A leading provider of Managed Detection and Response (MDR) services, CriticalStart announced enhanced abilities for Microsoft 365 defender, industry-unique capabilities around Managed Detection and Response (MDR) services to protect user credentials from phishing, brute force, and cloud application attacks. Other MDR providers make advice, while the Critical Start SOC acts on the customer’s behalf to prevent user account attacks, which are frequently a precursor to a breach.
The Vice President of Product at CriticalStart, Chris Carlson, stated, “By adding threat detection and response capabilities for credential and user account attacks into our MDR platform, Critical Start goes beyond the endpoint to protect against one of the most common attack vectors involved in the majority of breaches. This new expansion of capabilities was developed in direct response from customers that MDR providers need to go beyond giving recommendations for action and swiftly respond to stop attacks in progress. Critical Start now grants our customers the ability to improve their organizations’ security postures as well as their overall readiness to face off against credential-based attacks.”
Customers can utilize the new CriticalStart announced Enhanced Abilities to strengthen their existing defenses and avoid breaches caused by user account-based assaults. As cybercriminals continue to focus their attacks on credentials that allow them to remain hidden when accessing networks rather than attacking the networks themselves, users must be able to detect and respond swiftly to these attacks.
Alerts from multiple Microsoft systems, such as user-reported email phishing attempts, Azure Active Directory identity alerts, and alerts triggered by anonymous login IPs to business applications running, can be brought in using the combined power of Critical Start’s existing MDR services and the Microsoft security suite from Defender for Cloud Apps. The extended service enables improved detection and response for a variety of threats that potentially compromise a user’s account.
Microsoft has announced that their defender for cloud protection is now available for Google Cloud Platform environments as well. Threat detection and security warnings are ensured across all clouds because of this. Because many firms use a hybrid cloud solution, this benefits most consumers. Defender for Cloud is a Microsoft security product that discovers and alerts vulnerabilities in protected multi-cloud and hybrid settings monitor cloud services for threats and offer recommendations to improve security.
However, the group’s ability to support cloud solutions has been limited thus far. Another amazing partner is on the way in the form of the Google Cloud Platform or GCP for short. Microsoft revealed native multi-cloud compatibility for Amazon AWS at the Ignite 2021 conference just a few weeks ago.
Microsoft Partner Group Program Manager Gilad Elyashar revealed that Microsoft Defender for Cloud now supports Google Cloud Platform natively with CSPM and CWP capabilities, eliminating the need for Google 1st party tools.
With the addition of AWS and GCP support, businesses can now use Defender for Cloud to get a quick overview of the security health of their multi-cloud environment using Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP), all from one place in the Defender for Cloud portal. Microsoft is now the only cloud provider that offers native multi-cloud protection for the industry’s top three platforms, thanks to GCP support.
DeepSurface, the award-winning risk-based vulnerability management platform has integrated with Microsoft Defender for Endpoint. DeepSurface can now automatically accept reports of vulnerabilities, missing patches, and misconfigurations across Microsoft, Linux, and Mac hosts provided by Microsoft Defender for Endpoint. DeepSurface then assesses and ranks vulnerabilities based on the possible risk to the company. Vulnerability management teams can gain comprehensive insight on where their cybersecurity risks are with DeepSurface, allowing them to lower the risk of a cyberattack on their company swiftly.
“Vulnerability Management plays a crucial role in improving an organization’s overall security posture, and Microsoft’s threat and vulnerability management capabilities are a great way for customers to easily add vulnerability data to their threat model. We’re excited to make DeepSurface easy to use for any customers deploying Microsoft Defender for Endpoint. The new integration means companies can implement a cost-effective method of contextual vulnerability prioritization in one easy-to-use interface,” said DeepSurface CTO and co-founder Tim Morgan.
DeepSurface is one of the few vulnerability management systems that take into account more than 50 different environmental factors. User and system account permissions, Active Directory configuration, critical and sensitive assets, installed software, user activity, network access, vulnerability scanner output (from Tenable, Qualys, Microsoft ATP, and Rapid7), and AWS Elastic Compute Cloud (Amazon EC2) attributes are among the items examined. All of these details are utilized to place vulnerabilities (and chains of vulnerabilities) in the context of an organization’s digital infrastructure.
Tomer Teller, principal security program Manager, Microsoft said, “We’re pleased to see DeepSurface integrate with our threat and vulnerability management capabilities in Microsoft Defender for Endpoint because it gives our mutual customers even more flexibility in designing a well-integrated vulnerability management program.”