Microsoft’s New MDTI Premium Data Connector for Sentinel Boosts Threat Detection Capabilities

Published: Aug 21, 2024

Security

SHARE ARTICLE

Key Takeaways:

  • Microsoft’s new MDTI Premium data connector allows access to a vast repository of raw and finished intelligence to offer a broader view of potential security risks.
  • This new tool is integrated into the Unified Security Operations Platform and Microsoft Sentinel.
  • The MDTI Premium data connector’s dynamic incident enrichment feature allows security teams to scale their response efforts effectively.

Microsoft has introduced a new MDTI data connector within its Unified Security Operations Platform and standalone Sentinel experiences. This new tool advanced threat intelligence capabilities to help organizations analyze and address cyber threats more effectively.

Microsoft Defender Threat Intelligence (MDTI) is a service that provides detailed insights into cyber threats. It offers high-fidelity Indicators of Compromise (IoCs) to help security teams enhance their threat detection, investigation, and response capabilities.

Microsoft highlighted several use cases for the MDTI premium data connector in Sentinel. This tool allows for rapid threat detection by cross-referencing URLs, domains, and IPs with a constantly updated list of known bad indicators of compromise (IoCs). It also uses dynamic incident enrichment to help administrators manage and respond to security threats more effectively at scale.

Additionally, Security teams can leverage the initial IoCs to dig deeper into MDTI’s repository of raw and finished intelligence, including activity snapshots, articles, and Intel Profiles about actors tooling and vulnerabilities. Finished intelligence provides important information such as TTPs (tactics, techniques, and procedures), targeting information, and additional IoCs.

“Customers can also explore advanced internet data sets created by amass collection network that maps threat infrastructure across the internet every day to locate relationships between entities on the web to malicious infrastructure, tooling, and backdoors outside the network at incredible scale,” Microsoft explained.

Getting started with the MDTI Premium Data Connector for Sentinel

The MDTI premium data connector provides more detailed and reliable threat intelligence compared to the free version, enhancing security teams’ ability to detect and respond to cyberattacks. It includes IoCs related to over 300 hacking groups to offer a comprehensive and detailed view of potential threats. To access the MDTI premium data connector, organizations will need both an MDTI premium license and an API license.

Microsoft's New MDTI Premium Data Connector for Sentinel Boosts Threat Detection Capabilities
Searching on Aqua Blizzard (Image Credits: Microsoft)

The Unified Security Operations platform premium MDTI experience provides customers with a comprehensive understanding of potential threats. They can click on the Intel Profile to view detailed intelligence, data, and analysis related to specific threat actors.

Microsoft utilizes 78 trillion daily security signals to deliver comprehensive threat intelligence through MDTI. This capability ensures robust threat detection and remediation for Sentinel customers across multiple platforms. If you’re interested, you can learn more about the features of MDTI on Microsoft’s official website.

SHARE ARTICLE