Microsoft has unveiled two new security service offerings that will help improve the intelligence capabilities of an organization’s security operations: Defender Threat Intelligence and Defender External Attack Surface Management (EASM).
The new intel service is based on the merger of RiskIQ, Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research team.
Although it may look similar to other Microsoft services, the company said the new security service offerings are unique because they offer customers “direct access to real-time data” from Microsoft’s security signals.
Microsoft Defender External Attack Surface Management can detect unknown and unmanaged customer resources that are visible and accessible from the internet, giving defenders the same view an attacker has when selecting a target.
Ultimately, Defender EASM helps customers discover unmanaged resources that could serve as potential entry points for attackers.
“We’re providing intelligence across all of them and bringing that into your security team — not just to learn the latest news… but also to explore it, so if I see an indicator, I might explore where that might live on the network and connect that to what I’m seeing in my company. It’s like a workbench for analysts inside a company,” says Rob Lefferts, Corporate VP of Microsoft’s Modern Protection and SOC unit.
The sources for this piece include an article in ZDNet.