𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐀𝐏𝐈 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐃𝐚𝐬𝐡𝐛𝐨𝐚𝐫𝐝

Microsoft Defender for API plan provides amazing capabilities like

➡️visibility to business-critical managed APIs

➡️security findings to investigate and improve your API security posture

➡️sensitive-data classification (API data classification)

➡️real-time threat detection that generates alerts for suspicious activities.

➡️misconfiguration finding

➡️security recommendations

and more.

Defender for API Security Dashboard allows you to visualize the state of your API posture for the API endpoints that you have onboarded to better understand your unhealthy recommendations and the identified data classifications, authorization status, usage, and exposure of your APIs.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-api-security-dashboard/ba-p/3848291

#azure #microsoftsecurity #microsoft #defender #xdr #api #apisecurity #soc #monitoring #cybersecurity #securityplatform #security #cloud #cloudnative #threat #threatdetection

What's new in Microsoft Defender for Cloud?

Updates in May include:

➡️New alert in Defender for Key Vault

➡️Agentless scanning now supports encrypted disks in AWS

➡️Revised JIT (Just-In-Time) rule naming conventions in Defender for Cloud

➡️Onboard selected AWS regions

➡️Multiple changes to identity recommendations

➡️Deprecation of legacy standards in compliance dashboard

➡️Two Defender for DevOps recommendations now include Azure DevOps scan findings

➡️New default setting for Defender for Servers vulnerability assessment solution

More details: https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes#may-2023

#microsoft #azure #devops #cloud #aws #compliance #gcp #defender #defenderforcloud #cnapp #cspm #cwpp #soc #cloudsecurity #multicloud #securityplatform #microsoftsecurity

Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatically-disrupt-adversary-in-the-middle-aitm-attacks-with/ba-p/3821751

#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst

Policy Analytics for Azure Firewall to help IT teams manage the rules in the Azure Firewall policy over time is now general availabe.

This feature provides critical insights and surfaces recommendations for optimizing Azure Firewall policies to strengthen security posture.

Key capabilities available in the Azure portal include:

- Policy insight panel: Aggregates policy insights and highlights policy recommendations.

- Firewall flow logs: Displays all traffic flowing through the Azure Firewall alongside hit rate and network and application rule match.

- Rule analytics: Displays traffic flows mapped to destination network address translation (DNAT), network, and application rules.

- Single-rule analysis: It analyzes traffic flows matching the selected rule and recommends optimizations based on those observed traffic flows.

https://azure.microsoft.com/en-us/blog/optimize-performance-and-strengthen-security-with-policy-analytics-for-azure-firewall/

#azure #azurefirewall #firewall #cloud #cloudnetworking #azurenetwork #azurenetworksecurity #flow #flowlogs #policyanalytics #microsoft #soc #secops #securityplatform

Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.

Use Cases

➡ Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender

➡Upload IOC to a storage account\public GitHub

➡Using KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender

➡M365 Defender Raw Event Detection

➡M365D Raw events flow into Sentinel with the M365 Defender Data connector

➡MDTI Feeds flow into Sentinel with MDTI Data connector

➡Manual TI correlation rule

https://techcommunity.microsoft.com/t5/microsoft-defender-threat/what-s-new-mdti-interoperability-with-microsoft-365-defender/ba-p/3799846

#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp

Discovering internet-facing devices using Microsoft Defender for Endpoint

MDE is expanding device discovery capabilities through our existing network telemetry and RiskIQ integration.

Find out how to discover your internet-facing devices through Microsoft 365 Defender portal and Advanced Hunting.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/discovering-internet-facing-devices-using-microsoft-defender-for/ba-p/3778975

#mde #edr #xdr #discovery #easm #riskiq #microsoftsecurity #microsoft365defender #advancedhunting #hunting #kql #soc #securityplatform #secops #network #discovery #microsoft #cloudsecurity