Microsoft Adds Threat Intelligence, Proactive Hunting to Defender

The new Microsoft Defender offerings come as the company encourages partners to offer more security.

Jeffrey Schwartz

August 5, 2022

3 Min Read
Microsoft Adds Threat Intelligence, Proactive Hunting to Defender

Microsoft is expanding its threat protection capabilities with the launch of three additions to its Defender portfolio. The new threat intelligence tools, launched this week, come as Microsoft is persuading partners to provide more security services.

During last month’s Microsoft Inspire conference, officials emphasized that partners should offer Microsoft’s various security offerings for all their cybersecurity requirements. The company has stated that security products have become a $15 billion business and growing at a 40% rate.

The new offerings include Microsoft Defender Threat Intelligence, Microsoft Defender External Attack Surface Management and Microsoft Defender Experts for Hunting. All three draw on telemetry from Microsoft’s threat intelligence and cybercrime centers.

Vasu Jakkal (pictured above at the recent Microsoft Inspire), Microsoft’s corporate VP for security, compliance identity and management, noted that those operations now track 35 ransomware families, and more than 250 nation-states and criminals. Microsoft’s cloud analyzes more than 43 trillion security signals daily, according to Jakkal’s blog announcing the new Defender offerings.

“This massive amount of intelligence derived from our platform and products gives us unique insights to help protect customers from the inside out,” Jakkal wrote.

Microsoft’s acquisition of RiskIQ last year has helped expand visibility into threat actor activity, behavior patterns and targeting, she noted.

Security administrators “can also map their digital environment and infrastructure to view their organization as an attacker would,” Jakkal added. That outside-in view “delivers even deeper insights to help organizations predict malicious activity and secure unmanaged resources.”

Microsoft Defender Threat Intelligence

The new Microsoft Defender Threat Intelligence provides direct access to  security gathered from the Microsoft Defender family and Microsoft Sentinel security information and event management (SIEM) platform.

“Organizations can proactively hunt for threats more broadly in their environments, empower custom threat intelligence processes and investigations, and improve the performance of third-party security products,” Jakkal said.

The new Microsoft Threat Intelligence routinely scans the internet and provides threat intelligence with specific details. The details displayed in the Microsoft Threat Intelligence portal include threat actors by name, their tools, tactics and procedures (TTPs).

The added threat intelligence comes from RiskIQ’s security research teams Also, Defender Threat Intelligence draws from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender research teams.

According to Microsoft, the large volume of intelligence promises to embolden those who operate security operations centers (SOCs).

Microsoft Defender External Attack Surface Management

Microsoft Defender External Attack Surface Management gives security teams views of threats outside their firewalls. This view aims to help security teams discover potential points of entry that an attacker could exploit.

The tool builds a complete view of a customer organization by creating a catalog of the entire environment. It scans the internet to find resources, including agentless and unmanaged assets, to map out a potential attack surface.

Defender Experts for Hunting

Defender Experts for Hunting is for those who operate security operations centers (SOCs) but want to find threats proactively. It lets security professionals hunt for threats across endpoints, the Microsoft 365 software stack, SaaS applications and identities.

It includes an analysis tool to help determine threats’ scope and potential impact. A feature called Defender Experts notifications provides alerts in Microsoft 365 Defender. A reporting tool summarizes what threats the software found.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Jeffrey Schwartz or connect with him on LinkedIn.


Read more about:


About the Author(s)

Jeffrey Schwartz

Jeffrey Schwartz has covered the IT industry for nearly three decades, most recently as editor-in-chief of Redmond magazine and executive editor of Redmond Channel Partner. Prior to that, he held various editing and writing roles at CommunicationsWeek, InternetWeek and VARBusiness (now CRN) magazines, among other publications.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like