Microsoft’s new security tool lets you see your systems like a hacker would
Microsoft has launched two security services that aim to bolster the intelligence capabilities of an organization’s security operations center (SOC) rather than just protecting devices.
Microsoft has launched Defender Threat Intelligence and Defender External Attack Surface Management (EASM) – two new products that merge technology acquired by Microsoft after it acquired security firm RiskIQ last July for $500 million.
There may seem to be some overlap between Microsoft’s existing services, such as its Azure-powered Sentinel Security Information and Event Management (SIEM) service and Microsoft Defender Experts for Hunting, a managed threat hunting service. and its Defender Experts for XDR, a managed extended detection and response (XDR) service.
SEE: These are tomorrow’s cybersecurity threats you should be thinking about today
But Microsoft says these RiskIQ-based threat intelligence service offerings differ in that they give customers “direct access to real-time data” from Microsoft’s security signals. Microsoft chief Satya Nadella said last week that the company receives 43 trillion security signals every day.
In addition to signals, Microsoft says its new threat intelligence service is based on merged information between RiskIQ, Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC, pronounced “Mystic”) and Microsoft 365 Defender Security Research Team.
Rob Lefferts, vice president of Microsoft Modern Protection and the SOC unit, told ZDNet that Intel’s Threat Service is about “connecting SOCs with Microsoft’s own researchers at MSTIC.”
Meanwhile, managing Microsoft Defender’s external attack surface is about “how do we make sure that you see the whole world as the attacker would,” says Lefferts.
“We’ll scan the internet and help you understand what you’re presenting on the public internet and what exposure it means for your business.”
The attack surface management service could be useful given that attackers begin scanning the internet for exposed vulnerable devices within 15 minutes of public disclosure of a major flaw and typically continue to scan the internet at looking for older flaws, such as last year’s nasty Exchange Server flaws, ProxyLogon and ProxyShell. .
This service discovers a client’s unknown and unmanaged resources that are visible and accessible from the Internet, giving defenders the same view as an attacker when selecting a target. Defender EASM helps customers discover unmanaged resources that could be potential entry points for an attacker.
Through MSTIC and Microsoft 365 Defender Research, Microsoft is tracking 250 different actors and ransomware families.
“We provide information on each of them and integrate it with your security team – not only to know the latest news… but also to explore them, so if I see an indicator, I could explore where it could live on the network and relate that to what I see in my business. It’s like a workbench for analysts inside a business,” says Lefferts.
SEE: Don’t let your cloud cybersecurity choices leave the door open to hackers
Microsoft’s security business is growing at a rapid pace. It was worth $10 billion a year in 2021, and by April it had grown into a $15 billion a year business. In his fourth quarter fiscal 2022 earnings update, Nadella said Microsoft’s “security revenue grew 40%” and its security business now spans 50 categories, well beyond its Defender Antivirus for Windows PC.
Other recent acquisitions include IoT security firms CyberX and ReFirm Labs to bolster its cybersecurity offerings.
Microsoft rebranded its Defender lineup in 2020 to bring Microsoft Threat Protection, Defender ATP, Azure Security Center and others under the Microsoft Defender name. Microsoft Defender would become its XDR product, while Azure Sentinel would become its SIEM line.
Lefferts says the two new Defender-branded services are standalone products.
“It’s different from endpoint protection. It’s about improving your security team, giving them new views and perspectives. If you think of a game of chess, if you turn it around and watch it from the your opponent’s point of view, it’s a tool designed to help analysts do that by giving them that different perspective,” he says.