Forum Widgets
Latest Discussions
Defender EASM source IP addresses/location
Hey, I am currently building a service that will leverage EASM for discovery and scan for all our customers. However I have a very specific constraint : the scan must be done from a France-localized IP address. Does the resource location (FranceCentral in my case) make the scan occur from a french IP address? I didn't find anything in the blog nor the documention about the scan source IP address or the the scan source location. I'd be glad to hear from the EASM team! 🙂
Analytic rules for Microsoft Sentinel based on MS EASM
Hi, I just imported EASM data to Sentinel, so we can create some analytic rules based on EASM data. I'm now thinking on which use cases are interesting to create alerts. Anyone has already followed this path and has some experience of what kind of alerts make sense based on EASM data? Thanks
New Blog | Leverage Generative AI to expedite attack surface investigations in Defender EASM
BySoham Patel A prerequisite to securing an organization on the internet is first knowing what digital assets in the organization are internet-facing. With the constantly changing internet, the migration to multi-cloud environments, the evolution of organizations with mergers and acquisitions, and the emergence of shadow IT, it is often difficult to maintain an updated external view of an organization’s attack surface, leading to security gaps emerging for attackers to exploit. Microsoft Defender External Attack Surface Management (EASM) solves this challenge by discovering externally facing assets and identifying their risk. Their vulnerabilities can be identified, which helps with prioritizing them, so you know where to start with remediation efforts. While Defender EASM equips organizations with an updated external attack surface view and the risks associated with it, these vast, multifaceted attack surfaces require many resources to analyze each asset and its associated metadata. This often increases the time to remediation and the likelihood of an attacker exploiting a security gap. However, generative AI can expedite this analysis process, enabling security professionals to defend organizations at machine speed. Read the full post here:Leverage Generative AI to expedite attack surface investigations in Defender EASM
Microsoft Defender EASM should be part of Microsoft Defender XDR
Microsoft Defender EASM should be part of Microsoft Defender XDR. Microsoft Defender EASM should not work as one of the service in Microsoft Azure. It should be part of Exposure management in Microsoft Defender XDR.Already Microsoft is trying to consolidate its Security/Defender platforms in to one platform Microsoft Defender XDR. So at the same time why creating new portal for this?New Blog | Leverage Generative AI to expedite attack surface investigations in Defender EASM
BySoham Patel A prerequisite to securing an organization on the internet is first knowing what digital assets in the organization are internet-facing. With the constantly changing internet, the migration to multi-cloud environments, the evolution of organizations with mergers and acquisitions, and the emergence of shadow IT, it is often difficult to maintain an updated external view of an organization’s attack surface, leading to security gaps emerging for attackers to exploit. Microsoft Defender External Attack Surface Management (EASM) solves this challenge by discovering externally facing assets and identifying their risk. Their vulnerabilities can be identified, which helps with prioritizing them, so you know where to start with remediation efforts. While Defender EASM equips organizations with an updated external attack surface view and the risks associated with it, these vast, multifaceted attack surfaces require many resources to analyze each asset and its associated metadata. This often increases the time to remediation and the likelihood of an attacker exploiting a security gap. However, generative AI can expedite this analysis process, enabling security professionals to defend organizations at machine speed. At Microsoft Ignite in November 2023, we announced Defender EASM’sprompting capabilitiesin Copilot for Security. Today, we are thrilled to share that the same capabilities – and more – areavailable in public preview the Copilot chat pane in the Azure portal and can be used alongside Copilot for Security customers’ Defender EASM resources. This allows organizations to stay secure, with ease. Dig into your external attack surface The Copilot chat pane in Azure gives customers AI-driven insights on risky assets within their external attack surface. Instead of manually drilling down to investigate asset details, simply ask Copilot about recently expired SSL certificates and domains, and you’ll get automated answers for each in seconds. To understand which assets may have Common Vulnerabilities and Exposures (CVE), you can quickly find out by asking Copilot “which assets have critical severity CVEs?” or “Does this ‘CVE ID’ impact me?” Knowing where CVEs lie, and how they are classified, will help you in focusing resources and remediation efforts on those that matter most. Our Copilot capabilities also enable customers to quickly identify assets impacted by specific risks and vulnerabilities, such as assets that have Common Vulnerability Scoring System (CVSS) scores, that are still using SHA-1 certificates, or are expiring soon – empowering them to determine what assets must be remediated first. For example, we can investigate which assets are impacted by medium priority CVSS Scores and what vulnerabilities must be remediated to secure the targeted assets. In this scenario in the image below, we can see that because of the jQuery version,https://portal.fabrikam.com/is at risk. Read the full post here:Leverage Generative AI to expedite attack surface investigations in Defender EASMNew Blog | Leverage Generative AI to expedite attack surface investigations in Defender EASM
BySoham Patel A prerequisite to securing an organization on the internet is first knowing what digital assets in the organization are internet-facing. With the constantly changing internet, the migration to multi-cloud environments, the evolution of organizations with mergers and acquisitions, and the emergence of shadow IT, it is often difficult to maintain an updated external view of an organization’s attack surface, leading to security gaps emerging for attackers to exploit. Microsoft Defender External Attack Surface Management (EASM) solves this challenge by discovering externally facing assets and identifying their risk. Their vulnerabilities can be identified, which helps with prioritizing them, so you know where to start with remediation efforts. While Defender EASM equips organizations with an updated external attack surface view and the risks associated with it, these vast, multifaceted attack surfaces require many resources to analyze each asset and its associated metadata. This often increases the time to remediation and the likelihood of an attacker exploiting a security gap. However, generative AI can expedite this analysis process, enabling security professionals to defend organizations at machine speed. At Microsoft Ignite in November 2023, we announced Defender EASM’sprompting capabilitiesin Copilot for Security. Today, we are thrilled to share that the same capabilities – and more – areavailable in public preview the Copilot chat pane in the Azure portal and can be used alongside Copilot for Security customers’ Defender EASM resources. This allows organizations to stay secure, with ease. Dig into your external attack surface The Copilot chat pane in Azure gives customers AI-driven insights on risky assets within their external attack surface. Instead of manually drilling down to investigate asset details, simply ask Copilot about recently expired SSL certificates and domains, and you’ll get automated answers for each in seconds. To understand which assets may have Common Vulnerabilities and Exposures (CVE), you can quickly find out by asking Copilot “which assets have critical severity CVEs?” or “Does this ‘CVE ID’ impact me?” Knowing where CVEs lie, and how they are classified, will help you in focusing resources and remediation efforts on those that matter most. Our Copilot capabilities also enable customers to quickly identify assets impacted by specific risks and vulnerabilities, such as assets that have Common Vulnerability Scoring System (CVSS) scores, that are still using SHA-1 certificates, or are expiring soon – empowering them to determine what assets must be remediated first. For example, we can investigate which assets are impacted by medium priority CVSS Scores and what vulnerabilities must be remediated to secure the targeted assets. In this scenario in the image below, we can see that because of the jQuery version,https://portal.fabrikam.com/is at risk. Read the full post here:Leverage Generative AI to expedite attack surface investigations in Defender EASMNew Blog | Get visibility into your curated external assets with enhanced generative AI capabilities
BySushma Raja Finding, tracking, and managing all the assets found within an organization’s vast – and often unknown – digital attack surface can be a daunting task. A lack of knowing and monitoring all your assets, including shadow IT, leads to security gaps that can be exploited by attackers. Understanding and documenting your entire attack surface with relevant asset tracking is critical to securing your environment. This highlights the importance of adding an external attack surface management (EASM) tool to your security stack. EASM solutions are designed to provide a view of your digital attack surface from the outside in, enabling organizations to see exactly what attackers browsing the internet see when they come across an asset owned by your organization. Microsoft Defender EASM discovers and maps both known and unknown assets from an external perspective just as an attacker would see as they look to find a way to compromise an organization. Enhanced Defender EASM functionality in Microsoft Copilot for Security In November 2023, we announced new Defender EASMcapabilitiesin Microsoft Copilot for Security that help security teams understand their attack surface, the pervasive CVEs within it, and get assistance remediation prioritization with the help of generative AI. The attack surface snapshot that Copilot users receive when using the prompts are, by default, generated from a library ofpre-built attack surfacesthat Microsoft has discovered for thousands of organizations. From our daily scans of the internet, Defender EASM discovers and searches for an organization’s attack surface based on publicly available information. The results of prompts pulled from an organization’s pre-built attack surface are intended to give customers high-level visibility into their external assets and associated vulnerabilities.So far, they have been used by Early Access customers to achieve this visibility. One customer reported that they were able to identify unknown assets and remediate major vulnerabilities based on information gathered from EASM. Now, we are thrilled to share enhanced functionality with these capabilities, which allows customers todirectly connect their seeded and curated Defender EASM resource to Copilot for Security. With the curated Defender EASM integration, Copilot users can leverage generative AI to get comprehensive, up-to-date information about their external attack surface, analyzing assets that go above and beyond their pre-built attack surface. Setting up is simple. In the configuration menu of Copilot for Security, turn on the Defender External Attack Surface Management skills on and then click on the Settings icon to enter your resource information. Once this information is entered, your future prompts in Copilot will utilize information from your configured EASM resource. Read the full post here:Get visibility into your curated external assets with enhanced generative AI capabilitiesNew Blog | Get visibility into your curated external assets with enhanced generative AI capabilities
BySushma Raja Finding, tracking, and managing all the assets found within an organization’s vast – and often unknown – digital attack surface can be a daunting task. A lack of knowing and monitoring all your assets, including shadow IT, leads to security gaps that can be exploited by attackers. Understanding and documenting your entire attack surface with relevant asset tracking is critical to securing your environment. This highlights the importance of adding an external attack surface management (EASM) tool to your security stack. EASM solutions are designed to provide a view of your digital attack surface from the outside in, enabling organizations to see exactly what attackers browsing the internet see when they come across an asset owned by your organization. Microsoft Defender EASM discovers and maps both known and unknown assets from an external perspective just as an attacker would see as they look to find a way to compromise an organization. Enhanced Defender EASM functionality in Microsoft Copilot for Security In November 2023, we announced new Defender EASMcapabilitiesin Microsoft Copilot for Security that help security teams understand their attack surface, the pervasive CVEs within it, and get assistance remediation prioritization with the help of generative AI. The attack surface snapshot that Copilot users receive when using the prompts are, by default, generated from a library ofpre-built attack surfacesthat Microsoft has discovered for thousands of organizations. From our daily scans of the internet, Defender EASM discovers and searches for an organization’s attack surface based on publicly available information. The results of prompts pulled from an organization’s pre-built attack surface are intended to give customers high-level visibility into their external assets and associated vulnerabilities.So far, they have been used by Early Access customers to achieve this visibility. One customer reported that they were able to identify unknown assets and remediate major vulnerabilities based on information gathered from EASM. Now, we are thrilled to share enhanced functionality with these capabilities, which allows customers todirectly connect their seeded and curated Defender EASM resource to Copilot for Security. With the curated Defender EASM integration, Copilot users can leverage generative AI to get comprehensive, up-to-date information about their external attack surface, analyzing assets that go above and beyond their pre-built attack surface. Setting up is simple. In the configuration menu of Copilot for Security, turn on the Defender External Attack Surface Management skills on and then click on the Settings icon to enter your resource information. Once this information is entered, your future prompts in Copilot will utilize information from your configured EASM resource. Read the full post here:Get visibility into your curated external assets with enhanced generative AI capabilities
Normalize Billable Assets EASM
Hi, we're currently evaluating EASM and running a trial POC. We've used the defaultpredefined attack surface template for our Org. The Billable asset count number is quite high and "Host: IP pairs" are contributing mostly which are IPv6 addresses. Can we filter out all these IPv6 for example: Changing their state from Approved to >> "Candidate" or "Dismissed"? The ultimate goal is to normalize the Billable Assets to get accurate cost estimates by filtering out IPv6 addresses. thanks
New Blog | Defender EASM - Performing a Successful Proof of Concept (PoC)
This blog willserve as ahigh-levelguideto helpyouexecutea simpleframeworkforevaluating DefenderEASM, andother itemsto consider whenembarking on the journeytounderstandtheInternet exposeddigitalassets thatcompriseyourexternalattacksurface, so you can viewrisksthrough the same lens as a malicious threat actor. Read the full blog post here:Defender EASM - Performing a Successful Proof of Concept (PoC) - Microsoft Community Hub
