Microsoft Releases Security Tools for Threat Intelligence and Redteaming

Microsoft is releasing two new products for businesses to protect against cyber threats. Defender Threat Intelligence provides data on known attackers and their patterns. Defender External Attack Surface Management is a tool that identifies vulnerabilities.

Microsoft presents the new products next week at the BlackHat security conference in Las Vegas. Defender Threat Intelligence is a tool that allows security teams in a company to access data that Microsoft collects about known cybercrime incidents. It is a raw data library that sorts gangs and known threat actors, allowing users to see which tools, tactics and procedures they are using. This way they can see if there is a match with what they see in their own network.

For example, if attackers invariably use the same three tools, a security officer can use the data to see whether those three tools have also recently been used in the company network. Such a function was already present in the existing Defender products and in Microsoft Sentinel, but now for the first time it concerns data that is updated in real time and the tool can be used independently.

A second tool that the company is releasing is the redteam-like Defender External Attack Surface Management. This tool scans a company’s network and connections and uses it to build a portfolio of a user’s network environment. In this way, system administrators gain a better insight into the endpoints and devices that are accessible from outside, which they may not have seen themselves. The goal is to look at that specifically from an outsider’s perspective, in order to show what a network looks like to an attacker. The results can be combined in security information and event management or in extended detection and response tools.