New Blog Post | Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview
Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview - Microsoft Community Hub The Microsoft Defender EASM (Defender EASM) team is excited to share that new Data Connectors for Azure Log Analytics and Azure Data Explorer are now available in public preview. Defender EASM continuously discovers an incredible amount of up-to-the-minute Attack Surface Data, so connecting and automating this data flow to all our customers’ mission-critical systems that keep their organizations secure is essential. The new Data Connectors for Log Analytics and Azure Data Explorer can easily augment existing workflows by automating recurring exports of all asset inventory data and the set of potential security issues flagged as insights to specified destinations to keep other tools continually updated with the latest findings from Defender EASM.New Blog Post | Why is Defender EASM Discovery important?
Full blog post: Why is Defender EASM Discovery important? - Microsoft Community Hub The Defender External Attack Surface Management (Defender EASM) Discovery is an integral part of the external attack surface management process. Organizations often struggle to keep up with demanding business requests and create additional infrastructure not under their IT compliance. COVID increased pressure on organizations to allow employees to work from home and make rapid changes to new or existing infrastructure. How can you get an accurate picture of your risk with all these changes happening? How could you know where your attack surface is vulnerable? Defender EASM Discovery is the answer. Original Post: New Blog Post | Why is Defender EASM Discovery important? - Microsoft Community HubNew Blog Post | Identify Digital Assets Vulnerable to Subdomain Takeover
Read the full blog post: Identify Digital Assets Vulnerable to Subdomain Takeover - Microsoft Community Hub Subdomain takeover vulnerabilities are, in most cases, the result of an organization using an external service and letting it expire. However, that expired subdomain is still a part of the organization's external attack surface, with domain DNS entries pointing to it. An attacker could then claim this subdomain and take control of it with little to no effort, a considerable blow to an organization's security posture. How does this happen? For example, a company might enlist a service desk provider, "FreshDesk.' It would point a subdomain like "support.mycompany.com" to FreshDesk and then claim this domain with the Freshdesk service to activate it. However, a problem arises when the organization abandons the service because they migrate to other services or for some other reason. Meanwhile, after the service agreement expires, the subdomain remains pointing to the FreshDesk platform. While this might not seem bad initially, the risk of allowing attackers to execute scripts under the subdomain enables them to obtain data from the main website. The risk becomes even more significant when this scenario involves a service that handles PPI, PHI, or trade secrets. Microsoft Defender External Attack Surface Management continuously maps the external-facing resources across your organization's attack surface to identify, classify, and prioritize risks, including subdomain expiration and takeover.New Blog Post | Latest Engineering Semester Enables Tighter Integrations, Ease of Use
Full blog post: Latest Engineering Semester Enables Tighter Integrations, Ease of Use - Microsoft Community Hub The launch of https://go.microsoft.com/fwlink/?linkid=2202448 was part of Microsoft's ongoing vision to provide unmatched threat intelligence capabilities. We've continued to innovate, introducing impactful new features that drive value for our customers through simplicity and integrations that enhance the products and workflows security teams already use via Defender EASM data. Our latest build includes a REST API to let customers manage their attack surface at scale, a billable assets dashboard to help users more efficiently track their usage, and integration with Microsoft Defender for Cloud to help them understand how and why a digital asset is vulnerable. The team has also introduced enhancements such as dark mode and improvements to discovery and inventory capabilities. This blog will cover what's new in MDEASM and how it can help improve your security posture by bringing unknown resources, endpoints, and assets under secure management.
Microsoft Defender EASM should be part of Microsoft Defender XDR
Microsoft Defender EASM should be part of Microsoft Defender XDR. Microsoft Defender EASM should not work as one of the service in Microsoft Azure. It should be part of Exposure management in Microsoft Defender XDR. Already Microsoft is trying to consolidate its Security/Defender platforms in to one platform Microsoft Defender XDR. So at the same time why creating new portal for this?
New Blog | Latest functionalities uplevel asset management and enhance data visibility
Latest functionalities uplevel asset management and enhance data visibility Microsoft Defender External Attack Surface Management (Defender EASM) discovers and classifies assets and workloads across your organization's digital presence to enable teams to understand and prioritize exposed weaknesses in cloud, SaaS, and IaaS resources to strengthen security posture. Recently added features and enhancements uplevel asset management and enhance data visibility within the tool, helping customers gain efficiency and stay organized. Learn about these exciting new functionalities and how you can start using them today. Read the full blog: Latest functionalities uplevel asset management and enhance data visibility (microsoft.com)New Blog | One Microsoft: Enriching MDEASM assets with Threat Intelligence Feeds
Organizations need processes and tools such as Microsoft Defender External Attack Surface Management (MDEASM) to help with identifying and managing the points in a software system or network infrastructure that could be targeted by potential attackers. These points, often referred to as "attack vectors," are vulnerabilities or weaknesses that attackers could exploit to gain unauthorized access, compromise systems, or steal sensitive data. The External Attack Surface specifically refers to the components and interfaces of a system that are exposed to the outside world, such as public-facing applications, network services, APIs, and other entry points. These are the points that can be targeted by attackers who are trying to breach the system from outside the organization's perimeter. This blog covers how Microsoft Security can help identify threats by leveraging Microsoft Defenders External Attack Surface Management asset discovery against the Microsoft Defender Threat Intelligence feeds. Read the full blog post here: One Microsoft: Enriching owned assets with Threat Intelligence FeedsOptimize insights and efficiency with latest Defender EASM features and generative AI integrations
New Blog | Optimize insights and efficiency with latest Defender EASM features and generative AI integrations. Over the last six months, Microsoft Defender External Attack Surface Management (EASM) has released updates that help Defender EASM customers increase the speed to operationalize its findings. Now, vulnerability management teams are using labels to drive workflows and denote asset ownership, they are saving queries to quickly modify newly discovered assets, and they are combining it all with data connector exports to generate custom reports to help them see their security data holistically. These new features that we’ve recently delivered make it easier for our customers to track inventory changes, see important asset findings in one place, connect data to supplement workflows, and has made managing assets and long-running tasks more efficient. Additionally, we’re excited to announce that we’ve extended Defender EASM’s footprint into Microsoft Security Copilot with capabilities that enable Copilot users to learn more about their external attack surface exposures in context and at AI speeds. Read on to learn more about the latest in Defender EASM: Optimize insights and efficiency with latest Defender EASM features and generative AI integrations - Microsoft Community Hub
Normalize Billable Assets EASM
Hi, we're currently evaluating EASM and running a trial POC. We've used the default predefined attack surface template for our Org. The Billable asset count number is quite high and "Host: IP pairs" are contributing mostly which are IPv6 addresses. Can we filter out all these IPv6 for example: Changing their state from Approved to >> "Candidate" or "Dismissed"? The ultimate goal is to normalize the Billable Assets to get accurate cost estimates by filtering out IPv6 addresses. thanksNew Blog | Defender EASM - Performing a Successful Proof of Concept (PoC)
This blog will serve as a high-level guide to help you execute a simple framework for evaluating Defender EASM, and other items to consider when embarking on the journey to understand the Internet exposed digital assets that comprise your external attack surface, so you can view risks through the same lens as a malicious threat actor. Read the full blog post here: Defender EASM - Performing a Successful Proof of Concept (PoC) - Microsoft Community Hub
