Microsoft today added two new features to its Microsoft Defender security platform: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. These features are based on the company’s acquisition of RiskIQ and with this launch, Microsoft is now bringing some of RiskIQ’s core features to its own security platform (all while RiskIQ continues to operate its own services, too).
“Our mission is to build a safer world for all — and threat intelligence is [at] the heart of it,” Microsoft’s Vasu Jakkal told me. “If you don’t know what’s happening in the world around you, it’s very hard to understand what to do about it and how to act on it. Microsoft has the largest breadth and depth of threat signals today — we are tracking, as we just announced in our earnings, 43 trillion signals [each day] which we see from identities, from devices, from platforms, from email, collab tools.”
With Defender Threat Intelligence, Microsoft is using RiskIQ’s technology to scan the internet and provide additional data to the existing Defender real-time service to help security teams proactively secure their infrastructure. Microsoft, of course, already had a large signal map to power its Defender platform, but Jakkal noted that RiskIQ’s data not only helps enrich this existing dataset but also enables an additional layer on top of Defender that gives security teams a view of the entire attack chain.
“They can see the entire attack chain, they can act on it and then — combined with their own human intelligence — they can see where the attack is going and how to proactively prevent it,” Jakkal explained.
The service also provides users with a library of raw threat intelligence and analysis from Microsoft’s security experts, which in turn should help security teams find, remove and block adversary tools that may be hidden within their organization.
Meanwhile, the new external attack surface management service helps these security teams understand how a potential attacker sees their network. Like similar services, it provides security teams with a way to discover all of their resources and find those that are unknown and/or unmanaged. Most businesses that start using a service like this end up being surprised by how many internet-facing unmanaged assets they find.
“All organizations are asking the question: How secure am I? It’s such a simple question but it’s so hard to answer that question. Because the first point is, well, first we need to understand what’s happening in the world of threats. And we need to understand what that looks like. The second thing we need to understand is where our resources are,” Jakkal noted. With these new tools, Microsoft is giving security teams more data to work with to protect their networks and other assets.