據The Register網站消息，微軟已在本月推出兩項新服務，允許企業安全運營中心 (SOC) 更廣泛地訪問該公司每天收集的大量威脅情報。

Microsoft says it will give enterprise security operation centers (SOCs) broader access to the massive amount of threat intelligence it collects every day.

Both services – defender thereat intelligence and defender external attack surface management (EASM) – use technologies that Microsoft inherited when it bought cybersecurity company riskIQ for $500 million in 2021. Microsoft endevors to protect enterprise systems through its own products and its Azure cloud security capabilities in large part by processing vast amounts of signal and threat intelligence.

The huge amount of "intelligence derived from our platform and products gives us unique insights to help protect customers from the inside out," Vasu Jakkal,?corporate vice president of security, compliance, identity, and management at Microsoft, wrote in a blog post announcing the new services.

? ? ? ? 微軟負責安全合規、身份和管理的?VP — Vasu Jakkal 在最新博文中宣布：

? ? ? ??得益于其自身強有力平臺搜集的大量情報及獨特洞察力，企業不僅能從中獲得有關威脅者活動、行為模式和目標的可靠預測，還可以映射企業的數字環境和基礎設施，以攻擊者的眼光看待他們的組織。

? ? ? ? 這種方式可以由外而內的方式提供更深入的洞察力，幫助企業預測惡意活動并保護未受管理的資源。

Defender Threat Intelligence 和 Defender External Attack Surface Management (EASM)兩項服務，使用了微軟在 2021 年以 5 億美元收購網絡安全公司 RiskIQ時繼承的技術。

Defender EASM服務讓企業以局外人的眼光看待自己的攻擊面，掃描互聯網及其連接，以創建其環境圖，并找到企業可能不知道但可被攻擊利用的面向互聯網的資源。

"In addition, our acquisition of RiskIQ just over a year ago, has allowed us to provide customers unique visibility into threat actor activity, behavior patterns, and targeting."

They also can "map their digital environment and infrastructure to view their organization as an attacker would. That outside-in view delivers even deeper insights to help organizations predict malicious activity and secure unmanaged resources."

據悉，微軟每天都會收集大量網絡威脅信息，其安全團隊跟蹤了35 個勒索軟件系列以及來自 250 多個國家和地區的網絡犯罪分子，其公共云每天處理和分析超過 43 萬億個安全信號。所有收集到信息會同步至供應商及其安全服務平臺，并提供實時威脅檢測。

隨著去年的收購，RiskIQ的收集和安全情報技術也并入微軟，通過檢測威脅和可疑活動以及補救漏洞來保護企業的攻擊面。它與微軟的云計算合作，也可用于其他公有云，包括亞馬遜網絡服務，并被企業內部服務所使用。

? ?Jakkal 認為：

? 有組織的完整視圖，企業將可以管理未知的資源、端點和資產，置于其安全信息和事件管理（SIEM）以及擴展檢測和響應（XDR）工具的安全管理范圍內來降低風險。

Threat groups、tools、and tactics

Microsoft pulls in a lot of cyberthreat information every day. Its security teams track 35 ransomware families as well as more than 250 nation-states, cybercriminals and other threats. The company's Azure public cloud daily processes and analyzes more than 43 trillion security signals. All this is used to inform the vendor and its security platform and services, including its Defender family and the Sentinel security information and event management (SIEM) service in Azure, with real-time threat detections.

RiskIQ came to Microsoft with technologies that collect and use security intelligence to protect an enterprise's attack surface by detecting threats and suspicious activity and remediating vulnerabilities. It worked with Microsoft in its cloud and was also available on other public clouds, including Amazon Web Services, and used by on-premises services as well.

The threat intelligence available through Microsoft Defender Threat Intelligence comes from the secure research teams that were once part of RiskIQ and now are integrated into Microsoft Threat Intelligence Center (MSTIC) – which tracks nation-state threats – and the Microsoft 365 Defender security groups. Through the new service, enterprise SOCs can access raw threat intelligence that provide details on threat groups, from their names to their tools and tactics.

The information is updated within a new portal as new information surfaces. The same intelligence is used for Sentinel and Defender products. The service "lifts the veil on the attacker and threat family behavior and helps security teams find, remove, and block hidden adversary tools within their organization," Jakkal wrote.

This is an important step by Microsoft, which has visibility into threats that other vendors can't match, according to Chris Gonsalves, chief research officer at Channelnomics.

"What Microsoft seems to recognize is that there's an analogy here to what we've been talking about with COVID and vaccines – the concept of herd immunity, that making the entire population healthier is good for everyone," Gonsalves told?The Register.

"It doesn't make a lot of sense for you to hoard information – indicators of compromise, information about bad actors, of potential targets. The more broadly you spread that information, the better the entire community becomes."

The Defender EASM service gives organizations an outsider's view to its own attack surface, scanning the internet and its connections to create a picture of its environments and find internet-facing resources that the enterprise may not know about but can be used by attacks. Companies essentially get to see what an attacker looks at when searching for vulnerabilities.

"With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response (XDR) tools," Jakkal wrote.

• Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ
• Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang
• Microsoft continues cyber security spending spree with Miburo buy
• British Airways fined millions for Magecart hack that exposed 400k folks' credit card details to crooks

This is another critical element given the rising importance of attack surface management, Channelnomic's Gonsalves said. Organizations need to know the holes in their security defenses. Those could be anything from a cloud instance on Amazon Web Services that a developer spun up but never closed to an unused or unknown social media account.

"The attack surface is a big, hairy threat, but anything that allows me to get a better handle on what that landscape looks like is a major plus," he said. "We need to know what our organizations look like from the outside. That's the heart of attack surface management."

Along with the two new services, Microsoft also said that enterprise security groups can now monitor and respond to SAP alerts, including detected privilege escalation and suspicious downloads, from their Sentinel SIEM.

資料來源：

Microsoft gives enterprises wider access to its threat intel ? The Register

泛聯新安

全球基礎軟件新力量

國內領先的開發支撐類、EDA類基礎軟件提供商。

以程序分析專家為核心能力定位，瞄準基礎軟件工具的國產化替代。

持續深耕智能程序分析、編譯器技術、軟件逆向分析、軟件漏洞挖掘、高性能程序仿真等底層技術方向。

軟件安全類測試產品矩陣，已形成覆蓋安全漏洞檢測、挖掘未知漏洞雙重防護，覆蓋開源組件和第三方軟件組件供應鏈安全的行業解決方案。

ValiantSec

For Better Code

總結

以上是生活随笔為你收集整理的微软新服务，允许企业扩大对其威胁情报库的访问权限的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。