Jump to content

Latest functionalities uplevel asset management and enhance data visibility


Recommended Posts

Guest llachapelle
Posted

Latest functionalities uplevel asset management and enhance data visibility

 

 

Microsoft Defender External Attack Surface Management (Defender EASM) discovers and classifies assets and workloads across your organization's digital presence to enable teams to understand and prioritize exposed weaknesses in cloud, SaaS, and IaaS resources to strengthen security posture. Recently added features and enhancements uplevel asset management and enhance data visibility within the tool, helping customers gain efficiency and stay organized. Learn about these exciting new functionalities below and how you can start using them today.

 

 

New Capabilities

 

 

Observation Unification

 

 

Within EASM, there are two different detection methods:

 

  • Analyst insights that can be seen in the attack surface priorities area and;
  • Graph detection insights from CVEs, which come from components MDEASM identifies within the environment

 

Previously, the two types of insights were displayed separately within the asset details page, which could cause confusion when trying to drill down to the single source of truth that summarized all key observations for any given asset. Now, we’ve consolidated the insights into one area within the asset details page, under the new “Observations” tab, which combines the previous “Insights” and “Asset Details” tabs. The new Observation tab contains all high, medium, and low priority observations related to the asset. This gives customers a clear understanding of whether the observation is coming from analyst insights, graph detection insights, or both, in one consolidated view. Learn more here.

 

793x473vv2.png.627cf9c93f447fadcc5dab60ad630b33.png

 

Bulk Modification

 

 

Previously, users were able to select 25 assets at a time to modify. With recent enhancements, users can now modify more than 25 assets at once, saving time and creating efficiency for bulk asset modifications. This is helpful to customers who may trying to remove significant numbers of assets from their inventory at one time or label a bulk amount of assets at one time, for example.

 

791x421vv2.png.172704a2ddd165b82429481d6bc90e29.png

 

 

 

Task Manager

 

 

We’ve recently added a “Task Manager” section in the main navigation area of Defender EASM, which provides users with key information, such as what change was made and its status, about any given task that’s run in their instance. Paired with our new bulk modification ability, the Task Manager page enables users to track the progress of large tasks that often take time to complete and provides visibility into the status of their bulk modification efforts.

 

762x384vv2.png.a782be2ffe68506ea2cfab9846cd86fb.png

 

Notifications

 

 

Along with now having key information about tasks, we’ve also integrated a notification system into Defender EASM so that users can get automatically notified on the progress of their tasks, for example, when a task has been submitted, completed, or failed, which eliminates the need to manually go into Task Manager to check the status of tasks.

 

mediumvv2px400.png.fa3e0563a84451e9a66e5d466da9f038.png

 

Dashboard chart exports

 

 

Do give users the most valuable information needed from asset downloads, we’ve added a functionality to all Defender EASM dashboard charts that allows users to export the assets and the details surrounding them, like a type of risk associated with a certain dashboard chart. The downloading function significantly reduces the time is takes to organize asset details.

 

714x365vv2.png.85ee4de8b6d0df3b6a0ce8d981ae36d7.png

 

 

 

Saved Queries

 

 

We’re happy to now provide the ability to save frequently used inventory filters, which will help organizations track and quickly access recurring searches. These saved queries can be edited, deleted, and are visible from a new tab on the Inventory page in Defender EASM.

 

810x476vv2.png.6cb320c56fa100ffbee7a6b02dedc77a.png

 

 

 

New Available Regions

 

 

We’ve now added more regions to Defender EASM! Customers can now use the tool in the following expanded regions:

 

  • South Central U.S.
  • East U.S.
  • Australia East
  • West U.S. 3
  • Sweden Central
  • East Asia
  • Japan East
  • West Europe

 

Learn how to create resource groups by region here.

 

 

New Enhancements

 

 

Asset labels in data connections

 

 

Adding labels to assets plays a large part in helping add business context to discovered assets. When exporting asset details to Log Analytics or Azure Data Explorers, users will now see a new table called “EasmAssetLabel,” which provides string values for any user-generated labels applied to the exported assets. Alongside UUID values and snapshot dates.

 

 

Blocking of private IPs

 

 

If a user accidentally adds a seed that is a private IP, Defender EASM will do a discovery based on that private IP, which can cause greatly enlarge the workspace, creating issues within the tool. Now, the UI and API will automatically block all private IP addresses from being inputted as discovery seeds, ensuring the workspace doesn’t impact billable assets if a private IP were to be added.

 

 

Deduplication of discovery seeds

 

 

When adding seeds to a discovery group, Defender EASM will now prompt users to remove any duplicative seeds prior to saving their changes, notifying users to remove or change any duplicate entries before they are submitted.

 

 

New columns in dashboard drilldowns

 

 

New columns have been added to certain chart drilldown pages to help users better understand the context behind their listed assets. We’ve asses a “Reputation” a “Domain Expiration” column, and a “Sensitive Services” column to give customers more information. These additions are useful when downloading asset information as the fields will now be included in the export!

 

 

“Securing the Cloud” chart update

 

 

The “Securing the Cloud” dashboard chart has been broken into two different charts: Hosting Providers and CDNs. The new change makes chart data more immediately actionable, and users can click any part of these charts to see a full list of impacted assets.

 

 

We want to hear from you!

 

 

MDEASM is made by security professionals for security professionals. Join our community of security pros and experts to provide product feedback and suggestions and start conversations about how MDEASM helps you manage your attack surface and strengthen your security posture. With an open dialogue, we can create a safer internet together.

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...