Microsoft CEO Satya Nadella emphasized in his annual letter to shareholders that cybercrime is the "number one threat facing every business today." And yet, Defenders have continued to struggle to keep up with the pace of cybersecurity as it converges with the speed of the digital imperative—infusing digital technology into all business processes. This rise in threats is why we have committed since last summer to quadrupling our cybersecurity investments over the next five years so defenders can do more with less, a pledge exemplified by our recent release of cyber threat intel solution Microsoft Defender Threat Intelligence.
A recent peer-reviewed commentary published in a research White Paper by the Sans Institute authored by a Microsoft Security researcher explores the critical role of cyber threat intelligence in an attack surface management program and how it enables defenders to scale in response to a growing threat landscape. It presents a conceptual framework for improving cyber resiliency by proactively detecting and responding to weaknesses that adversaries could exploit to cause unacceptable harm. It is particularly informative to understand the "ins and outs" of the modern-day attack surface and what you may need to prioritize in your specific program.
The research supports that intelligence-driven defense can help defenders be more efficient and impactful with their time. They can only focus on some threats, or they will get burned out. As Satya has pointed out, working harder and longer does not cause innovation, agility, and resiliency. According to the paper, intelligence-driven attack surface management can streamline incident response and free up analysts' time by automating the collection and analysis of data. Defenders want to do more with less time, cost, and complexity. We must apply technology to amplify what defenders can do and what they can achieve, especially amid today's constraints.
We designed Defender TI with precisely this concern for defenders in mind. It is a complete platform to ingest, analyze and act upon massive signals collected from across the internet and processed by security experts and machine learning. In addition, we built Defender TI for defenders to effectively focus on the most relevant threats.
Threat intelligence is also key to threat detection. We have accordingly enabled defenders already using Microsoft Sentinel to use Defender TI's threat intelligence indicators to generate detections within Sentinel automatically. Defenders must understand which vulnerabilities are likely to be used at any time and in their organizations to prioritize them. We intentionally enabled defenders using Defender TI to understand the context of their unique attack surfaces, including the vulnerabilities and the adversaries' tools and systems. Defender TI empowers defenders to weave various datasets to profile complex threat actor activity with finished intelligence.
According to the white paper, an attack surface management program should also illuminate what the adversary would target during reconnaissance when still trying to infiltrate an organization. Cyber threat intel aids defenders in understanding the chronology of harmful cyber operations in the context of monitoring across endpoints, identities, and applications—both in the public and private cloud and hybrid. This way, defenders can detect and block malicious components of a single operation and a campaign and follow-on campaigns. Defender TI similarly empowers defenders to quickly pivot across data sets to create the context for more efficient and effective alerting and actioning with infrastructure chains.
For those looking to master Defender TI, don't forget to check out the Microsoft Ninja training course!