Microsoft Defender External Attack Surface Management (Defender EASM) discovers and classifies assets and workloads across your organization's digital presence to enable teams to understand and prioritize exposed weaknesses in cloud, SaaS, and IaaS resources to strengthen security posture. Features recently added increase CWE and CVE visibility and boost query efficiency so users can focus on finding the information that's most important to their environment. Below, learn about these powerful new enhancements and how you can begin using them today.
The Top 25 Common Weakness Enumeration (CWE) list is provided annually by MITRE. These CWEs represent the most common and impactful software weaknesses that are easy to find and exploit. This dashboard displays all CWEs included on the list over the last five years, listing all inventory assets that might be impacted by each CWE. Referencing this dashboard saves you research time and helps your vulnerability remediation efforts by helping you identify the greatest risks to your organization based on other tangible observed exploits.
While there are hundreds of thousands of identified CVE vulnerabilities, only a small subset hasve been identified by the Cybersecurity & Infrastructure Security Agency (CISA) as recently exploited by threat actors. This list includes less than .5% of all identified CVEs; for this reason, it is instrumental to helping security professionals prioritize the remediation of the greatest risks to their organization. Those who remediate threats based on this list operate with the upmost efficiency because they’re prioritizing the vulnerabilities that have resulted in real security incidents.
Both new Defender EASM dashboards are designed to help users find the threats that pose the greatest threat to their organization as efficiently as possible. To learn more about dashboards, see our help documentation.
Users now receive one-time push notifications in the Azure portal to alert them of key updates to their attack surface. These notifications are designed to guide users to the information that helps them create a comprehensive external attack surface and efficiently manage their ever-changing digital landscape. Users can expect notifications in the following instances:
Customers can now access client libraries for Javascript and Java that help them operationalize the Defender EASM REST API to automate processes and improve workflows. These SDKs are now available to customers in Public Preview.
New insights are now flagged with “NEW” on the "Attack surface priorities" charts and other areas in the UI. This helps customers quickly navigate to insights that they have not yet investigated, enabling better prioritization when reviewing your attack surface.
Performance enhancements were completed on the backend of the discovery engine to enable larger asset counts to be brought into inventory with each discovery run. Furthermore, we have added tooltips to the Discovery Group details page to provide more insight into failed discovery runs. By hovering over the information icon next to any failed discovery run within the Run History section, users can understand why their run failed and adjust accordingly before running another discovery, improving efficiency.
Defender EASM has implemented a new design for filters that makes it easier for you to quickly query your inventory. Each query is now constructed from the main inventory page in a more visual format, making it easier to construct multiple queries before submitting. Unlike the previous filter design, these improvements allow users to view and edit all queries simultaneously before submitting the request, improving the ease of usability of the feature. In addition, we have added an “OR” operator for many filters, allowing you to quickly search for multiple desired results.
The Defender EASM team is constantly adding new insights to the platform to ensure that our users have visibility into the latest security threats. The follow insights were added to Defender EASM in the last three months.
Potential Insights are created when a vulnerable version of software has not been detected and needs to be validated by the customer. Customers using this software should check if they have the vulnerable versions highlighted in the insight:
MDEASM is made by security professionals for security professionals. Join our community of security pros and experts to provide product feedback and suggestions and start conversations about how MDEASM helps you manage your attack surface and strengthen your security posture. With an open dialogue, we can create a safer internet together.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.