Earlier this week Microsoft announced the new Exposure Management capability within Microsoft Defender. This new tool will enable customers integrate security tools into a single pane of glass view providing posture, data and insights across there entire attack surface. So what is it exactly and how does it fit?
So what is Continuous Threat Exposure Management (CTEM) exactly?
CTEM is a strategic approach to cybersecurity that incorporates constant, real-time monitoring and management of an organisation's vulnerability to threats. It is a proactive and continuous five-stage program or framework that helps organisation's monitor, evaluate, and reduce their level of exploitability and validate that their analysis and remediation processes are optimal. Organisations worldwide are leveraging CTEM to efficiently address exposures and improve their security posture.
Further reading can be found here
What is Microsoft Exposure Management?
Microsoft Security Exposure Management is a cybersecurity solution that helps organisation's identify critical assets, reduce attack surfaces, and gain insights into their overall assets. It also provides proactive measures to prevent potential threats. This solution is part of Microsoft's unified security operations platform and centralises content from existing vulnerability management, posture management, and exposure management solutions.
As you can tell above that's a pretty AI driven block of text, but its 100% correct. Security Exposure Management is for all intensive purposes a single pane of glass that provides stats and insights into your Microsoft ecosystem setup and where you should focus your resources and efforts based on its reporting.
From a high level view point, it looks like this
It unites the entire Microsoft ecosystem together giving you complete oversight over each product and domain across your environment.
Why is this a game changer?
Traditionally in the past vulnerability management efforts have been targeted using a "what's my highest CVSS rated thing, so we can patch that first". With CTEM and Microsoft Exposure Management becoming available, you are able to target software vulnerabilities and security control misconfigurations from a environmental view point. Sooo what does that mean exactly.....think of it like this, I have two vulnerabilities one has CVSS 9.0 and the other has a CVSS of 7.0. The CVSS 7.0 is sitting on an externally facing machine vs the CVSS 9.0 which is protected by a network edge service like Zscaler for example. Which one would you want to patch first? With Exposure Management it provides the ability for security teams to prioritise there patching based on environment context. Just because you have a vulnerability of CVSS 9.0 internally that it should be prioritised over a vulnerability that's CVSS 7.0
With Exposure management, the entire Microsoft security stack is brought together under a single viewpoint providing a cohesive view of security posture data that's often siloed, usually by different products etc. With this feature it will provide increased visibility to proactively identify and prevent threats against your organisation.
Where can i learn more?
Stay tuned, over the next few weeks as i continue to add content in this space
Comentários