As we all know generative AI is at the top of every business’ mind, except one thing folks aren’t thinking about is that it’s at the top of the mind of the threat actors as well. Today’s blog post will review the latest enhancements in Defender XDR coming out of Microsoft Ignite.
Microsoft has made it very obvious that they are committed to empowering organizations to rise above the latest threats in today’s technological landscape by having their customers utilize Defender XDR. Here is a snapshot of what is new:
Prevention: Proactive Defense Starts Here
Attackers are always exploiting vulnerabilities by combining them into sophisticated attack paths. This makes continuous posture management critical to your organization’s protection. Bringing Microsoft Security Exposure Management into Defender XDR and making it Generally Available, this solution utilizes data from the Microsoft Graph to determine and map the relationships between your assets, data, and entry points. These prevention insights now able to be integrated with your asset criticality information allowing for the mapping of the attack path to other high value assets within your investigation view.
Detection and Protection: AI Meets Cybersecurity
We are seeing more and more that threat adversaries are utilizing generative AI more and more to create highly convincing phishing attacks. To better protect against this Defender for Office 365 is now leveraging Large Language Models to analyze and defend against these attacks. Defender for Office 365 will determine language and attacker intent at machine speed – keeping our inboxes cleaner and passing new levels of insight to our SOC teams.
Integrations with Insider Risk Management
Now, as announced earlier this year, Microsoft Defender for Endpoint and Insider Risk Management are integrated. This allows better telemetry between the platforms and allows for complete alert context when investigating events.
Response: Disrupting Attacks Before They Begin
Microsoft has made significant investments into detecting the attack patterns, tools, and language that threat actors have historically used. With all of this investment Microsoft has integrated these insights into their most powerful response capability in the Defender XDR suite, automatic attack disruption. This enables Defender XDR to now prevent advanced attacks before an attack even happens.
To combat the ever evolving nature of manually updating threat models, Microsoft has created a new capability called Threat Intelligence Tracking via Adaptive Networks (TITAN). TITAN runs in the background of Microsoft Defender XDR and will automatically block threat adversaries networks before they can be used in large-scale attacks. TITAN uses AI to analyze relationships of devices, apps, and networks and the active incidents in the Microsoft XDR portals and will make real-time decisions on blocking infrastructure associated with threat actors.
TITAN was used to find a real world attack which used Malicious OAuth Apps to gain access to emails and send messages internally and externally. Once identified, it also found there were 26 similar incidents, across 21 organizations, which then enabled Defender XDR to confidently clean up the OAuth apps wherever it was detected before. This stopped the threat actors in some of the environments from even performing their actions.
Unified Platform: Simplified Security Operations
As we all know, security agents on devices can lead to administrative overhead, delays in adopting tools, and additional complexity in configuration. Well Defender for Identity is now integrated with Defender for Endpoint, meaning you will have one less agent to deploy. Now, if you are onboarding to Defender for Endpoint, you will also be onboarded to Defender for Identity. This now means that this single agent will provide protection and telemetry across endpoints, OT Devices, DLP, and identities.
Be sure to continue to follow along as Ignite continues and we will bring you even more updates!
