Microsoft announced two new security threat intelligence products Tuesday morning, the latest moves in a broader effort to help businesses proactively sniff out and prevent cyberattacks.
Built in part on Microsoft’s $500 million acquisition of RiskIQ last year, the new Microsoft products come as Google works to complete its $5.4 billion acquisition of threat intelligence company Mandiant. Microsoft was reportedly in the running to acquire Mandiant prior to Google announcing the deal in March.
This is part of a flurry of industry activity in the areas known as security information and event management (SIEM) and extended detection and response (XDR), which use AI and human experts to combat a variety of cyberthreats.
Microsoft is building a sizable security business, with $15 billion in annual revenue as of December. Security revenue rose 40% in the June quarter, Microsoft CEO Satya Nadella told analysts last week on the company’s earnings conference call, without providing a dollar amount.
The company last year hired Charlie Bell, a longtime Amazon Web Services executive, to lead its newly formed Security, Compliance, Identity, and Management organization. Its products work across multiple clouds and platforms, including AWS and Google Cloud, in addition to Microsoft Azure and related cloud services.
One of Microsoft’s new products, Defender Threat Intelligence, lets customers “access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, and procedures,” with regular updates from Microsoft’s security data and experts, wrote Vasu Jakkal, a Microsoft corporate vice president for security, compliance, identity, and management.
The approach “lifts the veil on the attacker and threat family behavior and helps security teams find, remove, and block hidden adversary tools within their organization,” Jakkal added.
Microsoft’s other new product, Defender External Attack Surface Management, scans the internet to identify a company’s online assets and potential vulnerabilities.
“Many businesses have internet-facing assets they may not be aware of or have simply forgotten about,” Jakkal wrote. “These are often created by shadow IT, mergers, and acquisitions, incomplete cataloging, business partners’ exposure, or simply rapid business growth.”
After absorbing a series of cybersecurity companies last year, Microsoft continued its buying spree in June with a deal to acquire Miburo, a threat analysis and research company. Microsoft announced three managed security services in May.