Microsoft has indicated it will be offering access to data that its own, in-house cybersecurity experts view and use. Businesses with established Enterprise Security Operation Centers (SOCs) will be able to protect themselves better through this.
Microsoft has introduced two new services this week. Defender Threat Intelligence and Defender External Attack Surface Management (EASM) are based on technologies that cybersecurity company RiskIQ developed. Microsoft acquired the company for $500 million last year and has since been incorporating new technologies within its products.
Microsoft also published a blog post explaining how and why it will share the massive amount of threat intelligence it collects every day:
[The huge amount of] intelligence derived from our platform and products gives us unique insights to help protect customers from the inside out. In addition, our acquisition of RiskIQ just over a year ago, has allowed us to provide customers unique visibility into threat actor activity, behavior patterns, and targeting.
[SOCs can] map their digital environment and infrastructure to view their organization as an attacker would. That outside-in view delivers even deeper insights to help organizations predict malicious activity and secure unmanaged resources.
Microsoft's own enterprise-grade security solutions, including Azure cloud security capabilities, absorb vast amounts of attack vectors, suspicious code and signals, and threat intelligence. In fact, the company claims that it actively tracks 35 ransomware families as well as 250+ nation-states, cyber-criminals, and other threats.
Azure public cloud alone processes and analyzes more than 43 trillion security signals per day, claimed Microsoft. This information helps improve the Microsoft Defender line of antivirus and anti-malware products. Additionally, the Sentinel Security Information and Event Management (SIEM) service in Azure routinely gets better at detecting threats in real-time.
The threat intelligence available through Microsoft Defender Threat Intelligence has been integrated into Microsoft Threat Intelligence Center (MSTIC), Sentinel, as well as the Microsoft 365 Defender security products. Moving forward, enterprise SOCs should be able to access this raw threat intelligence that Microsoft feeds into the aforementioned products.
SOCs will have dynamic access to details on threat groups. Key pieces of information should include the names of threat groups and their preferred tools as well as commonly deployed tactics. Microsoft will continually update available information within a new portal.
Microsoft has active and dynamic visibility into threats; an advantage that few other security product makers or vendors can match. The company is now opening up access to data that would obviously help companies better shield themselves. This, in turn, could prove instrumental in minimizing the scope, spread, and impact of viruses, rootkits, malware, and other threats.
Via: The Register