Drawing from final 12 months’s acquisition of RiskIQ, Microsoft is including two new threat-intelligence purposes to its Defender product household, and individually providing new detection and response capabilities for SAP ERP programs to its Sentinel SIEM (safety data and occasion administration) product.
Combining intelligence from the safety analysis workforce at RiskIQ with present in-house safety findings, Microsoft has developed Microsoft Defender Risk Intelligence, a standalone library of uncooked adversary knowledge. Microsoft says it’s providing the library without spending a dime, accessible straight by all customers, or from inside its present Defender household of safety merchandise, in keeping with a weblog submit from Vasu Jakkal, a Microsoft vice chairman for safety, compliance, identification, and administration.
Microsoft has additionally launched Microsoft Defender Exterior Assault Floor Administration, designed to scan customers’ computing environments and connections to supply safety groups with the identical view an attacker has of their group whereas deciding on a goal.
Risk library affords real-time adversary intelligence
In keeping with Jakkal, Microsoft will mix its in-house safety knowledge—gathered from a monitoring community of 35 ransomware households, 250+ distinctive nation-states, cybercriminals, and risk actors—with the intelligence acquired by RiskIQ, for real-time updating of the brand new Defender Risk Intelligence (DFI) library.
The library will present uncooked risk intelligence detailing adversaries by title, correlating their instruments, ways, and procedures (TTPs), and can present updates when new data is distilled from a bunch of sources together with Microsoft’s nation-state monitoring workforce, Microsoft Risk Intelligence Middle (MSTIC), and the Microsoft 365 Defender safety analysis groups.
DFI is aimed toward serving to safety operations facilities (SOCs) perceive the precise threats their organizations face and harden their safety posture accordingly, added Jakkal.
The DFI intelligence can be anticipated to reinforce the detection capabilities of Microsoft Sentinel and all the household of Microsoft Defender merchandise. Extra sources of data for DFI are anticipated to be added later this 12 months, Jakkal stated.
Defender EASM supplies “attacker view” of property
Designed to supply safety groups with the flexibility to find unknown and unmanaged sources which might be seen and accessible from the web, Defender Exterior Assault Floor Administration (EASM) will basically scan the web and related property to catalog a buyer’s surroundings and its internet-facing sources.
Recognized sources—together with endpoints, agentless and unmanaged property—can then be introduced below safe administration with SIEM and prolonged detection and response (XDR) instruments.
“With the identical view an attacker has, Defender Exterior Assault Floor Administration helps clients uncover unmanaged sources that may very well be potential entry factors for an attacker,” Jakkal stated within the weblog submit. The corporate didn’t instantly element pricing for the product.
Sentinel will get new SAP monitoring options
In the meantime, Microsoft Sentinel, the corporate’s cloud-native SIEM and SOAR (safety orchestration, automation, and response) utility, will provide help for SAP alerts. SAP ERP purposes, which might be run from each on-premises and cloud infrastructure, are complicated and should have dangers resembling privilege escalation and suspicious downloads. These might be monitored, detected, and responded to by new options being added to Microsoft Sentinel, the corporate stated.
The Microsoft Sentinel monitoring capabilities for SAP will probably be usually out there with a six-month free promotion beginning this month, and billing will begin on February 1, 2023, as an add-on cost to the present Microsoft Sentinel consumption-billing mannequin, Microsoft stated.
Copyright © 2022 IDG Communications, Inc.
