微软新服务,允许企业扩大对其威胁情报库的访问权限
據(jù)The Register網(wǎng)站消息,微軟已在本月推出兩項(xiàng)新服務(wù),允許企業(yè)安全運(yùn)營(yíng)中心 (SOC) 更廣泛地訪問(wèn)該公司每天收集的大量威脅情報(bào)。
Microsoft says it will give enterprise security operation centers (SOCs) broader access to the massive amount of threat intelligence it collects every day.
Both services – defender thereat intelligence and defender external attack surface management (EASM) – use technologies that Microsoft inherited when it bought cybersecurity company riskIQ for $500 million in 2021. Microsoft endevors to protect enterprise systems through its own products and its Azure cloud security capabilities in large part by processing vast amounts of signal and threat intelligence.
The huge amount of "intelligence derived from our platform and products gives us unique insights to help protect customers from the inside out," Vasu Jakkal,?corporate vice president of security, compliance, identity, and management at Microsoft, wrote in a blog post announcing the new services.
? ? ? ? 微軟負(fù)責(zé)安全合規(guī)、身份和管理的?VP — Vasu Jakkal 在最新博文中宣布:
? ? ? ??得益于其自身強(qiáng)有力平臺(tái)搜集的大量情報(bào)及獨(dú)特洞察力,企業(yè)不僅能從中獲得有關(guān)威脅者活動(dòng)、行為模式和目標(biāo)的可靠預(yù)測(cè),還可以映射企業(yè)的數(shù)字環(huán)境和基礎(chǔ)設(shè)施,以攻擊者的眼光看待他們的組織。
? ? ? ? 這種方式可以由外而內(nèi)的方式提供更深入的洞察力,幫助企業(yè)預(yù)測(cè)惡意活動(dòng)并保護(hù)未受管理的資源。
Defender Threat Intelligence 和 Defender External Attack Surface Management (EASM)兩項(xiàng)服務(wù),使用了微軟在 2021 年以 5 億美元收購(gòu)網(wǎng)絡(luò)安全公司 RiskIQ時(shí)繼承的技術(shù)。
Defender EASM服務(wù)讓企業(yè)以局外人的眼光看待自己的攻擊面,掃描互聯(lián)網(wǎng)及其連接,以創(chuàng)建其環(huán)境圖,并找到企業(yè)可能不知道但可被攻擊利用的面向互聯(lián)網(wǎng)的資源。
"In addition, our acquisition of RiskIQ just over a year ago, has allowed us to provide customers unique visibility into threat actor activity, behavior patterns, and targeting."
They also can "map their digital environment and infrastructure to view their organization as an attacker would. That outside-in view delivers even deeper insights to help organizations predict malicious activity and secure unmanaged resources."
據(jù)悉,微軟每天都會(huì)收集大量網(wǎng)絡(luò)威脅信息,其安全團(tuán)隊(duì)跟蹤了35 個(gè)勒索軟件系列以及來(lái)自 250 多個(gè)國(guó)家和地區(qū)的網(wǎng)絡(luò)犯罪分子,其公共云每天處理和分析超過(guò) 43 萬(wàn)億個(gè)安全信號(hào)。所有收集到信息會(huì)同步至供應(yīng)商及其安全服務(wù)平臺(tái),并提供實(shí)時(shí)威脅檢測(cè)。
隨著去年的收購(gòu),RiskIQ的收集和安全情報(bào)技術(shù)也并入微軟,通過(guò)檢測(cè)威脅和可疑活動(dòng)以及補(bǔ)救漏洞來(lái)保護(hù)企業(yè)的攻擊面。它與微軟的云計(jì)算合作,也可用于其他公有云,包括亞馬遜網(wǎng)絡(luò)服務(wù),并被企業(yè)內(nèi)部服務(wù)所使用。
? ?Jakkal 認(rèn)為:
? 有組織的完整視圖,企業(yè)將可以管理未知的資源、端點(diǎn)和資產(chǎn),置于其安全信息和事件管理(SIEM)以及擴(kuò)展檢測(cè)和響應(yīng)(XDR)工具的安全管理范圍內(nèi)來(lái)降低風(fēng)險(xiǎn)。
Threat groups、tools、and tactics
Microsoft pulls in a lot of cyberthreat information every day. Its security teams track 35 ransomware families as well as more than 250 nation-states, cybercriminals and other threats. The company's Azure public cloud daily processes and analyzes more than 43 trillion security signals. All this is used to inform the vendor and its security platform and services, including its Defender family and the Sentinel security information and event management (SIEM) service in Azure, with real-time threat detections.
RiskIQ came to Microsoft with technologies that collect and use security intelligence to protect an enterprise's attack surface by detecting threats and suspicious activity and remediating vulnerabilities. It worked with Microsoft in its cloud and was also available on other public clouds, including Amazon Web Services, and used by on-premises services as well.
The threat intelligence available through Microsoft Defender Threat Intelligence comes from the secure research teams that were once part of RiskIQ and now are integrated into Microsoft Threat Intelligence Center (MSTIC) – which tracks nation-state threats – and the Microsoft 365 Defender security groups. Through the new service, enterprise SOCs can access raw threat intelligence that provide details on threat groups, from their names to their tools and tactics.
The information is updated within a new portal as new information surfaces. The same intelligence is used for Sentinel and Defender products. The service "lifts the veil on the attacker and threat family behavior and helps security teams find, remove, and block hidden adversary tools within their organization," Jakkal wrote.
This is an important step by Microsoft, which has visibility into threats that other vendors can't match, according to Chris Gonsalves, chief research officer at Channelnomics.
"What Microsoft seems to recognize is that there's an analogy here to what we've been talking about with COVID and vaccines – the concept of herd immunity, that making the entire population healthier is good for everyone," Gonsalves told?The Register.
"It doesn't make a lot of sense for you to hoard information – indicators of compromise, information about bad actors, of potential targets. The more broadly you spread that information, the better the entire community becomes."
The Defender EASM service gives organizations an outsider's view to its own attack surface, scanning the internet and its connections to create a picture of its environments and find internet-facing resources that the enterprise may not know about but can be used by attacks. Companies essentially get to see what an attacker looks at when searching for vulnerabilities.
"With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response (XDR) tools," Jakkal wrote.
- Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ
- Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang
- Microsoft continues cyber security spending spree with Miburo buy
- British Airways fined millions for Magecart hack that exposed 400k folks' credit card details to crooks
This is another critical element given the rising importance of attack surface management, Channelnomic's Gonsalves said. Organizations need to know the holes in their security defenses. Those could be anything from a cloud instance on Amazon Web Services that a developer spun up but never closed to an unused or unknown social media account.
"The attack surface is a big, hairy threat, but anything that allows me to get a better handle on what that landscape looks like is a major plus," he said. "We need to know what our organizations look like from the outside. That's the heart of attack surface management."
Along with the two new services, Microsoft also said that enterprise security groups can now monitor and respond to SAP alerts, including detected privilege escalation and suspicious downloads, from their Sentinel SIEM.
資料來(lái)源:
Microsoft gives enterprises wider access to its threat intel ? The Register
泛聯(lián)新安
全球基礎(chǔ)軟件新力量
國(guó)內(nèi)領(lǐng)先的開發(fā)支撐類、EDA類基礎(chǔ)軟件提供商。
以程序分析專家為核心能力定位,瞄準(zhǔn)基礎(chǔ)軟件工具的國(guó)產(chǎn)化替代。
持續(xù)深耕智能程序分析、編譯器技術(shù)、軟件逆向分析、軟件漏洞挖掘、高性能程序仿真等底層技術(shù)方向。
軟件安全類測(cè)試產(chǎn)品矩陣,已形成覆蓋安全漏洞檢測(cè)、挖掘未知漏洞雙重防護(hù),覆蓋開源組件和第三方軟件組件供應(yīng)鏈安全的行業(yè)解決方案。
ValiantSec
For Better Code
總結(jié)
以上是生活随笔為你收集整理的微软新服务,允许企业扩大对其威胁情报库的访问权限的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: WebView相关面试题
- 下一篇: [HW] OJ记录20题之二