Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender Threat Intelligence. Credit: Martyn Williams/IDG Drawing from last year’s acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel SIEM (security information and event management) product.Combining intelligence from the security research team at RiskIQ with existing in-house security findings, Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data. Microsoft says it is offering the library for free, accessible directly by all users, or from within its existing Defender family of security products, according to a blog post from Vasu Jakkal, a Microsoft vice president for security, compliance, identity, and management.Microsoft has also released Microsoft Defender External Attack Surface Management, designed to scan users’ computing environments and connections to provide security teams with the same view an attacker has of their organization while selecting a target. Threat library offers real-time adversary intelligence According to Jakkal, Microsoft will combine its in-house security data—gathered from a tracking network of 35 ransomware families, 250+ unique nation-states, cybercriminals, and threat actors—with the intelligence acquired by RiskIQ, for real-time updating of the new Defender Threat Intelligence (DFI) library. The library will provide raw threat intelligence detailing adversaries by name— correlating their tools, tactics, and procedures (TTPs)—and will provide updates when new information is distilled from a host of sources including Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research teams. DFI is aimed at helping security operations centers (SOCs) understand the specific threats their organizations face and harden their security posture accordingly, added Jakkal. The DFI intelligence is also expected to enhance the detection capabilities of Microsoft Sentinel and the entire family of Microsoft Defender products. More sources of information for DFI are expected to be added later this year, Jakkal said.Defender EASM provides “attacker view” of assets Designed to provide security teams with the ability to discover unknown and unmanaged resources that are visible and accessible from the internet, Defender External Attack Surface Management (EASM) will essentially scan the internet and connected assets to catalog a customer’s environment and its internet-facing resources.Identified resources—including endpoints, agentless and unmanaged assets—can then be brought under secure management with SIEM and extended detection and response (XDR) tools. “With the same view an attacker has, Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker,” Jakkal said in the blog post. The company did not immediately detail pricing for the product.Sentinel gets new SAP monitoring featuresMeanwhile, Microsoft Sentinel, the company’s cloud-native SIEM and SOAR (security orchestration, automation, and response) application, will offer support for SAP alerts. SAP ERP applications, which can be run from both on-premises and cloud infrastructure, are complex and may have risks such as privilege escalation and suspicious downloads. These can be monitored, detected, and responded to by new features being added to Microsoft Sentinel, the company said.The Microsoft Sentinel monitoring capabilities for SAP will be generally available with a six-month free promotion starting this month, and billing will start on February 1, 2023, as an add-on charge to the existing Microsoft Sentinel consumption-billing model, Microsoft said. Related content news analysis Cisco fixes vulnerabilities in Integrated Management Controller Cisco fixes high-risk flaws in the out-of-band management controller of multiple products By Lucian Constantin Apr 18, 2024 4 mins Threat and Vulnerability Management Vulnerabilities news UK law enforcement busts online phishing marketplace The coordinated takedown has infiltrated the fraud service and made several arrests based on data found on the platform. By Shweta Sharma Apr 18, 2024 4 mins Phishing Legal news Consolidation blamed for Change Healthcare ransomware attack United HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused. By John Leyden Apr 18, 2024 5 mins Ransomware Cyberattacks news Cisco announces AI-powered Hypershield for autonomous exploit patching in the cloud AI-based capability is part of Cisco’s Security Cloud platform for hyperscalers. By John Dunn Apr 18, 2024 4 mins Threat and Vulnerability Management Cloud Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe