Cybersecurity is a top priority for most organisations, and with good reason. Vulnerabilities in your IT systems can pose a great threat to your business, so it isn’t something to take lightly.
To protect your customers and your business, Microsoft offers a suite of tools to help, including Defender Vulnerability Management.
Reducing cyber risk requires comprehensive risk-based vulnerability management to identify, assess, remediate and track any potential threats across endpoints, workloads and systems.
Cybersecurity teams have long used vulnerability management tool to find vulnerabilities and correct them and it’s a service we provide to our Managed Service customers. Having a good, strong vulnerability management programme will utilise advances in threat intelligence to address any vulnerabilities in your IT and business operations as quickly and efficiently as possible.
An overview of Microsoft Defender Vulnerability Management
Defender Vulnerability Management provides asset visibility, advanced assessments, and built-in remediation tools suitable for Windows, macOS, Linux, Android, iOS, and network devices.
Leveraging Microsoft’s dynamic threat intelligence solutions, risk-based predictions, business contexts and assessing devices, Microsoft Defender Vulnerability Management swiftly and continuously analyses the biggest vulnerabilities on your most critical assets, giving you expert security recommendations to lower the risk to your business.
Microsoft Defender Vulnerability Management can also be used through the Microsoft 365 Defender portal, giving users one place to go to manage their IT Security. This is a big benefit as it removes the need for users to login to a separate vulnerability management tool such as Nessus or Qualys and having to manage license, costs and access across both.
Asset Delivery and Monitoring
Defender Vulnerability Management offers ‘built-in and agentless scanners’ that are constantly monitoring your devices to detect risk in your organisation even if devices aren’t connected to the corporate network at the time. So, with hybrid and remote working models, this comes in handy – wherever your employees are, the devices will be monitored for security risks and breaches.
Microsoft states that ‘consolidated inventories provide a real-time view of your organisation’s software applications, digital certificates, hardware and firmware’, along with browser extensions that will oversee and assess your organisation’s assets.
Microsoft’s suite of advanced vulnerability and configuration assessment tools enable businesses to understand potential threats and assess their cyber exposure.
This includes:
Security baseline assessment: Create tailored baseline profiles so you can measure risk compliance against certain benchmarks, such as Center for Internet Security (CIS), and Security Technical Implementation Guides (STIG). Fordway also offer a Security Baseline Assessment which you can read about here.
Software – You’ll be able to have more visibility into your software as well as any existing or potential vulnerabilities. The tool will provide a view of the organisation’s software inventory, and any changes including installations, uninstalls and patches.
Network Share Assessment – This allows you to assess your internal network and its configuration along with actionable security recommendations.
Authenticated scan for Windows – You’ll be able to scan unmanaged Windows devices for software vulnerabilities regularly with Microsoft Defender Vulnerability Management with credentials so you can remotely access the devices with ease.
Threat analytics and events – Entity-level vulnerability assessments will allow you to understand and prioritise any risks within your organisation. Event timelines is essentially a risk news feed which allows you to see how risk is introduced into the organisation through any breaches or exploits.
Browser extensions assessment – Analyse a list of the browser extensions installed across different browsers in your organisations, as well as each extension’s permissions and individual risk levels.
Digital certificates assessment – This allows you to view a list of certificates installed across the organisation in a single overview. Then you can identify certificates prior to expiration and identify potential vulnerabilities that are due to ‘weak signature algorithms.’
Hardware and firmware assessment – Identify known hardware and firmware in your organisation listed by system models, processors and BIOS. You’ll be given a detailed insight with details such as the vendor’s name, number of weaknesses, threat insights and how many exposed devices you have.
Threat Intelligence
As we’ve mentioned, utilising risk-based intelligence is hugely important as this helps organisations to prioritise the biggest vulnerabilities in their organisation.
Rick-based intelligent prioritisation typically includes:
A focus of emerging threats – Aligning the prioritisation of security recommendations with vulnerabilities currently being exploited and upcoming threats that pose the highest risk.
Pinpoint active breaches – Tying in vulnerability management and EDR insights to prioritise vulnerabities being exploited within a current breach in the organisation.
Safeguarding assets – Identifies exposed devices that have important and valuable applications, protected data, or high-value users.
Remediation
Microsoft Defender includes remediation actions that allow businesses to address various threats faced. Security administrators and IT administrators can collaborate and remediate issues using Microsoft’s built-in workflows:
Requests to IT – Users can create a remediation task in Microsoft Intune from a specific security recommendation.
Blacklist vulnerable applications – Lower risks with the ability to block potentially malicious applications, helping to safeguard your systems.
Switch up mitigations – Receive insights on other mitigations, including configuration changes which allow a reduction in risk associated with vulnerabilities in your software.
Real-time monitoring – Businesses will be able to monitor their remediation status and activities across the organisation in real-time.
Microsoft Defender Vulnerability Management Pricing & Availability
Microsoft Defender Vulnerability Management is a proactive tool giving businesses protection across different domains including endpoints and cloud workloads. The following plans are currently offered by Microsoft:
Microsoft Defender for Endpoint Plan 2 customers – can enhance their vulnerability management with the Microsoft Defender Vulnerability Management Add-On without having to install additional agents.
Microsoft Defender for Cloud customers – According to Microsoft Defender Vulnerability Management is ‘natively integrated within Defender for Cloud to perform vulnerability assessments for cloud based virtual machines and recommendations will automatically populate in the Defender for Cloud portal.’
Customers who aren’t currently using Defender for Endpoint Plan 2 can complement their existing EDR programme with the Microsoft Defender Vulnerability Management Standalone product – currently available for a free trial.
