Microsoft wants to solve one of the biggest cybersecurity problems for businesses today: vulnerable endpoints by flying under the security radar.
Microsoft announced Microsoft Defender External Attack Surface Management , which aims to give IT teams a better view of their organization’s attack surface, including the resources exposed to the Internet that could be exploited in an attack. Assuming that IT teams are capable enough to manage their own infrastructure, Microsoft is placing an emphasis on devices that enter the network as a result of a merger or acquisition – devices that become vulnerable with the use of shadow IT. problems with cataloging the entire technology stack, etc.
Vasu Jakkal, Microsoft’s corporate vice president of security, said in the blog post of the announcement:
The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources visible and accessible from the internet – essentially the same view an attacker has when selecting a target, Defender External Attack Surface Management helps customers to discover unmanaged assets that could be potential entry points for an attacker.
By keeping an eye on connections and monitoring potentially unprotected endpoints, the tool helps IT teams view their assets through the eyes of a potential attacker.
Furthermore Jakkal added:
Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities. With a comprehensive view of the organization, customers can take recommended measures to mitigate risk by bringing these unknown assets, endpoints and assets securely managed within their SIEM and XDR tools.
Aside from Microsoft Defender External Attack Surface Management, the company also announced Microsoft Defender Threat Intelligence , a support tool for SecOps teams.
- Microsoft Defender can now show you exactly where your business might get hacked (TechRadar)