Drawing from final yr’s acquisition of RiskIQ, Microsoft is including two new threat-intelligence purposes to its Defender product household, and individually providing new detection and response capabilities for SAP ERP methods to its Sentinel SIEM (safety data and occasion administration) product.
Combining intelligence from the safety analysis group at RiskIQ with present in-house safety findings, Microsoft has developed Microsoft Defender Risk Intelligence, a standalone library of uncooked adversary knowledge. Microsoft says it’s providing the library at no cost, accessible straight by all customers, or from inside its present Defender household of safety merchandise, in response to a weblog put up from Vasu Jakkal, a Microsoft vp for safety, compliance, identification, and administration.
Microsoft has additionally launched Microsoft Defender Exterior Assault Floor Administration, designed to scan customers’ computing environments and connections to supply safety groups with the identical view an attacker has of their group whereas deciding on a goal.
Risk library gives real-time adversary intelligence
In accordance with Jakkal, Microsoft will mix its in-house safety knowledge—gathered from a monitoring community of 35 ransomware households, 250+ distinctive nation-states, cybercriminals, and menace actors—with the intelligence acquired by RiskIQ, for real-time updating of the brand new Defender Risk Intelligence (DFI) library.
The library will present uncooked menace intelligence detailing adversaries by identify, correlating their instruments, ways, and procedures (TTPs), and can present updates when new data is distilled from a bunch of sources together with Microsoft’s nation-state monitoring group, Microsoft Risk Intelligence Middle (MSTIC), and the Microsoft 365 Defender safety analysis groups.
DFI is aimed toward serving to safety operations facilities (SOCs) perceive the particular threats their organizations face and harden their safety posture accordingly, added Jakkal.
The DFI intelligence can also be anticipated to boost the detection capabilities of Microsoft Sentinel and all the household of Microsoft Defender merchandise. Extra sources of data for DFI are anticipated to be added later this yr, Jakkal mentioned.
Defender EASM gives “attacker view” of belongings
Designed to supply safety groups with the power to find unknown and unmanaged assets which can be seen and accessible from the web, Defender Exterior Assault Floor Administration (EASM) will basically scan the web and related belongings to catalog a buyer’s atmosphere and its internet-facing assets.
Recognized assets—together with endpoints, agentless and unmanaged belongings—can then be introduced beneath safe administration with SIEM and prolonged detection and response (XDR) instruments.
“With the identical view an attacker has, Defender Exterior Assault Floor Administration helps prospects uncover unmanaged assets that may very well be potential entry factors for an attacker,” Jakkal mentioned within the weblog put up. The corporate didn’t instantly element pricing for the product.
Sentinel will get new SAP monitoring options
In the meantime, Microsoft Sentinel, the corporate’s cloud-native SIEM and SOAR (safety orchestration, automation, and response) software, will provide assist for SAP alerts. SAP ERP purposes, which could be run from each on-premises and cloud infrastructure, are complicated and will have dangers reminiscent of privilege escalation and suspicious downloads. These could be monitored, detected, and responded to by new options being added to Microsoft Sentinel, the corporate mentioned.
The Microsoft Sentinel monitoring capabilities for SAP will likely be typically out there with a six-month free promotion beginning this month, and billing will begin on February 1, 2023, as an add-on cost to the prevailing Microsoft Sentinel consumption-billing mannequin, Microsoft mentioned.
Copyright © 2022 IDG Communications, Inc.