When attackers enter your network, they don’t treat all your assets equally. Some are more valuable than others. Assets such as domain controllers, internet facing machines, executive’s devices, and machines that host internal and external production services are attractive to bad actors – offering them access to sensitive corporate data, or ways to move further laterally across the organization.
These assets require higher levels of attention from the security team and should be prioritized when it comes to reducing overall risk for an organization.
Today, we are excited to introduce a new setting in Microsoft Defender ATP that allows customers to define a machine’s value to the organization. The first use case scenario for this is in threat and vulnerability management. This feature, now in public preview, will help customers differentiate between asset priorities, which results in a more accurate assessment of their overall risk. It’s the first time we’re providing a tool to our customers that enables them to help us in providing a more accurate assessment of their risk.
Security teams will benefit from having the additional machine value context, set by the admin, as they conduct investigations – helping to further bridge the gap between security and IT teams.
High value asset tag of device from incidents page
With the high value asset prioritizations, organizations can define a machine’s value with the following options:
Normal Value (Default)
In threat and vulnerability management, the machine value is used to incorporate the risk appetite of an individual asset into the exposure score calculation. Meaning that machines marked as “high value” will receive more weight in the exposure score calculation.
Setting a machine value is simple:
Navigate into any machine page
Select Machine Value and define a value
Review the value in the machine tag area
Options to set the device value.
Our newest partner, XM Cyber, a breach and attack simulation and security posture management solution provider, integrates with Microsoft Defender ATP and threat and vulnerability management to help customers see how an attacker moves laterally and compromises critical assets. The platform leverages the new machine tagging capability to help customers tag their most critical assets and adds rich contextual information to enable customers to fully assess the risk of an attack and understand the steps needed for remediation. We’re working with additional partners to incorporate machine tagging and can’t wait to share these collaborations with you in the near future.
This feature is in public preview today and those customers that have preview features turned on can start trying it out immediately. If you haven’t yet opted in, we encourage you to turn on preview features in the Microsoft Defender Security Center. We welcome your feedback! If you have any comments or questions, let us know!