Microsoft has launched two security services that aim to boost the intelligence capabilities of an organization’s security operations center (SOC) rather than solely protect devices.
Microsoft has launched Defender Threat Intelligence and Defender External Attack Surface Management (EASM) — two new products that merge technology Microsoft gained after acquiring security firm RiskIQ last July for $500 million.
There may appear to be some overlap between Microsoft’s existing services like its Azure-powered Sentinel security information and event management (SIEM) service and Microsoft Defender Experts for Hunting, a managed threat hunting service, and its Defender Experts for XDR, a managed extended detection and response (XDR) service.
But Microsoft says these RiskIQ-based threat intel service offerings differ in that they provide customers with “direct access to real-time data” from Microsoft’s security signals. Microsoft chief Satya Nadella last week said the firm receives 43 trillion security signals each day.
Besides signals, Microsoft says its new threat intel service is based on intel merged between RiskIQ, Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC, pronounced ‘Mystic’), and the Microsoft 365 Defender security research team.
Rob Lefferts, corporate VP of Microsoft Modern Protection and SOC unit tells ZDNet the threat intel service is about “connecting SOCs with Microsoft’s own researchers from MSTIC”.
Meanwhile, Microsoft Defender External Attack Surface Management is about “how do we make sure that you get to see the whole world the way that the attacker would,” says Lefferts.
“We’re gonna scan the internet and help you understand what do you present out on the public internet and what exposure does that mean for your company.”