Why is Defender EASM Discovery important?

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

The Defender External Attack Surface Management (Defender EASM) Discovery is an integral part of the external attack surface management process. Organizations often struggle to keep up with demanding business requests and create additional infrastructure not under their IT compliance. COVID increased pressure on organizations to allow employees to work from home and make rapid changes to new or existing infrastructure.

 

How can you get an accurate picture of your risk with all these changes happening? How could you know where your attack surface is vulnerable? Defender EASM Discovery is the answer.

 

jamilmirza_0-1676644879741.png

Figure 1 – Discover Vulnerabilities 

 

Discovery Seeds 

 

Defender EASM uses the idea of seeds to enable the Discovery process. Microsoft has some organization seeds already configured, which can be leveraged to start the Discovery. However, you can add your own if the organization is not listed. These seeds are the initial instructions to go and find infrastructure linked to the given organization.

 

Seeds consist of Organization names, Domains, IP Blocks, Hosts, Email Addresses, ASNs, and Whois Organizations. Once these have been added to the Discovery, Defender EASM’s proprietary algorithm will use these instructions as starting points on a weekly or monthly basis (depending on your configurations) to find infrastructure linked to your organization. 

 

jamilmirza_1-1676644879742.png

Figure 2 – Discovery Seeds 

 

Continuous Discovery

 

Once the seeds have been created, Defender EASM will continuously look for new infrastructure. When assets are added to the Attack Surface, their details are continuously updated to maintain an accurate map of asset states and relationships. The Defender EASM process is essential when identifying your entire digital estate. There are often assets in your Inventory you did not know existed or assets you expected to have been decommissioned. Completing a manual Discovery process without Defender EASM’s proprietary technology and necessary skills would be time-consuming, expensive, and likely omitting important assets. 

 

Discovery enables you to keep an eye on your ever-evolving attack surface. This dynamic process is vital in the cat-and-mouse game with threat actors targeting your organization. For those looking to master Defender EASM, don’t forget to check out the Microsoft Ninja training course

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.