Microsoft Build a New Threat & Vulnerability Management Features to Prevent Advanced Cyber Attacks

Microsoft Defender ATP is an add-on with Windows Defender Antivirus aimed to combat cyber attacks and to secure your environment. The threat & Vulnerability Management (TVM) is the latest inclusion in Microsoft Defender ATP.

At the Microsoft Ignite conference, Microsoft announced that it is working with capabilities for Threat and Vulnerability Management (TVM) to improve threat detection.

Threat and Vulnerability Management

Microsoft enhancing the capabilities of TVM to improve the time to detection and remediation, integration across platforms, and automated user-impact analysis.

Following are the new capabilities that are announced to go in public for this month

• Vulnerability Assessment (VA) support for Windows Servers 2008 R2 and above
• Integration with ServiceNow for improved IT/Security communication
• Advanced hunting across vulnerabilities and security alerts
• Role-based access controls (RBAC) for teams focusing on vulnerability management
• Automated user-impact analysis

Microsoft aimed to extend the Vulnerability Assessment support for Windows Windows Servers 2008 R2, 2012 R2, 2016, and 2019. This enhancement helps customers to effectively discover, prioritize and remediate Windows server vulnerabilities across the entire stack, including OS components, Microsoft apps, and third-party software.

“With this new integration, the security team can open change management tickets in ServiceNow directly from the Microsoft Defender Security Center to ask the IT team to remediate vulnerabilities and misconfigurations,” reads Microsoft Blog Post.

The New addition of Role-based access controls provides system administrators flexibility to create SecOps-oriented roles, TVM-oriented roles, or hybrid roles to restrict only the authorized users can access the data.

Microsoft advanced hunting capabilities provide customers extensive flexibility in slicing and dicing vulnerability and misconfiguration data.

The last one is the ASR rules which determine which machines are considered safe for configuration change without impacting user productivity.

You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.