Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender Threat Intelligence. Credit: Martyn Williams/IDG Drawing from last year’s acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel SIEM (security information and event management) product.Combining intelligence from the security research team at RiskIQ with existing in-house security findings, Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data. Microsoft says it is offering the library for free, accessible directly by all users, or from within its existing Defender family of security products, according to a blog post from Vasu Jakkal, a Microsoft vice president for security, compliance, identity, and management.Microsoft has also released Microsoft Defender External Attack Surface Management, designed to scan users’ computing environments and connections to provide security teams with the same view an attacker has of their organization while selecting a target. Threat library offers real-time adversary intelligence According to Jakkal, Microsoft will combine its in-house security data—gathered from a tracking network of 35 ransomware families, 250+ unique nation-states, cybercriminals, and threat actors—with the intelligence acquired by RiskIQ, for real-time updating of the new Defender Threat Intelligence (DFI) library. The library will provide raw threat intelligence detailing adversaries by name— correlating their tools, tactics, and procedures (TTPs)—and will provide updates when new information is distilled from a host of sources including Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research teams. DFI is aimed at helping security operations centers (SOCs) understand the specific threats their organizations face and harden their security posture accordingly, added Jakkal. The DFI intelligence is also expected to enhance the detection capabilities of Microsoft Sentinel and the entire family of Microsoft Defender products. More sources of information for DFI are expected to be added later this year, Jakkal said.Defender EASM provides “attacker view” of assets Designed to provide security teams with the ability to discover unknown and unmanaged resources that are visible and accessible from the internet, Defender External Attack Surface Management (EASM) will essentially scan the internet and connected assets to catalog a customer’s environment and its internet-facing resources.Identified resources—including endpoints, agentless and unmanaged assets—can then be brought under secure management with SIEM and extended detection and response (XDR) tools.“With the same view an attacker has, Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker,” Jakkal said in the blog post. The company did not immediately detail pricing for the product.Sentinel gets new SAP monitoring featuresMeanwhile, Microsoft Sentinel, the company’s cloud-native SIEM and SOAR (security orchestration, automation, and response) application, will offer support for SAP alerts. SAP ERP applications, which can be run from both on-premises and cloud infrastructure, are complex and may have risks such as privilege escalation and suspicious downloads. These can be monitored, detected, and responded to by new features being added to Microsoft Sentinel, the company said.The Microsoft Sentinel monitoring capabilities for SAP will be generally available with a six-month free promotion starting this month, and billing will start on February 1, 2023, as an add-on charge to the existing Microsoft Sentinel consumption-billing model, Microsoft said. Related content news Russian state-sponsored hacker used GooseEgg malware to steal Windows credentials A now-patched Windows Print Spooler flaw was used by Forest Blizzard to drop the privilege-elevating malware for credential stealing and persistence. By Shweta Sharma Apr 23, 2024 3 mins Malware Windows Security feature Top 10 physical security considerations for CISOs Securing premises and devices from physical attacks can be just as challenging as defending against cyber threats, collaboration and communication with all teams involved is the key to success. By Ericka Chickowski Apr 23, 2024 14 mins Critical Infrastructure Security Infrastructure Security opinion Microsoft’s mea culpa moment: how it should face up to the CSRB’s critical report What should happen in the wake of the CSRB’s Microsoft report? This former security industry analyst has some suggestions. By Jon Oltsik Apr 23, 2024 4 mins Windows Security Security Practices Vulnerabilities news analysis More attacks target recently patched critical flaw in Palo Alto Networks firewalls The vulnerability found in GlobalProtect could be exploited to gain access to corporate networks and has seen a rise in compromise attempts despite being patched. By Lucian Constantin Apr 22, 2024 5 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe