Microsoft Security Copilot Integration in Defender EASM

By Ashwin Venugopal -

 





Introduction

To offer an external picture of online infrastructure, Microsoft Defender External Attack Surface Management (Defender EASM) continuously finds and maps the digital attack surface. IT and security teams can use this visibility to prioritize risk, find unknowns, remove threats, and extend vulnerability and exposure control outside of the firewall. By examining vulnerability and infrastructure data, attack surface insights are produced that highlight the main issues facing a company. 

Defender EASM's integration of Microsoft Security Copilot (Security Copilot) facilitates interaction with attack surfaces identified by Microsoft. Companies can more rapidly comprehend their externally visible infrastructure and pertinent, essential dangers by identifying attack surfaces. This integration sheds light on particular risk areas, such as security hygiene, compliance, and vulnerabilities.

Key Features

The EASM Security Copilot integration can: 
  • Get a snapshot of your external attack surface and generate insights into potential risk- You can get a quick view of your external attack surface by analyzing internet-available information combined with the Defender EASM proprietary discovery algorithm. It provides an easy-to-understand natural language explanation of the organization's externally facing assets, such as hosts, domains, webpages, and IP addresses. It highlights the critical risks associated with each.

  • Prioritize remediation efforts based on asset risk and Common Vulnerabilities and Exposures (CVEs) list items- Defender EASM assists security teams in determining which assets and CVEs represent the highest risk in their  surroundings. It evaluates vulnerability and infrastructure information to highlight critical areas of concern, offering a clear explanation of risks and suggested actions. 

  • Use Security Copilot to surface insights- Security Copilot allows you to ask question in normal language and retrieve information about the attack surface of your company via Defender EASM. Query information such as the quantity of insecure Secure Sockets Layer (SSL) certificates, identified ports, and particular vulnerabilities that impact the attack surface.

  • Expedite attack surface curation- Utilize labels, external IDs, and state modifications for a collection of assets to create your attack surface using Security Copilot. Curation is accelerated by this procedure, allowing for quicker and more effective inventory organization. 

Enable Security Copilot Integration

  1. Access Security Copilot and ensure that your are authenticated. 
  2. Select the Security Copilot plugin icon on the upper-right side of the prompt input bar. 
  3. Under Microsoft, locate Defender External Attack Surface Management. Select On to connect. 
  4. If you want Security Copilot to pull data from your Defender EASM resource, select the gear icon to open the plugin settings. Enter or select values by using the values from your resource's Essentials section on the Overview pane.

Provide Feedback

Your feedback on Security Copilot in general and the Defense EASM plugin in particular is essential for directing the product's ongoing and future development. Using the feedback buttons at the bottom of each finished question is the best to give this feedback right within the product. It is advisable to choose "Looks right" when the outcome meets your expectations, "Needs improvement" when it doesn't, and "Inappropriate" when it is harmful. 

Conclusion

We have discussed main features of Microsoft Security Copilot Integration in Defender EASM.


























Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Deployment (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 3, please click  here Microsoft Sentinel Content Hub Content in Microsoft Sentinel includes any of the following types: Data connectors offer log ingestion from different sources into Microsoft Sentinel. Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios. Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users.  Analytics rules give alerts that point to relevant SOC actions via incidents.  Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel. Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks. Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.  Playbooks and Azure Logic Apps Custom Connectors provide featu...
Read more