Today, we are excited to announce that predictive vulnerability management platform, DeepSurface, has integrated across our threat and vulnerability management capabilities in Microsoft Defender for Endpoint. Now, Microsoft Defender for Endpoint customers can import vulnerability information across Microsoft, Linux and MacOS hosts directly into the DeepSurface vulnerability management platform, further strengthening our focus on interoperability.
“As the volume of vulnerabilities increases, it’s critical that vulnerability management teams can quickly identify which matter to their domain and filter out any that don’t pose any risk to their organization. The status quo has been to juggle multiple platforms and spend hours manually prioritizing vulnerabilities - this integration between Microsoft and DeepSurface streamlines the number of platforms for end-users and provides comprehensive, real-time insight into their threat stance.” – Tomer Teller, Principal Security PM Lead, Threat & Vulnerability Management at Microsoft
DeepSurface considers more than 50 different attributes of an environment to contextualize vulnerabilities – and chains of vulnerabilities – within an organization’s digital infrastructure to predict where an attacker could cause the most damage and provides users with actionable intelligence on how to reduce the most risk, fastest. Now, users of Microsoft Defender for Endpoint have an integrated solution, easily operationalized in just a few minutes, that provides them with at-a-glance insight into their threat stance.
Image 1 shows DeepSurface’s Risk Insight model. The paretograph shows all the patches on your network and the relative risk they pose to your business, as well as the number of affected hosts and number of vulnerabilities on your network.
DeepSurface integrates with Microsoft Defender for Endpoint APIs to collect vulnerabilities and identify missing patches, then prioritizes the patches, hosts and vulnerabilities based on a holistic threat model of your infrastructure.
Image 2 shows the risk pathways or hacker roadmap of vulnerabilities and chains of vulnerabilities that could be exploited on a network. By visualizing the most exploitable risk paths, DeepSurface can help you identify which paths pose the most risk to your business and prioritize where to patch first.
When viewing a specific patch, DeepSurface can show users which hosts are affected, and the severity of the risk for each host after taking the holistic context of your network into account. DeepSurface also provides information about patch supersedence, and extra steps required to fully mitigate the vulnerabilities covered by the patch.
Integration is quick and seamless. All you have to do is add your API key to the DeepSurface console (see screenshot below). Documentation is available for DeepSurface customers.
Image 3: DeepSurface setup console to configure the Microsoft Defender for Endpoint integration.
At Microsoft, we believe that when solutions work well together, customers benefit and can build stronger defenses. That’s why the Microsoft threat and vulnerability management APIs give partners like DeepSurface, as well as security full access to the threat and vulnerability management dataset, allowing them to build integrations or other custom workflows.
More information and feedback
The threat and vulnerability management capabilities are part of Microsoft Defender for Endpoint and enable organizations to effectively identify, assess, and remediate endpoint weaknesses to reduce organizational risk.
Documentation on how to configure the integration is available for DeepSurface customers in the product portal.
We want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.