Skip to main content
Microsoft Security

Microsoft announces new solutions for threat intelligence and attack surface management

Uncover adversaries with new Microsoft Defender threat intelligence products

The threat landscape is more sophisticated than ever and damages have soared—the Federal Bureau of Investigation’s 2021 IC3 report found that the cost of cybercrime now totals more than USD6.9 billion.1 To counter these threats, Microsoft is continuously aggregating signal and threat intelligence across the digital estate, which is enabling us to track threat actors much more closely and to better understand their behavior over time. Today, Microsoft tracks 35 ransomware families, and more than 250 unique nation-states, cybercriminals, and other threat actors. Our cloud also processes and analyzes more than 43 trillion security signals every single day. This massive amount of intelligence derived from our platform and products gives us unique insights to help protect customers from the inside out. In addition, our acquisition of RiskIQ just over a year ago, has allowed us to provide customers unique visibility into threat actor activity, behavior patterns, and targeting. They can also map their digital environment and infrastructure to view their organization as an attacker would. That outside-in view delivers even deeper insights to help organizations predict malicious activity and secure unmanaged resources.

Building on our vision to provide unmatched, actionable threat intelligence, we’re thrilled to announce two new security products that provide deeper context into threat actor activity and help organizations lock down their infrastructure and reduce their overall attack surface:

These new threat intelligence offerings expand our growing security portfolio, offer deeper insights into threat actors and their behaviors, and help security teams accelerate the identification and prioritization of risks. Keep reading for more detail on these solutions, as well as the new detection and response capabilities for SAP from Microsoft Sentinel. Plus, find out where you can see a live product demo of all of our threat intelligence products at Black Hat.

Unmask your adversaries with Microsoft Defender Threat Intelligence 

Today, any device connected to the internet is susceptible to vulnerabilities. Understanding the gaps that can lead to vulnerabilities is key to building resilience.

Microsoft Defender Threat Intelligence maps the internet every day, providing security teams with the necessary information to understand adversaries and their attack techniques. Customers can access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, and procedures (TTPs), and can see active updates within the portal as new information is distilled from Microsoft’s security signals and experts. Defender Threat Intelligence lifts the veil on the attacker and threat family behavior and helps security teams find, remove, and block hidden adversary tools within their organization.

This depth of threat intelligence is created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research teams. The volume, scale, and depth of intelligence is designed to empower security operations centers (SOCs) to understand the specific threats their organization faces and to harden their security posture accordingly. This intelligence also enhances the detection capabilities of Microsoft Sentinel and the family of Microsoft Defender products.

Microsoft recognizes the importance of working together as a security community to help protect the digital world from threats. As such, the existing free edition will continue to be available. And as we look ahead, we’re excited to continue our journey of innovation and integration. Look for more news later this year on the expanding capabilities of our portfolio.  

Microsoft Defender Threat Intelligence home screen featuring adversary articles for users to read.

Discover your vulnerabilities with Microsoft Defender External Attack Surface Management

Organizations need to see their business the way an attacker can so they can eliminate gaps and strengthen their security posture to help reduce the potential for attack. Many businesses have internet-facing assets they may not be aware of or have simply forgotten about. These are often created by shadow IT, mergers, and acquisitions, incomplete cataloging, business partners’ exposure, or simply rapid business growth. 

Microsoft Defender External Attack Surface Management scans the internet and its connections every day. This builds a complete catalog of a customer’s environment, discovering internet-facing resources—even the agentless and unmanaged assets. Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities. With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response (XDR) tools.  

Microsoft Defender External Attack Surface Management summary page featuring Attack Surface Summary and Attack Surface Priorities.

Protect business-critical information within SAP with Microsoft Sentinel 

In the spirit of continuous innovation and bringing as much of the environment under secure management as possible, we are proud to announce the new Microsoft Sentinel solution for SAP. Security teams can now monitor, detect, and respond to SAP alerts, such as privilege escalation and suspicious downloads, all from our cloud-native SIEM. Business-specific risks can be unique and complicated. With the Microsoft Sentinel solution for SAP, customers can build custom detections for the threats they face and reduce the risk of catastrophic interruption.

Learn more

To learn more about these products, join us at Black Hat USA and see live demos at the Microsoft Booth 2340 from August 10 to 11, 2022. You can also register now for the Stop Ransomware with Microsoft Security digital event on September 15, 2022, to watch in-depth demos of the latest threat intelligence technology.  

Explore our new solutions:

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Internet Crime Report 2021, Internet Crime Complaint Center, Federal Bureau of Investigation. 2021.