Saturday, December 7, 2024
HomeCyber Security NewsMicrosoft Ignite New 360-Degree Details Attackers Tools & Methods

Microsoft Ignite New 360-Degree Details Attackers Tools & Methods

Published on

SIEM as a Service

A significant leap forward in cybersecurity was announced with the introduction of new threat intelligence (TI) capabilities in Security Copilot, aimed at giving organizations a comprehensive ‘360-degree’ view of attacker tools and methodologies.

These innovations promise to provide defenders with deeper insights into potential threats, making it easier than ever to detect and neutralize adversaries before they can cause harm.

New 360-degree Details Attackers Tools

Microsoft’s Security Copilot team has been working relentlessly to enhance its TI platform, and their latest developments offer unprecedented power to organizations seeking to stay ahead of attackers.

- Advertisement - SIEM as a Service

With the newly expanded threat intelligence capabilities, Security Copilot users can now build a more holistic view of threats by tapping into a vast array of TI sources.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

This includes better insights into attacker tooling, methodologies, and their potential impact on an organization’s security posture.

One of the key updates announced at Ignite 2024 is the general availability (GA) of Security Copilot’s ability to integrate a wide range of TI sources into a single, unified view.

This gives customers a more comprehensive understanding of both known and emerging threats, allowing for faster and more effective responses.

One of the most exciting new features is the public preview of MDTI indicator data, which introduces ten new skills that enhance the ability to link Indicators of Compromise (IoCs) to related threat intelligence.

This feature enables security analysts to access critical context around attacks, including connections to infrastructure, associated articles, and detailed information on attackers.

By using automated infrastructure chaining, analysts can now investigate relationships between different data sets more effectively.

This capability is invaluable for preemptive threat hunting, as it allows organizations to stay one step ahead of adversaries by uncovering new attacker tools and methodologies before they are fully deployed. The new skills harness two key categories of threat intelligence data:

  • In-depth Indicators Data: This feature links IoCs with all relevant threat intelligence in MDTI, including profiles, detonation data, and reputation analysis. This allows security teams to quickly understand the nature of an attack and respond more efficiently.
  • Indicators Metadata: By drawing from global internet data sets — including WHOIS, DNS, SSL certificates, and more — Security Copilot can map out the attacker’s infrastructure, enabling organizations to detect related activity and mitigate threats early.
The indicator has been linked to several IP addresses, two articles, and three intel profiles. Copilot has also pulled up its reputation, WHOIS, and passive DNS data.
The indicator has been linked to several IP addresses, two articles, and three intel profiles. Copilot has also pulled up its reputation, WHOIS, and passive DNS data.

Another major announcement was the GA expansion of Unified Vulnerability Intelligence within Security Copilot.

This enhancement integrates vulnerability and asset intelligence from Microsoft tools such as Microsoft Defender External Attack Surface Management (MDEASM), Defender Vulnerability Management (MDVM), and Threat Analytics.

The threat intelligence sidecar in Defender XDR showing the key details
The threat intelligence sidecar in Defender XDR shows the key details

Through this integration, customers gain a more complete view of vulnerabilities, including how they are being exploited by threat actors.

The unified view provides organizations with detailed information on exposed assets, risk prioritization, and remediation steps, allowing for quicker and more informed decision-making.

With these innovations, Microsoft is continuing to lead the charge in providing cutting-edge cybersecurity tools.

By processing 78 trillion security signals daily, Microsoft’s Security Copilot delivers world-class threat intelligence, offering unparalleled insights into the global threat landscape.

This ensures that organizations have the tools they need to detect and respond to threats with speed and precision, safeguarding their critical assets.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...