Blog Post

Microsoft Defender Vulnerability Management Blog
4 MIN READ

Microsoft threat & vulnerability management integrates with Vulcan Cyber

rachelpark's avatar
rachelpark
Icon for Microsoft rankMicrosoft
Feb 03, 2022

Most enterprises’ vulnerability and risk management programs are challenged with information overload, multiple siloed processes, and a lack of visibility into data spanning multiple security vendors and tools. Microsoft believes that when solutions work well together to overcome these limitations, customer benefit in efficiently reducing cyber exposure across their organization.  

 

Today, we’re excited to announce the general availability of a new integration between Microsoft threat and vulnerability management and the Vulcan Cyber risk management platform. The integration between these two products provides customers deeper cyber risk awareness, better collaboration tools, and enhanced risk prioritization and mitigation capabilities. 

 

Vulcan Cyber ingests asset information, vulnerability descriptions and details, and recommendations with descriptions and remediation options from Microsoft threat and vulnerability management. This data is aggregated and correlated against a wide range of relevant vulnerability and risk contexts pulled from Microsoft and dozens of other sources to intelligently prioritize which vulnerabilities to fix first based on criticality and the greatest impact to your organization’s security posture. With Vulcan Cyber’s integration with Microsoft threat and vulnerability management, customers can assess additional vulnerability contexts to better understand true risk, identify which vulnerabilities to prioritize, and gain deep insights on how to fix them.

Figure 1:  This diagram shows how Vulcan Cyber integrates with Microsoft and other solutions to deliver end-to-end cyber risk management capabilities.

 

Once connected to Vulcan Cyber, vulnerabilities and threat details identified by threat and vulnerability management are automatically analyzed and assigned a risk rating that incorporates contexts such as threat severity, asset type, exploitability and other datapoints across sources. This helps prioritize which CVEs need to be addressed first for the greatest impact to each organization’s unique requirements and specific security posture.

 

Figure 2: A list of CVEs identified by threat and vulnerability management and prioritized by Vulcan Cyber based on critical risk factors.

 

Users can then drill into the details of each vulnerability to provide additional context about the actual risk associated with the specific CVE.

 

Figure 3:  Vulcan Cyber provides a detailed explanation of every CVE, with context extracted from TVM and dozens of other integrated data sources.

 

 

Figure 4:  Vulcan Cyber delivers remediation advice provided by internal expert research and/or extracted from TVM and other integrated sources.

 

In addition to the vulnerability context, Vulcan also provides validated remediation details, including where to find specific fixes and how they will impact overall risk above and beyond the specific CVE. Integrations with patch management tools like Microsoft Endpoint Manager allows a user to take action to immediately fix a vulnerability from the same screen. But if a different group is responsible for remediation and patch management, as is typical with many enterprises, Vulcan Cyber can automatically initiate communication and collaboration with those teams through preferred communication tools, such as Microsoft Teams, ServiceNow, and Jira.

 

Figure 5: An asset-centric view lists the CVEs impacting specific assets and the associated risk.

 

Lastly, flexible analytics views show the complete vulnerability landscape with the ability to employ dynamic filters to focus on specific criteria like the vulnerability source. This provides both macro level and granular insights for greater organizational awareness of actual risk.

 

Figure 6: One of many analytics views for show macro and granular views of an organization’s true vulnerability and risk landscape.

 

This integration between the threat and vulnerability management capabilities in Microsoft Defender for Endpoint and Vulcan Cyber can help security teams increase their visibility into risk across the organization, deepen their understanding of vulnerabilities and the remediation options, and drive efficiencies with IT counterparts.

 

Check out the step-by-step guide on how to setup and use this integration.

 

Microsoft’s continued focus on interoperability

Microsoft threat and vulnerability management APIs empower security teams to deliver greater value to their vulnerability management program. If you want to know how to use these APIs to create custom reports, build automations, and more, check out this blog post.

 

As we continue to expand the depth and breadth of Microsoft’s vulnerability management capabilities, our team is focused on building a broad ecosystem of integration partners. We understand that our customers have existing investments and established processes to run their security and IT operations and we want to ensure our products support these requirements. If you would like to see additional integrations within Microsoft Defender for Endpoint, go to the Partner Application page in the Microsoft Defender Security Center, and click Recommend other partners.

 

More information and feedback

Updated May 04, 2022
Version 3.0
  • ambarishrh's avatar
    ambarishrh
    Iron Contributor

    Excellent news! Are there any plans to integrate these dashboards directly under MS TVM portal so that we get a unified place to look at reports & dashboards? 

  • ambarishrh's avatar
    ambarishrh
    Iron Contributor

    Made a short video on the setup and configuration. Also covering MS Teams integration as incoming webhook to push notify on Teams channel based on set criteria. Initial thoughts; excellent interface, rich information, massive library of connectors!

     

    https://youtu.be/Dn8lf7FQ2BE