Microsoft has released a new threat-informed security posture recommendations feature for Microsoft 365 Defender. This capability provides recommendations to help IT admins bolster their security posture and block repetitive cyberattacks.
“Bringing posture recommendations available via Microsoft Secure Score into the threat analytics and incident views, Microsoft 365 Defender now maps the techniques used by the attacker to the vulnerabilities or misconfigurations that led to the breach. This gives security analysts the information within the context of an incident and helps implement a prioritized and threat-driven security posture plan,” said Israel Cohen, Senior PM for Microsoft 365 Defender.
Microsoft 365 Defender first researches and analyzes techniques used in previous attacks against the organization. Once done, the tool automatically maps the miscreants’ techniques to the company’s security posture. The mapping process is done based on the information available in the threat analytics report.
Microsoft explained that the new feature also helps IT admins understand their resilience against security threats. Then, navigate to the Threat analytics section available in the Microsoft 365 Defender. From there, administrators can track the severity of exploited misconfigurations and affected assets for each threat. It’s possible to view and take action based on recommended actions directly within an incident or threat analytics page in Microsoft 365 Defender.
Microsoft says that IT admins will need to enable the preview features in Microsoft 365 Defender to use threat-informed security posture recommendations. The feature should help enterprise customers to gain deeper insights into the impact of misconfigurations and determine solutions to address them.