2 min Security

Microsoft gives enterprise SOCs more access to threat intelligence data

Microsoft gives enterprise SOCs more access to threat intelligence data

Microsoft unveiled two new solutions that give SOCs more access to the threat intelligence data that Microsoft collects on a daily basis. In this way, organizations can better protect themselves and have the same data at their disposal as Microsoft cybersecurity experts.

Earlier this week, Microsoft introduced Microsoft Defender Experts for Hunting. The managed service provides better protection for Microsoft 365 based on all the threat intelligence data collected by the company. Organizations with their own SOC prefer to do this in-house, but can now access data collected by Microsoft. To this end, Microsoft presented the Defender Threat Intelligence and Defender External Attack Surface Management (EASM) solutions.

Both solutions use technology that Microsoft obtained with the acquisition of RiskIQ in 2021. Microsoft protects the Azure cloud and other enterprise solutions through large amounts of data and threat intelligence. By sharing this data, solutions can be better protected.

With the acquisition of RiskIQ last year, we now have the ability to show customers where they’re vulnerable and where malicious activity occurs. We can also better map and detect malicious behaviour. Furthermore, EASM offers another interesting solution that allows us to map the digital environment and infrastructure and show it as an attacker sees it. This often leads to new insights, allowing organizations to better protect themselves.

Amount of data

As mentioned above, Microsoft collects large amounts of threat intelligence data. Microsoft’s security team actively tracks 35 different ransomware families and more than 250 cybercriminals that may or may not be linked to certain governments. The Azure cloud processes and analyzes 43 trillion security signals daily. These are used to inform vendors and all security platforms. Platforms include the Defender family, the Sentinel security information and event management (SIEM) service in Azure and the two new solutions for SOCs.

RiskIQ helped Microsoft a great deal in the security field

Ultimately, the RiskIQ acquisition worked out very well for Microsoft. The company had excellent technology for using threat data, providing better protection and solving security gaps. Furthermore, RiskIQ had its own security teams that are now integrated with Microsoft’s and add value to all kinds of Microsoft security solutions. Also, because of the acquisition, it’s now possible to share data with the SOCs of other organizations. This is done via the Microsoft Defender Threat Intelligence solution.