known and unknown assets from an external perspective just as an attacker would see as they look to find a way to compromise an organization. Enhanced Defender EASM functionality in Microsoft Copilot for Security In November 2023, we announced new Defender EASMcapabilitiesin Microsoft Copilot for Security that help security teams understand their attack surface, the pervasive CVEs within it, and get assistance remediation prioritization with the help of generative AI. The attack surface snapshot that Copilot users receive when using the prompts are, by default, generated from a library ofpre-built attack surfacesthat Microsoft has discovered for thousands of organizations. From our daily scans of the internet, Defender EASM discovers and searches for an organization’s attack surface based on publicly available information. The results of prompts pulled from an organization’s pre-built attack surface are intended to give customers high-level visibility into their external assets and associated vulnerabilities.So far, they have been used by Early Access customers to achieve this visibility. One customer reported that they were able to identify unknown assets and remediate major vulnerabilities based on information gathered from EASM. Now, we are thrilled to share enhanced functionality with these capabilities, which allows customers todirectly connect their seeded and curated Defender EASM resource to Copilot for Security. With the curated Defender EASM integration, Copilot users can leverage generative AI to get comprehensive, up-to-date information about their external attack surface, analyzing assets that go above and beyond their pre-built attack surface. Setting up is simple. In the configuration menu of Copilot for Security, turn on the Defender External Attack Surface Management skills on and then click on the Settings icon to enter your resource information. Once this information is entered, your future prompts in Copilot will utilize information from your configured EASM resource. Read the full post here:Get visibility into your curated external assets with enhanced generative AI capabilitiesNew Blog | Get visibility into your curated external assets with enhanced generative AI capabilities
BySushma Raja Finding, tracking, and managing all the assets found within an organization’s vast – and often unknown – digital attack surface can be a daunting task. A lack of knowing and monitoring all your assets, including shadow IT, leads to security gaps that can be exploited by attackers. Understanding and documenting your entire attack surface with relevant asset tracking is critical to securing your environment. This highlights the importance of adding an external attack surface management (EASM) tool to your security stack. EASM solutions are designed to provide a view of your digital attack surface from the outside in, enabling organizations to see exactly what attackers browsing the internet see when they come across an asset owned by your organization. Microsoft Defender EASM discovers and maps both known and unknown assets from an external perspective just as an attacker would see as they look to find a way to compromise an organization. Enhanced Defender EASM functionality in Microsoft Copilot for Security In November 2023, we announced new Defender EASMcapabilitiesin Microsoft Copilot for Security that help security teams understand their attack surface, the pervasive CVEs within it, and get assistance remediation prioritization with the help of generative AI. The attack surface snapshot that Copilot users receive when using the prompts are, by default, generated from a library ofpre-built attack surfacesthat Microsoft has discovered for thousands of organizations. From our daily scans of the internet, Defender EASM discovers and searches for an organization’s attack surface based on publicly available information. The results of prompts pulled from an organization’s pre-built attack surface are intended to give customers high-level visibility into their external assets and associated vulnerabilities.So far, they have been used by Early Access customers to achieve this visibility. One customer reported that they were able to identify unknown assets and remediate major vulnerabilities based on information gathered from EASM. Now, we are thrilled to share enhanced functionality with these capabilities, which allows customers todirectly connect their seeded and curated Defender EASM resource to Copilot for Security. With the curated Defender EASM integration, Copilot users can leverage generative AI to get comprehensive, up-to-date information about their external attack surface, analyzing assets that go above and beyond their pre-built attack surface. Setting up is simple. In the configuration menu of Copilot for Security, turn on the Defender External Attack Surface Management skills on and then click on the Settings icon to enter your resource information. Once this information is entered, your future prompts in Copilot will utilize information from your configured EASM resource. Read the full post here:Get visibility into your curated external assets with enhanced generative AI capabilitiesNormalize Billable Assets EASM
Hi, we're currently evaluating EASM and running a trial POC. We've used the defaultpredefined attack surface template for our Org. The Billable asset count number is quite high and "Host: IP pairs" are contributing mostly which are IPv6 addresses. Can we filter out all these IPv6 for example: Changing their state from Approved to >> "Candidate" or "Dismissed"? The ultimate goal is to normalize the Billable Assets to get accurate cost estimates by filtering out IPv6 addresses. thanksNew Blog | Defender EASM - Performing a Successful Proof of Concept (PoC)
This blog willserve as ahigh-levelguideto helpyouexecutea simpleframeworkforevaluating DefenderEASM, andother itemsto consider whenembarking on the journeytounderstandtheInternet exposeddigitalassets thatcompriseyourexternalattacksurface, so you can viewrisksthrough the same lens as a malicious threat actor. Read the full blog post here:Defender EASM - Performing a Successful Proof of Concept (PoC) - Microsoft Community HubOptimize insights and efficiency with latest Defender EASM features and generative AI integrations
New Blog |Optimize insights and efficiency with latest Defender EASM features and generative AI integrations. Over the last six months, Microsoft Defender External Attack Surface Management (EASM) has released updates that help Defender EASM customers increase the speed to operationalize its findings. Now, vulnerability management teams are using labels to drive workflows and denote asset ownership, they are saving queries to quickly modify newly discovered assets, and they are combining it all with data connector exports to generate custom reports to help them see their security data holistically. These new features that we’ve recently delivered make it easier for our customers to track inventory changes, see important asset findings in one place, connect data to supplement workflows, and has made managing assets and long-running tasks more efficient. Additionally, we’re excited to announce that we’ve extended Defender EASM’s footprint into Microsoft Security Copilot with capabilities that enable Copilot users to learn more about their external attack surface exposures in context and at AI speeds. Read on to learn more about the latest in Defender EASM:Optimize insights and efficiency with latest Defender EASM features and generative AI integrations - Microsoft Community HubNew Blog | One Microsoft: Enriching MDEASM assets with Threat Intelligence Feeds
Organizations need processes and tools such as Microsoft Defender External Attack Surface Management (MDEASM) to help with identifying and managing the points in a software system or network infrastructure that could be targeted by potential attackers. These points, often referred to as "attack vectors," are vulnerabilities or weaknesses that attackers could exploit to gain unauthorized access, compromise systems, or steal sensitive data. The External Attack Surface specifically refers to the components and interfaces of a system that are exposed to the outside world, such as public-facing applications, network services, APIs, and other entry points. These are the points that can be targeted by attackers who are trying to breach the system from outside the organization's perimeter. This blog covers how Microsoft Security can help identify threats by leveraging Microsoft Defenders External Attack Surface Management asset discovery against the Microsoft Defender Threat Intelligence feeds. Read the full blog post here:One Microsoft: Enriching owned assets with Threat Intelligence FeedsNew Blog | Latest functionalities uplevel asset management and enhance data visibility
Latest functionalities uplevel asset management and enhance data visibility Microsoft Defender External Attack Surface Management (Defender EASM) discovers and classifies assets and workloads across your organization's digital presence to enable teams to understand and prioritize exposed weaknesses in cloud, SaaS, and IaaS resources to strengthen security posture. Recently added features and enhancements uplevel asset management and enhance data visibility within the tool, helping customers gain efficiency and stay organized. Learn about these exciting new functionalities and how you can start using them today. Read the full blog:Latest functionalities uplevel asset management and enhance data visibility (microsoft.com)New Blog Post | Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview
Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview - Microsoft Community Hub The Microsoft Defender EASM (Defender EASM) team is excited to share that new Data Connectors for Azure Log Analytics and Azure Data Explorer are now available in public preview. Defender EASM continuously discovers an incredible amount of up-to-the-minute Attack Surface Data, so connecting and automating this data flow to all our customers’ mission-critical systems that keep their organizations secure is essential. The new Data Connectors for Log Analytics and Azure Data Explorer can easilyaugment existing workflows by automating recurring exports of all asset inventory data and the set of potential security issues flagged as insights to specified destinations to keep other tools continually updated with the latest findings from Defender EASM.New Blog Post | Why is Defender EASM Discovery important?
Full blog post:Why is Defender EASM Discovery important? - Microsoft Community Hub The Defender External Attack Surface Management (Defender EASM) Discovery is an integral part of the external attack surface management process. Organizations often struggle to keep up with demanding business requests and create additional infrastructure not under their IT compliance. COVID increased pressure on organizations to allow employees to work from home and make rapid changes to new or existing infrastructure. How can you get an accurate picture of your risk with all these changes happening? How could you know where your attack surface is vulnerable? Defender EASM Discovery is the answer. Original Post:New Blog Post | Why is Defender EASM Discovery important? - Microsoft Community HubNew Blog Post | Latest Engineering Semester Enables Tighter Integrations, Ease of Use
Full blog post:Latest Engineering Semester Enables Tighter Integrations, Ease of Use - Microsoft Community Hub The launch ofMicrosoft Defender External Attack Surface Management (Defender EASM)was part of Microsoft's ongoing vision to provide unmatched threat intelligence capabilities. We've continued to innovate, introducing impactful new features that drive value for our customers through simplicity and integrations that enhance the products and workflows security teams already use via Defender EASM data. Our latest build includes a REST API to let customers manage their attack surface at scale, a billable assets dashboard to help users more efficiently track their usage, and integration with Microsoft Defender for Cloud to help them understand how and why a digital asset is vulnerable. The team has also introduced enhancements such as dark mode and improvements to discovery and inventory capabilities.This blog will cover what's new in MDEASM and how it can help improve your security posture by bringing unknown resources, endpoints, and assets under secure management.New Blog Post | Identify Digital Assets Vulnerable to Subdomain Takeover
Read the full blog post:Identify Digital Assets Vulnerable to Subdomain Takeover - Microsoft Community Hub Subdomain takeover vulnerabilities are, in most cases, the result of an organization using an external service and letting it expire. However, that expired subdomain is still a part of the organization's external attack surface, with domain DNS entries pointing to it. An attacker could then claim this subdomain and take control of it with little to no effort, a considerable blow to an organization's security posture. How does this happen? For example, a company might enlist a service desk provider, "FreshDesk.' It would point a subdomain like "support.mycompany.com" to FreshDesk and then claim this domain with the Freshdesk service to activate it. However, a problem arises when the organization abandons the service because they migrate to other services or for some other reason. Meanwhile, after the service agreement expires, the subdomain remains pointing to the FreshDesk platform. While this might not seem bad initially, the risk of allowing attackers to execute scripts under the subdomain enables them to obtain data from the main website. The risk becomes even more significant when this scenario involves a service that handles PPI, PHI, or trade secrets. Microsoft Defender External Attack Surface Management continuously maps the external-facing resources across your organization's attack surface to identify, classify, and prioritize risks, including subdomain expiration and takeover.
Events
Recent Blogs
- Learn about Defeder EASM's Data Connections feature so you can connect and automate data flow to gain new attack surface insights.Aug 26, 20246.5KViews0likes2Comments
- Learn to become a Microsoft Defender External Attack Surface (Defender EASM) Ninja! This blog will walk you through theresources you'll need to master and derive maximum value from Microsoft'...May 29, 202419KViews14likes10Comments