Microsoft has announced two new security products, Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management to provide organizations with a deeper context into threat actor activity and help them lock down their infrastructure and reduce their overall attack surface.
Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft said: “Today, any device connected to the internet is susceptible to vulnerabilities. For organizations, the key to building resilience is understanding the gaps that can lead to these vulnerabilities. We recognize the importance of working together as a security community to help protect the planet from threats. These new threat intelligence offerings expand our growing security portfolio, offer deeper insights into threat actors and their behaviours, and help security teams accelerate identification and prioritization of risks.”
The threat landscape is more sophisticated than ever, and damages have soared. The Federal Bureau of Investigation’s 2021 IC3 report found that the cost of cybercrime now totals more US$ 6.9 billion. To counter these threats, Microsoft is continuously aggregating signal and threat intelligence across the digital estate to track threat actors much more closely and to better understand their behaviour over time. Microsoft currently tracks 35 ransomware families, and more than 250 unique nation-states, cybercriminals, and other threat actors. Its cloud also processes and analyzes more than 43 trillion security signals every single day.
This massive amount of intelligence that Microsoft derives from its platform and products, as well as its acquisition of RiskIQ in 2021, has allowed it to provide customers with unique visibility into threat actor activity, behaviour patterns, and targeting. Customers can also map their digital environment and infrastructure to view their organization as an attacker would, and this outside-in view delivers even deeper insights to help organizations predict malicious activity and secure unmanaged resources.
Microsoft Defender Threat Intelligence maps the internet every day, providing security teams with the necessary information to understand adversaries and their attack techniques. Customers can now access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, and procedures, and can see active updates within the portal as new information is distilled from Microsoft’s security signals and experts. This allows organizations to lift the veil on attackers and threat family behaviour, helping security teams find, remove, and block hidden adversary tools within their organization.
This depth of threat intelligence is created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender security research teams. The volume, scale and depth of intelligence is designed to empower security operations centres to understand the specific threats their organization faces and to harden their security posture accordingly. This intelligence also enhances the detection capabilities of Microsoft Sentinel and the family of Microsoft Defender products.
