Microsoft Defender External Attack Surface Overview, Concepts, and Vocabulary
Published Feb 21 2023 11:41 AM 7,039 Views
Microsoft

Welcome to an introduction to Microsoft Defender External Attack Surface Management (Defender EASM). This article will give you a high-level understanding of the concepts that help you understand your digital attack surface and the start of your Defender EASM Ninja Training journey. 

 

Enterprises have primarily invested in internal security controls to capture adversaries as they plan and execute cyber attacks. One of the recent products added to the Cyber Security portfolio, Defender EASM allows you to understand your attack surface from the outside-in perspective and see it how attackers do.

 

Most cyber attacks progress from the phases of attack planning to breach and data exfiltration. The sooner you can detect and stop the threat actor, the less expensive it will be for an organization. Most companies invest in solutions inside their firewall. However, organizations can leverage Defender EASM to extend visibility and control outside their firewall to detect and mitigate attacks in the planning phase and more efficiently respond to external adversaries before more material impact occurs.

 

Imagine seeing which or how many deprecated web components are displayed to a potential attacker so they can plan their attack. Defender EASM gives you this visibility. 

 

Microsoft Defender External Attack Surface Management’s technology is based on Microsoft’s acquisition of RiskIQ. These strong foundations have been developed further within Defender EASM to leverage Microsoft’s powerful threat intelligence and technology to develop a comprehensive inventory of digital assets to help defenders uncover potential infrastructure risks and highlight areas that may need attention. 

 

jamilmirza_0-1676644513508.png

Figure 1 – Defender EASM Overview 

 

jamilmirza_1-1676644513509.png

Figure 2 – Why Defender External Attack Surface Management? 

 

jamilmirza_2-1676644513510.png

Figure 3 – Where does Microsoft’s External Attack Surface fit in your organization? 

 

jamilmirza_3-1676644513511.png

Figure 4 – Where does Microsoft’s External Attack Surface fit in your organization? 

Concepts and Vocabulary

We’ll use the following terms throughout this training and the platform. Take some time to familiarize yourself with the below list. 

 

Discovery 

The attack surface is continuously changing. Defender External Attack Surface Management Discovery continually identifies new assets which need to be added to the Inventory to be put under management. 

Inventory 

 

The area where all the assets can be searched using the filter. 

Assets 

Assets include IP addresses, IP Blocks, hosts, domains, pages, SSL Certificates, Autonomous System Numbers (ASNs), and Whois contacts.

Filter 

Search which can be run against the Inventory to return assets that match the defined criteria.

Billable Assets 

Assets are only categorized as billable if placed in the Approved Inventory state. We do not charge for any other state. Additionally, duplicative host assets are NOT included in the billable asset count. 

 

Now that you have a high-level understanding of Defender EASM, you can continue your Ninja Training journey. The concepts and vocabulary shall be referenced continuously as you read through more articles and should give you the foundation knowledge needed to understand the subjects being discussed.

1 Comment
Co-Authors
Version history
Last update:
‎Feb 21 2023 11:37 AM
Updated by: