Introducing new offerings for Microsoft Defender Security Services
Microsoft launched three new enterprise-grade security products on Tuesday.
The new products are Microsoft Defender Threat Intelligence, Microsoft Defender External Attack Surface Management and Microsoft Sentinel Solution for SAP. All are now in the “general availability” stage of commercialization and available for production use by organizations.
The general availability of products may seem surprising. Microsoft seems to have ignored the announcement of the first previews, although previews of the finished products are now available to the public.
Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management both grew out of Microsoft’s acquisition of RiskIQ, announced last year. RiskIQ was renowned at the time for assessing threats based on its enormous web analytics capabilities and offered complementary solutions to Microsoft’s own capabilities.
Microsoft Defender Threat Intelligence
Microsoft Defender Threat Intelligence is an enterprise service for organizations with security operations centers. It brings together “security signals” from Microsoft’s RiskIQ team, as well as the Microsoft Threat Intelligence Center and Microsoft 365 Defender security research teams.
These teams have different specialties, but in total they collect “more than 43 trillion signals” every day. They track “more than 35 ransomware families,” as well as “more than 250 nation states, cybercriminals, and other threat actors,” Microsoft said.
Microsoft uses its security intelligence in various products, but the Microsoft Defender Threat Intelligence product is supposed to provide “direct access to real-time data.”
Microsoft already offers a “Microsoft Threat Experts – Experts on Demand” service offering, where organizations can tap into the expertise of Microsoft’s security teams. This service would be “complementary” with the Microsoft Defender Threat Intelligence service, according to a spokesperson.
Organizations best use Microsoft Defender Threat Intelligence (MDTI) through its portal, or they can use it with a security information and event management (SIEM) solution, such as Microsoft Sentinel.
“MDTI works best when combined with SIEM + XDR tools to allow for deeper analysis and integration,” the spokesperson explained via email. “Threat intelligence can be shared across products and MDTI can even create IT-related incidents within Sentinel.”
Microsoft sells Microsoft Defender Threat Intelligence through its sales teams as a “standalone” product. “It’s not part of the E5 portfolio,” the spokesperson clarified.
A “fully functional” 30-day free trial of Microsoft Defender Threat Intelligence is available and there is also a “free community version with access to limited data and threat articles,” the spokesperson said.
Managing the Microsoft Defender External Attack Surface
Microsoft Defender External Attack Surface Management has been released. It promises to uncover vulnerabilities in Internet-connected software components used by organizations. It is an agentless scanning service that detects unmanaged components, sometimes referred to as “shadow IT” software.
Microsoft Defender External Attack Surface Management (MDEASM) is a subscription-based Microsoft Azure service that is billed daily per device, according to the spokesperson.
“MDEASM is an Azure service and billed based on the number of assets discovered and monitored,” the spokesperson explained.
Organizations access the Microsoft Defender External Attack Surface Management service through the Azure portal, but its management functionality also “requires a cloud security platform,” such as the Microsoft Defender for Cloud service.
Here is the characterization of the spokesperson for this purpose:
EASM is available in the Microsoft Azure portal and a customer’s subscription. It provides a comprehensive list of enterprise resources which can then be used in Defender for Cloud to bring them under management.
Microsoft is currently working to improve the use of the Microsoft Defender External Attack Surface Management service with SIEM and extended detection and response (XDR) tools.
“When the API and interflow integration becomes fully operational in the near future, this integration between SIEM + XDR will become much more powerful,” the spokesperson explained.
Microsoft offers a fully functional 30-day free trial of the Microsoft Defender External Attack Surface Management service. The service can be activated in the Azure portal.
Microsoft Sentinel Solution for SAP
The Microsoft Sentinel Solution for SAP service is also released. It allows organizations to monitor “all layers of the SAP system” and uncover possible “suspicious activities, including elevation of privileges, unauthorized changes, sensitive transactions, and suspicious data downloads,” according to the page. destination of Microsoft products.
The service works with SAP implementations hosted on Amazon Web Services, Google Cloud Platform, and Microsoft Azure, and it also works with SAP implementations hosted on an organization’s infrastructure. It uses an “SAP data connector” agent to collect log data for use in Microsoft Sentinel, according to the homepage:
The data connector is an agent, delivered as a Docker container, which is installed on a virtual machine, Kubernetes/AKS cluster or physical server and collects application logs from across the SAP system through the application interfaces SAP, NetWeaver RFC and SAPControl. The SAP data connector then sends these logs and data to Microsoft Sentinel for ongoing threat monitoring.
Microsoft is now offering a six-month free trial of the Microsoft Sentinel solution for SAP. It will begin billing for this service as a Microsoft Sentinel “add-on” product starting “February 1, 2023”.
Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.