The launch of Microsoft Defender External Attack Surface Management (Defender EASM) was part of Microsoft's ongoing vision to provide unmatched threat intelligence capabilities. We've continued to innovate, introducing impactful new features that drive value for our customers through simplicity and integrations that enhance the products and workflows security teams already use via Defender EASM data.
Our latest build includes a REST API to let customers manage their attack surface at scale, a billable assets dashboard to help users more efficiently track their usage, and integration with Microsoft Defender for Cloud to help them understand how and why a digital asset is vulnerable. The team has also introduced enhancements such as dark mode and improvements to discovery and inventory capabilities. This blog will cover what's new in MDEASM and how it can help improve your security posture by bringing unknown resources, endpoints, and assets under secure management.
Defender EASM continuously discovers and inventories an organization's digital attack surface. The new REST API lets customers manage their attack surface at scale by integrating with the processes and third-party tools they already use. Via the API, they can create new clients and applications or automate workflows for data enrichment, ticketing management, or process management.
Common use cases for the API include retrieving or curating asset data, creating and managing discovery groups, kickstarting discovery runs, utilizing saved filters, and downloading data.
Data functions include:
Administrative functions include:
To start using the Defender EASM API, please refer to the Authentication article in our API documentation and the solutions repository developed by our Customer Experience Engineering Team.
Defender EASM scans the internet and its connections daily, building a complete catalog of a customer's environment and discovering internet-facing resources—even the agentless and unmanaged assets. Insights about how these assets are connected to the internet and other assets are now available in Microsoft Defender for Cloud (MDC) to provide critical context during incident response.
The MDC and Defender EASM partnership cross-correlates externally-facing IP Addresses in MDC to help reduce recommendation noise and focus on the most exploitable vulnerabilities along potential attack paths. The MDC UI allows customers to quickly navigate to Defender EASM for further details via both the Overview and Attack Path pages.
Modern attack surfaces are large, dynamic, and growing every day. Now in preview mode, the billable assets dashboard helps customers better understand how they are billed as Defender EASM discovers their attack surface and identifies new assets that may change their inventory. It provides a breakdown of billable asset counts by day, broken down by asset type, so users can easily track their EASM usage, see how their billing changes over time, and estimate their costs. This feature is in preview mode, and we welcome feedback!
Dark Mode: Defender EASM is now compatible with dark mode. Users can enable it by selecting the dark mode theme from the "Appearance + startup views" tab on the Azure Portal Settings page.
Discovery Enhancements: Discovering your organization's attack surface is now easier than ever with improvements to our discovery process. These include:
Inventory Filter Improvements: Users can now understand and act on their organization's digital asset inventory more quickly and efficiently with new inventory filter improvements. These include:
New Attack Surface Insights: As the global threat landscape evolves, Defender EASM identifies and tracks new vulnerabilities that put organizations at risk. Users can now detect 31 detectable and potential CVEs. Other Attack Surface Insights include:
MDEASM is made by security professionals for security professionals. Join our community of security pros and experts to provide product feedback and suggestions and start conversations about how MDEASM helps you manage your attack surface and strengthen your security posture. With an open dialogue, we can create a safer internet together.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.