{"id":6374,"date":"2024-11-22T07:25:42","date_gmt":"2024-11-22T13:25:42","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud-security\/microsoft-highlights-security-exposure-management-ignite"},"modified":"2024-11-22T07:25:42","modified_gmt":"2024-11-22T13:25:42","slug":"microsoft-highlights-security-exposure-management-at-ignite","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/22\/microsoft-highlights-security-exposure-management-at-ignite\/","title":{"rendered":"Microsoft Highlights Security Exposure Management at Ignite"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Microsoft is the latest big name to add continuous threat exposure management (CTEM) to its formidable security portfolio with the release of its new Microsoft Security Exposure Management offering. Microsoft made the announcement at its annual Microsoft Ignite conference this week.<\/span><\/p>\n

Security experts describe CTEM, or proactive exposure management, as a programmatic and unified approach to detecting and mitigating threats. Gartner <\/span>predicts that by 2026<\/a><\/span>, organizations that embrace CTEM will see two-thirds fewer breaches.<\/span><\/p>\n

Enterprise Strategy Group principal analyst Tyler Shields describes exposure management as the next iteration of vulnerability management.<\/span><\/p>\n

“It’s centered on the overlap of continuous asset discovery and management, threat and exposure analysis and vulnerability discovery,” Shields says. “If you can understand the assets you have, the state they are in, the vulnerabilities that exist, and the active threats against them, you are all prepared to secure your environment.”<\/span><\/p>\n

Microsoft initially introduced Security Exposure Management in March as a technical preview. It is now available in the <\/span>Microsoft Defender portal<\/a><\/span>, included with its E5 licenses, and as an option for various other Microsoft 365 licenses.<\/span><\/p>\n

Unified Views of Attack Surfaces<\/h2>\n

With its entry, Microsoft seeks to enable defenders to prevent successful attacks by providing comprehensive and unified views of their organizations’ broad attack surfaces, allowing them to take a more proactive approach to identifying and mitigating threats.<\/span><\/p>\n

“Exposure management is critical for enabling teams to understand the posture of the organization, and it helps security teams see all the potential attack paths to critical assets as if they were looking through it, through the eyes of the attacker,” Vasu Jakkal, Microsoft’s corporate VP for compliance, identity management, said during the opening session of Ignite, which took place in Chicago.<\/span><\/p>\n

The tooling is designed to identify attack paths and evaluate vulnerabilities in the context of an organization’s critical assets in a much more proactive and expansive manner than traditional vulnerability and threat detection offerings. Security Exposure Management uses Microsoft’s new <\/span>exposure graph APIs<\/a><\/span> to identify attack paths and evaluate vulnerabilities in the context of critical assets.<\/span><\/p>\n

Analysts say Microsoft’s entry is poised to reshape the competitive environment of exposure management solutions now offered by Cisco\/Splunk, CrowdStrike, Palo Alto Networks Rapid7, Tenable, Trend Micro and Wiz, as well as various others that provide more specialized capabilities.<\/span><\/p>\n

“Exposure management is becoming an incredibly competitive market, and Microsoft is demonstrating that it wants to be a leader in this space,” says Omdia principal analyst Andrew Braunberg.<\/span><\/p>\n

Adds Forrester senior analyst Erik Nost, since Microsoft is initially allowing access to exposure management through a variety of licensing options, customers will have widespread access to insights.<\/span><\/p>\n

“The data Microsoft possesses on existing customer environments without needing to ingest third-party data is the biggest opportunity for Microsoft to set it apart from competitors,” Nost says. “Microsoft is building a platform that integrates a very broad set of security posture management telemetry.”<\/span><\/p>\n

Building an Ecosystem of External Connections<\/h2>\n

While the initial release is available and included with various Microsoft 365 and Microsoft Defender licenses and will ingest telemetry from those offerings, Microsoft announced it will enable integration with competing external third-party tools, including Qualys, Rapid7, Tenable and ServiceNow’s CMDB.<\/span><\/p>\n

Microsoft released public preview versions of its third-party connectors, slated to become generally available next quarter.<\/span><\/p>\n

Microsoft product director Brjann Brekkan said during a session on security exposure management at Ignite that unlike Microsoft telemetry, which customers can ingest at no additional cost, they will incur charges to gather data from external sources.<\/span><\/p>\n

“We don’t own that data,” Brekkan explained. “We need to charge a little bit of cost to bring that third-party signal in, to attach those new data points from those services as well. But this is there for you to unify your data.”<\/span><\/p>\n

Microsoft Security Exposure Management collects data through these connectors and normalizes it through its <\/span>exposure graph<\/a><\/span>, which maps relationships and exposes new attack paths. In a <\/span>blog post<\/a><\/span>, Brekkan claimed this provides “comprehensive attack surface visibility.”<\/span><\/p>\n

Microsoft exposure management also provides insights on the most critical assets, Internet exposure, and context related to business applications incorporated from the connected tools. Customers can view the integrated data can be visualized through the Attack Map tool or analyzed using advanced hunting queries via <\/span>KQL (Kusto Query Language)<\/a><\/span>, Microsoft’s Azure-based tool designed to identify anomalies in large data sets.<\/span><\/p>\n

The offering now consists of three primary tools:<\/span><\/p>\n

\n