Microsoft has announced new File Hash and URL Search capabilities for its Microsoft Defender Threat Intelligence solution. It’s a top-requested feature that enables customers to get detailed insights about specific hashes or URLs identified within their enterprise network.
Microsoft Defender Threat Intelligence (Defender TI) is a cloud-based service that provides real-time data about threats and vulnerabilities across IT environments. It leverages machine learning and AI capabilities to identify patterns and anomalies and track malicious activities. The service integration with other security solutions to help organizations improve security posture and protect against sophisticated cyber attacks.
“Defender TI leverages Microsoft’s threat intelligence through static and dynamic analysis of files and URLs within and outside its ecosystem, providing comprehensive coverage of potential threats. The static study examines the file’s code without executing it, while dynamic analysis involves executing it in a controlled environment to observe its behavior,” Microsoft explained.
How Microsoft Defender’s URL and Hash Search Intelligence works?
Microsoft highlights that this dual approach lets the Defender TI tool to use static analysis techniques to detect and categorize potential threats. The service also uses dynamic analysis methods to identify and analyze the actual behavior.
For instance, IT admins can use the search bar to search any URL or hash value. They will be able to view the reputation score and basic details about the file hash or URL entities. Moreover, the Data tab shows threat intelligence data directly from the MDTI tool.
With the increasing incidence of cyberattacks, Microsoft emphasizes the importance of implementing robust security measures to safeguard sensitive data and business operations. The newly introduced security feature aims to assist IT admins in detecting potential threats and taking proactive measures to protect their organization.
Earlier this month, Microsoft announced new threat intelligence capabilities for its existing security solutions. A new Intel Profiles feature provides contextual information regarding threat actors, exploits, and infrastructure. Microsoft Defender TI API is now available to help security teams respond to potential threats at scale.