Microsoft goes all out with threat intelligence and introduces two new products

Microsoft goes all out with threat intelligence and introduces two new products ...

The threat landscape of today is a torturous place. With 1,862 publicly disclosed data breaches in 2021, security teams are looking for new strategies to work smarter rather than harder.

Security professionals are slowly turning to threat intelligence to discover insights into tactic, techniques, and procedures (TTPs), and exploits they can exploit to strengthen their defenses against cybercriminals.

In fact, research shows that the number of organizations with dedicated threat intelligence teams has increased from 41.1% in 2019 to 47.0% in 2022.

Microsoft is one of the few major players to capitalize on this trend. Just over a year ago, it acquired RiskIQ, a cyberrisk intelligence company. Today, Microsoft announced the release of two new products: Microsoft Defender Threat Intelligence (MDTI) and Microsoft External Attack Surface Management.

The former will enable enterprises to access daily real-time threat intelligence, while the latter analyzes the internet to discover agentless and unmanaged internet-facing assets to provide a complete view of the attack surface.

Using threat intelligence to navigate the security landscape

One of the hazards of living in a data-driven era is that companies must rely on third-party applications and services that they have little visibility over. When combined with the vulnerabilities of the traditional on-site network, this new threat surface is difficult to manage.

Threat intelligence helps organizations respond to threats in this environment because it provides a heads-up on the TTPs and exploits that threat actors exploit to gain entry to enterprise environments.

Threat intelligence solutions aim to assist or provide information about threats' identities, motivations, characteristics, and methods, commonly referred to as tactics, techniques, and procedures (TTPs), according to Gartner.

Security teams may leverage threat intelligence findings to enhance their prevention and detection abilities, increasing the effectiveness of processes, including incident response, threat hunting, and vulnerability management.

Every day, MDTI maps the internet, showing a picture of every observed entity or resource and how they are connected. Changes in infrastructure and connections can be visualized, according to Vasu Jakkal, the CVP of security, compliance, identity, and privacy.

Adversaries and their toolkits can be identified easily, and the machines, IPs, domains, and techniques used to target individuals can be monitored, according to MDTI. Thousands of articles detail these threat groups and how they operate, as well as a wealth of historical data.

Basically, the organization aims to provide security teams with the knowledge they need to enhance their security strategies and protect their attack surface across the Microsoft product ecosystem from malware and ransomware threats.

Evaluating the threat intelligence market

The announcement comes at a time when the global threat intelligence market is steadily expanding, with researchers anticipating an increase from $11.6 billion in 2021 to a total of $15.8 billion by 2026.

IBM is one of Microsoft's main competitors in the cybersecurity space, with X-Force Exchange, a threat-intelligence sharing platform, where security professionals can search or submit files to be examined and have access to the threat intelligence provided by other users. IBM has announced recently that it has increased its revenue by $16.7 billion.

Anomali is a competitor in the threat intelligence management platform ThreatStream, which was developed by AI to automatically collect and process data from hundreds of threat sources. Anomali was the most recently funded by a series D round in 2018.

Palo Alto Networks' WildFire, ZeroFOX platform, and Mandiant Advantage Threat Intelligence are some of the most well-known competitors in the market.

The launch of a new threat intelligence service has the potential to assist security teams in overcoming the greatest threats to the providers' product ecosystem given the wide adoption of Microsoft devices among enterprise users.

You may also like: