Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender Threat Intelligence. Credit: Martyn Williams/IDG Drawing from last year’s acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel SIEM (security information and event management) product.Combining intelligence from the security research team at RiskIQ with existing in-house security findings, Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data. Microsoft says it is offering the library for free, accessible directly by all users, or from within its existing Defender family of security products, according to a blog post from Vasu Jakkal, a Microsoft vice president for security, compliance, identity, and management.Microsoft has also released Microsoft Defender External Attack Surface Management, designed to scan users’ computing environments and connections to provide security teams with the same view an attacker has of their organization while selecting a target. Threat library offers real-time adversary intelligence According to Jakkal, Microsoft will combine its in-house security data—gathered from a tracking network of 35 ransomware families, 250+ unique nation-states, cybercriminals, and threat actors—with the intelligence acquired by RiskIQ, for real-time updating of the new Defender Threat Intelligence (DFI) library. The library will provide raw threat intelligence detailing adversaries by name— correlating their tools, tactics, and procedures (TTPs)—and will provide updates when new information is distilled from a host of sources including Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research teams. DFI is aimed at helping security operations centers (SOCs) understand the specific threats their organizations face and harden their security posture accordingly, added Jakkal. The DFI intelligence is also expected to enhance the detection capabilities of Microsoft Sentinel and the entire family of Microsoft Defender products. More sources of information for DFI are expected to be added later this year, Jakkal said.Defender EASM provides “attacker view” of assets Designed to provide security teams with the ability to discover unknown and unmanaged resources that are visible and accessible from the internet, Defender External Attack Surface Management (EASM) will essentially scan the internet and connected assets to catalog a customer’s environment and its internet-facing resources.Identified resources—including endpoints, agentless and unmanaged assets—can then be brought under secure management with SIEM and extended detection and response (XDR) tools.“With the same view an attacker has, Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker,” Jakkal said in the blog post. The company did not immediately detail pricing for the product.Sentinel gets new SAP monitoring featuresMeanwhile, Microsoft Sentinel, the company’s cloud-native SIEM and SOAR (security orchestration, automation, and response) application, will offer support for SAP alerts. SAP ERP applications, which can be run from both on-premises and cloud infrastructure, are complex and may have risks such as privilege escalation and suspicious downloads. These can be monitored, detected, and responded to by new features being added to Microsoft Sentinel, the company said.The Microsoft Sentinel monitoring capabilities for SAP will be generally available with a six-month free promotion starting this month, and billing will start on February 1, 2023, as an add-on charge to the existing Microsoft Sentinel consumption-billing model, Microsoft said. Related content feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff May 01, 2024 15 mins Technology Industry IT Skills Events feature 3 Windows vulnerabilities that may not be worth patching Some vulnerabilities eat up a security team’s time and resources yet provide little or nothing in the way of true protection. Some may even introduce more risk to a network. By Susan Bradley May 01, 2024 7 mins Windows Security Patch Management Software Security Practices news analysis Chinese threat actor engaged in multi-year DNS resolver probing effort The unusual and persistent probing activity over the span of multiple years should be a reminder to organizations to identify and remove all open DNS resolvers from their networks. By Lucian Constantin Apr 30, 2024 7 mins Cyberattacks Network Security news Securiti adds distributed LLM firewalls to secure genAI applications The new offering is aimed at protecting against prompt injection, data leakage, and training data poisoning in LLM systems. By Shweta Sharma Apr 30, 2024 4 mins Generative AI PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe