Written by Tim Woolford, Director, Product Marketing
Today, we’re thrilled to announce two new security products driven by our acquisition of RiskIQ just over one year ago that deliver on our vision to provide deeper context into threat actors and help customers lock down their infrastructure.
Track threat actor activity and patterns with Microsoft Defender Threat Intelligence
This new product helps security operations teams uncover attacker infrastructure and accelerate investigation and remediation with more context, insights, and analysis than ever before. While threat intelligence is already built into the real time detections of our platform and security products like Microsoft Sentinel, customers also need direct access to real-time data and Microsoft’s unmatched signal to proactively hunt for threats across their environments.
For example, adversaries often run their attacks from many machines, with unique IP addresses. Tracing the actor behind an attack and tracking down their entire toolkit is challenging and time-consuming. Using built-in AI and machine learning, Defender Threat Intelligence uncovers the attacker or threat family and the elements of their malicious infrastructure. Armed with this information, security teams can then find and remove adversary tools within their organization and block their future use in tools like Microsoft Sentinel, helping to prevent future attacks.
See your business the way an attacker can with Microsoft Defender External Attack Surface Management
The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the internet—essentially the same view an attacker has when selecting their target. Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker.
Microsoft Defender External Attack Surface Management scans the internet and its connections every day. This builds a complete catalogue of a customer’s environment, discovering internet-facing resources, even the agentless and unmanaged assets. Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities. With this complete view of the organization, customers can take recommended steps to mitigate risk by bringing these resources under secure management within tools like Microsoft Defender for Cloud.
Read the full threat intelligence announcement and to learn more about how Microsoft Defender Threat Intelligence and Microsoft Sentinel work together, read the Tech Communities blog.
Additionally, in the spirit of continuous innovation and bringing as much of the digital environment under secure management as possible, we are proud to announce the new Microsoft Sentinel solution for SAP. Security teams can now monitor, detect, and respond to SAP alerts all from our cloud-native SIEM, Microsoft SIEM.
To learn more about these products and to see live demos, visit us at Black Hat USA, Microsoft Booth 2340. You can also register now for the Stop Ransomware with Microsoft Security digital event on September 15, 2022, to watch in-depth demos of the latest threat intelligence technology.