View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 6, 2019

Microsoft Extends Threat Hunting Offering to Servers

"Intelligent data cloud analysis of signals from the past 30 days"

By CBR Staff Writer

Microsoft is extending its inbuilt vulnerability assessment capabilities to cover Windows Servers 2008 R2, 2012 R2, 2016, and 2019, in a public preview launching this month, building out a Threat and Vulnerability Management (TVM) offering already available for system admins overseeing desktops running Windows 10

The release will mean customers can find and fix Windows server vulnerabilities across the entire stack, including OS components, Microsoft apps, and even third-party software, Microsoft said; one of a series of well-received security enhancements revealed at its Ignite conference in Florida this week.

Microsoft describes it as “the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM).”

Among the other previews: Microsoft App Guard in Office, which opens attachments in a micro-virtual machine (VM). Rob Lefferts, Corporate VP, Microsoft Security, said: “You will be able to open an untrusted Word, Excel, or PowerPoint file in a virtualized container. View, print, edit, and save changes to untrusted Office documents—all while benefiting from that same hardware-level security.

https://twitter.com/dcuthbert/status/1191899622303625216

He added in a blogpost Monday: “If the untrusted file is malicious, the attack is contained and the host machine untouched. A new container is created every time you log in, providing a clean start as well as peace of mind.”

The technology is similar to what cybersecurity vendor Bromium (recently acquired by partner HP) has been promoting for many years. With potentially malicious attachments opened in a VM, the malware is effectively trapped in a sandbox from within which it can, in theory, do no damage.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Read this: Is It Finally Bromium’s Hour?

In its threat hunting offering, Microsoft has added four new data schemata, Vulnerability, Software, Recommendation and Score to help customers initiate advanced hunting queries that focus on misconfigurations and vulnerabilities, for example unpatched CVEs.

The move comes as software providers increasingly look to ramp up the breadth of their threat hunting and CVE patching capabilities, with Red Hat earlier this year also broadening the scope of its patching service.

Read this: Red Hat Adds Support for Live Kernel Patching

Tomer Teller principal security Lead of threat & vulnerability management at Microsoft wrote in a blog that: “Rich vulnerability data can now be queried through advanced hunting capabilities, providing customers extensive flexibility in slicing and dicing vulnerability and misconfiguration data.”

Initiate Remediation With One-Click

The Redmond firm’s TVM defence component lets users to open tickets and initiate remediation with one-click that works through the Microsoft Intune management tool.

This new integration has also been expanded so it has functionality with ServiceNow, an IT services management tool. Teams using ServiceNow can mitigate risks directly from Microsoft Defender Security Center.

Microsoft Defender ATP

Credit: Microsoft

Teller comments that: “Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and Vulnerability Management already does this for Windows 10 endpoints today, but when it comes to vulnerability detection and remediation, servers are just as important.”

Microsoft Defender ATP Automation

Also rolled out with the new features is the ability for administrators to set role-based access controls for teams that are involved with vulnerability management. As Teller notes: “With Microsoft Defender ATP we provide all security teams across the organization with a single console for better correlation and insights. This comes with the need to allow individual teams to only see certain data or perform certain tasks.”

Microsoft Defender ATP

Credit: Microsoft

“This new addition provides you maximum flexibility to create SecOps-oriented roles, TVM-oriented roles, or hybrid roles so only authorized users are accessing specific data to perform their task.”

See Also: Red Hat Adds Support for Live Kernel Patching

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU