The Defender External Attack Surface Management (Defender EASM) Discovery is an integral part of the external attack surface management process. Organizations often struggle to keep up with demanding business requests and create additional infrastructure not under their IT compliance. COVID increased pressure on organizations to allow employees to work from home and make rapid changes to new or existing infrastructure.
How can you get an accurate picture of your risk with all these changes happening? How could you know where your attack surface is vulnerable? Defender EASM Discovery is the answer.
Figure 1 – Discover Vulnerabilities
Defender EASM uses the idea of seeds to enable the Discovery process. Microsoft has some organization seeds already configured, which can be leveraged to start the Discovery. However, you can add your own if the organization is not listed. These seeds are the initial instructions to go and find infrastructure linked to the given organization.
Seeds consist of Organization names, Domains, IP Blocks, Hosts, Email Addresses, ASNs, and Whois Organizations. Once these have been added to the Discovery, Defender EASM’s proprietary algorithm will use these instructions as starting points on a weekly or monthly basis (depending on your configurations) to find infrastructure linked to your organization.
Figure 2 – Discovery Seeds
Once the seeds have been created, Defender EASM will continuously look for new infrastructure. When assets are added to the Attack Surface, their details are continuously updated to maintain an accurate map of asset states and relationships. The Defender EASM process is essential when identifying your entire digital estate. There are often assets in your Inventory you did not know existed or assets you expected to have been decommissioned. Completing a manual Discovery process without Defender EASM’s proprietary technology and necessary skills would be time-consuming, expensive, and likely omitting important assets.
Discovery enables you to keep an eye on your ever-evolving attack surface. This dynamic process is vital in the cat-and-mouse game with threat actors targeting your organization. For those looking to master Defender EASM, don’t forget to check out the Microsoft Ninja training course!