Microsoft announces Security Exposure Management

Microsoft Security Exposure Management is a security solution that provides a unified view of security posture across company assets and workloads. Security Exposure Management enriches asset information with security context that helps you to manage attack surfaces, protect critical assets, and explore and mitigate exposure risk.

From a personal perspective this is going to change a lot in the security business!

It is enabled in the Microsoft Defender XDR portal (https://security.microsoft.com)

Security Exposure Management is currently in public preview.

View attack surface map, this is bloodhound on steroids!

Microsoft is leading the next chapter of attack surface management so organizations can proactively improve their posture and reduce their exposure, faster than attackers are able to exploit them.

Microsoft Security Exposure Management is in Public preview and empowers organizations to:

  • Build an effective exposure management program with a continuous threat exposure management (CTEM) process.
  • Reduce risk with a clear view of every asset and real-time assessment of potential exposures both inside-out and outside-in.
  • Identify and classify critical assets, ensuring they are protected against a wide variety of threats.
  • Discover and visualize potential adversary intrusion paths, including lateral movement, to proactively identify and stop attacker activity.
  • Communicate exposure risk to business leaders and stakeholders with clear KPIs and actionable insights.
  • Enhance exposure analysis and remediation by integrating with third-party data sources and tools

The new foundational capabilities for a exposure management program is

  • Attack Surface Management: Provides a comprehensive view of the entire attack surface, allowing the exploration of assets and their relationships.
  • Attack Path Analysis: Assists security teams in visualizing and prioritizing attack paths and risks across environments, enabling focused remediation efforts to reduce exposure and breach likelihood.
  • Unified Exposure Insights: Provides decision-makers with a consolidated, clear view of an organization’s threat exposure, facilitating security teams in addressing critical questions about security posture.

Current seamless integrations are

  • Vulnerability Management (VRM)
    • Microsoft Defender Vulnerability Management (MDVM)
    • Qualys Vulnerability Management (Preview)
    • Rapid7 Vulnerability Management (Preview)
  • External Attack Surface Management (EASM)
    • Microsoft Defender External Attack Surface Management
  • Cloud Security (CSPM)
    • Microsoft Defender Cloud Security Posture Management (CSPM)
  • Endpoint Security (Device Security Posture)
    • Microsoft Defender for Endpoint (MDE) 
  • Identity Security (ISPM)
    • Microsoft Defender for Identity (MDI) 
    • Microsoft Entra ID (Free, P1, P2)
  • SaaS Security Posture (SSPM)
  • Email Security
    • Microsoft Defender for Office (MDO)
  • OT/IOT Security
    • Microsoft Defender for IOT
  • Asset & Configuration Management
    • ServiceNow CMDB (Preview)

Identifying and resolving attack paths

Who uses Security exposure management?

  • Security and compliance admins responsible for maintaining and improving organizational security posture.
  • Security operations (SecOps) and partner teams who need visibility into data and workloads across organizational silos to effectively detect, investigate, and mitigate security threats.
  • Security architects responsible for solving systematic issues in overall security posture.
  • Chief Security Information Officers (CISOs) and security decision makers who need insights into organizational attack surfaces and exposure in order to understand security risk within organizational risk frameworks.

As always, provide feedback

Happy Hunting!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.