Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Today’s threat landscape is an unforgiving place. With 1,862 publicly disclosed data breaches in 2021, security teams are looking for new ways to work smarter, rather than harder.
With an ever-growing number of vulnerabilities and sophisticated threat vectors, security professionals are slowly turning to threat intelligence to develop insights into Tactics, Techniques and Procedures (TTPs) and exploits they can use to proactively harden their organization’s defenses against cybercriminals.
Microsoft is one of the key providers capitalizing on this trend. Just over a year ago, it acquired cyberrisk intelligence provider RiskIQ. Today, Microsoft announced the release of two new products: Microsoft Defender Threat Intelligence and Microsoft External Attack Surface Management.
The former will provide enterprises with access to real-time threat intelligence updated on a daily basis, while the latter scans the internet to discover agentless and unmanaged internet-facing assets to provide a comprehensive view of the attack surface.
Using threat intelligence to navigate the security landscape
One of the consequences of living in a data driven era, is that organizations need to rely on third party apps and services that they have little visibility over. This new attack surface, when combined with the vulnerabilities of the traditional on-site network, is very difficult to manage.
Threat intelligence helps organizations to respond to threats in this environment because it provides a heads-up on the TTPs and exploits that threat actors use to gain entry to enterprise environments.
As Gartner explains, threat intelligence solutions aim “to provide or assist in the curation of information about the identities, motivations, characteristics and methods of threats, commonly referred to as tactics, techniques and procedures (TTPS).”
Security teams can leverage the insights obtained from threat intelligence to enhance their prevention and detection capabilities, increasing the effectiveness of processes including incident response, threat hunting and vulnerability management.
“MDTI maps the internet every day, forming a picture of every observed entity or resource and how they are connected. This daily analysis means changes in infrastructure and connections can be visualized. Adversaries and their toolkits can effectively be “fingerprinted” and the machines, IPs, domains, and techniques used to attack targets can be monitored,” said CVP of Security, Compliance, Identity and Privacy, Vasu Jakkal.
“Adversaries and their toolkits can effectively be “fingerprinted” and the machines, IPs, domains, and techniques used to attack targets can be monitored. MDTI possesses thousands of “articles” detailing these threat groups and how they operate as well as a wealth of historical data,” Jakkal said.
In short, the organization aims to equip security teams with the insights they need to enhance their security strategies and protect their attack surface across the Microsoft product ecosystem against malware and ransomware threats.
Evaluating the threat intelligence market
The announcement comes as the global threat intelligence market is steadily growing, with researchers expecting an increase from $11.6 billion in 2021 to reach a total of $15.8 billion by 2026.
One of Microsoft’s main competitors in the space is IBM with X-force Exchange, a threat intelligence sharing platform, where security professionals can search or submit files to scan, and gain access to the threat intelligence submitted by other users. IBM recently announced raising revenue of $16.7 billion.
Another competitor is Anomali with ThreatStream, an AI-powered threat intelligence management platform designed to automatically collect and process data across hundreds of threat sourdes. Anomali most recently raised $40 million in funding as part of a Series D funding round in 2018.
Given the widespread adoption of Microsoft devices among enterprise users, the launch of a new threat intelligence service has the potential to help security teams against the biggest threats to the provider’s product ecosystem.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.