Today, we are excited to announce that predictive vulnerability management
platform, DeepSurface,
has integrated across our threat and vulnerability management capabilities in
Microsoft Defender for Endpoint. Now, Microsoft Defender for Endpoint customers
can import vulnerability information across Microsoft, Linux and MacOS hosts
directly into the DeepSurface vulnerability management platform, further
strengthening our focus on interoperability.
“As the volume of
vulnerabilities increases, it’s critical that vulnerability management teams
can quickly identify which matter to their domain and filter out any that don’t
pose any risk to their organization. The status quo has been to juggle multiple
platforms and spend hours manually prioritizing vulnerabilities – this
integration between Microsoft and DeepSurface streamlines the number of
platforms for end-users and provides comprehensive, real-time insight into
their threat stance.” – Tomer Teller, Principal Security PM Lead,
Threat & Vulnerability Management at Microsoft
DeepSurface considers more than 50 different attributes of an environment to
contextualize vulnerabilities – and chains of vulnerabilities – within an
organization’s digital infrastructure to predict where an attacker could cause
the most damage and provides users with actionable intelligence on how to
reduce the most risk, fastest. Now, users of Microsoft Defender for Endpoint
have an integrated solution, easily operationalized in just a few minutes, that
provides them with at-a-glance insight into their threat stance.
Image
1 shows DeepSurface’s Risk Insight model. The paretograph shows all the patches
on your network and the relative risk they pose to your business, as well as
the number of affected hosts and number of vulnerabilities on your network.
DeepSurface integrates with Microsoft Defender for Endpoint APIs to collect
vulnerabilities and identify missing patches, then prioritizes the patches,
hosts and vulnerabilities based on a holistic threat model of your
infrastructure.
Image
2 shows the risk pathways or hacker roadmap of vulnerabilities and chains of
vulnerabilities that could be exploited on a network. By visualizing the most
exploitable risk paths, DeepSurface can help you identify which paths pose the
most risk to your business and prioritize where to patch first.
When viewing a specific patch, DeepSurface can show users which hosts are
affected, and the severity of the risk for each host after taking the holistic
context of your network into account. DeepSurface also provides
information about patch supersedence, and extra steps required to fully mitigate
the vulnerabilities covered by the patch.
Integration is quick and seamless. All you have to do is add your API key to
the DeepSurface console (see screenshot below). Documentation is available for
DeepSurface customers.
3: DeepSurface setup console to configure the Microsoft Defender for Endpoint
integration.
For additional details, you can view the full press release here.
At Microsoft, we believe that when solutions work well together, customers
benefit and can build stronger defenses. That’s why the Microsoft threat and
vulnerability management APIs give partners like DeepSurface, as well as
security full access to the threat and vulnerability management dataset,
allowing them to build integrations or other custom workflows.
More information and
feedback
- The threat and vulnerability management capabilities
are part of Microsoft Defender for Endpoint and enable
organizations to effectively identify, assess, and remediate endpoint
weaknesses to reduce organizational risk. - Documentation on how to configure the integration is
available for DeepSurface customers in the product portal.