Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Today’s threat landscape is an unforgiving place. With 1,862 publicly disclosed data breaches in 2021, security teams are looking for new ways to work smarter, rather than harder.
With an ever-growing number of vulnerabilities and sophisticated threat vectors, security professionals are slowly turning to threat intelligence to develop insights into Tactics, Techniques and Procedures (TTPs) and exploits they can use to proactively harden their organization’s defenses against cybercriminals.
In fact, research shows that the number of organizations with dedicated threat intelligence teams has increased from 41.1% in 2019 to 47.0% in 2022.
Microsoft is one of the key providers capitalizing on this trend. Just over a year ago, it acquired cyberrisk intelligence provider RiskIQ. Today, Microsoft announced the release of two new products: Microsoft Defender Threat Intelligence (MDTI) and Microsoft External Attack Surface Management.
The former will provide enterprises with access to real-time threat intelligence updated on a daily basis, while the latter scans the internet to discover agentless and unmanaged internet-facing assets to provide a comprehensive view of the attack surface.
Using threat intelligence to navigate the security landscape
One of the consequences of living in a data-driven era is that organizations need to rely on third-party apps and services that they have little visibility over. This new attack surface, when combined with the vulnerabilities of the traditional on-site network, is very difficult to manage.
Threat intelligence helps organizations respond to threats in this environment because it provides a heads-up on the TTPs and exploits that threat actors use to gain entry to enterprise environments.
As Gartner explains, threat intelligence solutions aim “to provide or assist in the curation of information about the identities, motivations, characteristics and methods of threats, commonly referred to as tactics, techniques and procedures (TTPs).”
Security teams can leverage the insights obtained from threat intelligence to enhance their prevention and detection capabilities, increasing the effectiveness of processes including incident response, threat hunting and vulnerability management.
“MDTI maps the internet every day, forming a picture of every observed entity or resource and how they are connected. This daily analysis means changes in infrastructure and connections can be visualized,” said CVP of security, compliance, identity and privacy, Vasu Jakkal.
“Adversaries and their toolkits can effectively be ‘fingerprinted’ and the machines, IPs, domains and techniques used to attack targets can be monitored. MDTI possesses thousands of ‘articles’ detailing these threat groups and how they operate, as well as a wealth of historical data,” Jakkal said.
In short, the organization aims to equip security teams with the insights they need to enhance their security strategies and protect their attack surface across the Microsoft product ecosystem against malware and ransomware threats.
Evaluating the threat intelligence market
The announcement comes as the global threat intelligence market is steadily growing, with researchers expecting an increase from $11.6 billion in 2021 to reach a total of $15.8 billion by 2026.
One of Microsoft’s main competitors in the space is IBM, with X-Force Exchange, a threat-intelligence sharing platform, where security professionals can search or submit files to scan, and gain access to the threat intelligence submitted by other users. IBM recently announced raising revenue of $16.7 billion.
Another competitor is Anomali, with ThreatStream, an AI-powered threat intelligence management platform designed to automatically collect and process data across hundreds of threat sources. Anomali most recently raised $40 million in funding as part of a series D funding round in 2018.
Other competitors in the market include Palo Alto Networks‘ WildFire, ZeroFOX platform, and Mandiant Advantage Threat Intelligence.
Given the widespread adoption of Microsoft devices among enterprise users, the launch of a new threat intelligence service has the potential to help security teams against the biggest threats to the provider’s product ecosystem.