Guest llachapelle Posted August 16, 2023 Posted August 16, 2023 Latest functionalities uplevel asset management and enhance data visibility Microsoft Defender External Attack Surface Management (Defender EASM) discovers and classifies assets and workloads across your organization's digital presence to enable teams to understand and prioritize exposed weaknesses in cloud, SaaS, and IaaS resources to strengthen security posture. Recently added features and enhancements uplevel asset management and enhance data visibility within the tool, helping customers gain efficiency and stay organized. Learn about these exciting new functionalities below and how you can start using them today. New Capabilities Observation Unification Within EASM, there are two different detection methods: Analyst insights that can be seen in the attack surface priorities area and; Graph detection insights from CVEs, which come from components MDEASM identifies within the environment Previously, the two types of insights were displayed separately within the asset details page, which could cause confusion when trying to drill down to the single source of truth that summarized all key observations for any given asset. Now, we’ve consolidated the insights into one area within the asset details page, under the new “Observations” tab, which combines the previous “Insights” and “Asset Details” tabs. The new Observation tab contains all high, medium, and low priority observations related to the asset. This gives customers a clear understanding of whether the observation is coming from analyst insights, graph detection insights, or both, in one consolidated view. Learn more here. Bulk Modification Previously, users were able to select 25 assets at a time to modify. With recent enhancements, users can now modify more than 25 assets at once, saving time and creating efficiency for bulk asset modifications. This is helpful to customers who may trying to remove significant numbers of assets from their inventory at one time or label a bulk amount of assets at one time, for example. Task Manager We’ve recently added a “Task Manager” section in the main navigation area of Defender EASM, which provides users with key information, such as what change was made and its status, about any given task that’s run in their instance. Paired with our new bulk modification ability, the Task Manager page enables users to track the progress of large tasks that often take time to complete and provides visibility into the status of their bulk modification efforts. Notifications Along with now having key information about tasks, we’ve also integrated a notification system into Defender EASM so that users can get automatically notified on the progress of their tasks, for example, when a task has been submitted, completed, or failed, which eliminates the need to manually go into Task Manager to check the status of tasks. Dashboard chart exports Do give users the most valuable information needed from asset downloads, we’ve added a functionality to all Defender EASM dashboard charts that allows users to export the assets and the details surrounding them, like a type of risk associated with a certain dashboard chart. The downloading function significantly reduces the time is takes to organize asset details. Saved Queries We’re happy to now provide the ability to save frequently used inventory filters, which will help organizations track and quickly access recurring searches. These saved queries can be edited, deleted, and are visible from a new tab on the Inventory page in Defender EASM. New Available Regions We’ve now added more regions to Defender EASM! Customers can now use the tool in the following expanded regions: South Central U.S. East U.S. Australia East West U.S. 3 Sweden Central East Asia Japan East West Europe Learn how to create resource groups by region here. New Enhancements Asset labels in data connections Adding labels to assets plays a large part in helping add business context to discovered assets. When exporting asset details to Log Analytics or Azure Data Explorers, users will now see a new table called “EasmAssetLabel,” which provides string values for any user-generated labels applied to the exported assets. Alongside UUID values and snapshot dates. Blocking of private IPs If a user accidentally adds a seed that is a private IP, Defender EASM will do a discovery based on that private IP, which can cause greatly enlarge the workspace, creating issues within the tool. Now, the UI and API will automatically block all private IP addresses from being inputted as discovery seeds, ensuring the workspace doesn’t impact billable assets if a private IP were to be added. Deduplication of discovery seeds When adding seeds to a discovery group, Defender EASM will now prompt users to remove any duplicative seeds prior to saving their changes, notifying users to remove or change any duplicate entries before they are submitted. New columns in dashboard drilldowns New columns have been added to certain chart drilldown pages to help users better understand the context behind their listed assets. We’ve asses a “Reputation” a “Domain Expiration” column, and a “Sensitive Services” column to give customers more information. These additions are useful when downloading asset information as the fields will now be included in the export! “Securing the Cloud” chart update The “Securing the Cloud” dashboard chart has been broken into two different charts: Hosting Providers and CDNs. The new change makes chart data more immediately actionable, and users can click any part of these charts to see a full list of impacted assets. We want to hear from you! MDEASM is made by security professionals for security professionals. Join our community of security pros and experts to provide product feedback and suggestions and start conversations about how MDEASM helps you manage your attack surface and strengthen your security posture. With an open dialogue, we can create a safer internet together. Continue reading... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.