The Microsoft Defender Threat Intelligence team (MDTI) continuously introduces innovations that make its strategic, tactical, and operational threat intelligence - built from 65 trillion signals and over 10,000 multidisciplinary experts - more accessible to access, ingest, and act upon. Today, we are excited to announce several new features that enhance Microsoft's comprehensive security offering and AI-powered security with crucial context around threat actors, vulnerabilities, and the tools and systems they use to attack and exploit organizations.
Below, read more about these new features announced at Microsoft Ignite.
Microsoft Defender Threat Intelligence integration with Security Copilot
This powerful integration enables security teams to quickly act on insights on threat actors and tooling for faster and more resolute incident response. In Security Copilot, MDTI content provides crucial context to threats, security incidents, and investigations by instantly surfacing and summarizing intelligence related to threat actors, campaigns, and malicious infrastructure.
Prompts leveraging MDTI in Security Copilot
Prompts leveraging MDTI in Security Copilot include:
Return any MDTI content related to an entity, e.g.:
Microsoft Defender Threat Intelligence Free Experience
This free experience in Microsoft Defender XDR offers valuable open-source intelligence and internet data sets developed from our mass collection and analysis technology that complement and enhance MDO, MDE, and other Defender products with crucial context around threat actors, tooling, and infrastructure. Users can directly access open-source intelligence on threats, vulnerabilities, and associated indicators of compromise (IoCs) and pivot on unique internet data sets to uncover adversary infrastructure, tying artifacts like IPs, Hosts, Hashes, and URLs to known threats. This external threat intelligence enables advanced threat investigations outside the firewall.
The MDTI free experience is available to all Defender XDR tenants on the “Intel profiles,” “Intel explorer,” and “Intel projects” tabs under the “Threat intelligence” blade.
We are introducing Detonation Intelligence to the Threat Intelligence blade in Defender XDR, enabling users to search, look up, and contextualize threats. Users can detonate URLs and view results alongside other MDTI content in the threat intelligence blade to quickly understand a malicious file or URL. MDO, MDE, and Other Defender XDR customers can promptly submit an IoC and immediately view the results within the Threat Intelligence blade alongside other detonated IoCs for instant context.
Microsoft Defender Threat Intelligence (MDTI) are the latest Intel Profiles in MDTI, joining threat actor and threat tooling profiles launched at Microsoft Secure. Vulnerability profiles put intelligence collected from the Microsoft Threat Intelligence team about vulnerabilities all in one place, including related exploits, threat activity, and mitigation guidance. Vulnerability Profiles are updated whenever new information is discovered to provide a continuous view of the vulnerability landscape that helps organizations manage their attack surface and understand which exposures are the most critical to them.
Vulnerability profiles in MDTI
Each Vulnerability Profile contains:
A detailed description
CVSS (Common Vulnerability Scoring System) scores
A priority score
Deep and dark web chatter observations
Be sure to join our fast-growing community of security pros and experts to provide product feedback and suggestions and start conversations about how MDTI is helping your team stay on top of threats. To learn more about how you and your organization can leverage MDTI, watch our overview video and follow our “Become an MDTI Ninja” training path today. To access these features, contact sales to request a free trial or explore licensing options.