Microsoft unveils new threat intelligence and surface management solutions


Microsoft has announced two new key security products in the shape of Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management.

The new solutions have been designed to provide users with deeper context into threat actor activity, Microsoft said, which will help organizations lock down their infrastructure and reduce their overall attack surface.

The move marks the first time the Redmond giant has harnessed the technology from RiskIQ, the security software company it acquired for around $500 million last year.

“These new threat intelligence offerings expand our growing security portfolio, offer deeper insights into threat actors and their behaviors, and help security teams accelerate the identification and prioritization of risks,” commented Vasu Jakkal, Corporate Vice President of Security, Compliance, Identity, and Management at Microsoft.

With Microsoft Defender Threat Intelligence, users can uncover attacker infrastructure and accelerate remediation with deeper context, insights, and analysis.

Direct access to real-time data from Microsoft’s security signals means organizations can proactively look for threats more broadly in their environments, boost custom threat intelligence processes, as well as improve the performance of third-party security products, Microsoft said.

It’s designed to map the internet daily, building a library of raw threat intelligence that details threats by name, and records their tools, tactics, and procedures (TTPs), plus updates from Microsoft’s security signals and experts.

The capability has been created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research teams.

“Microsoft recognizes the importance of working together as a security community to help protect the digital world from threats,” Jakku continued. “As such, the existing free edition will continue to be available.”

The second solution – dubbed Microsoft Defender External Attack Surface Management – ultimately allows the user to see their business the way an attacker can. Security teams can uncover unknown and unmanaged resources that are visible and accessible from the internet, providing visibility of potential entry points for attackers.

The solution scans the internet and its connections daily, building a complete catalogue of a customer’s environment to identify internet-facing resources, and offers continuous monitoring that prioritizes new vulnerabilities.

“With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response (XDR) tools,” Jakkal added.

Microsoft also announced its Microsoft Sentinel solution for SAP, which it said will allow security teams to monitor, detect, and respond to SAP alerts from its cloud-native SIEM.

Daniel Todd

Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.

A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.

He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.