Microsoft Defender Vulnerability Management

If, as an organization, you are to reduce your cyber risk, you’ll require comprehensive risk-based vulnerability management. The latter helps you identify, assess, remediate, and track the most significant vulnerabilities that expose your most critical asset. Microsoft Defender Vulnerability Management, whose public preview announcement was on May 12th, encompasses Microsoft’s complete set of vulnerability management capabilities.

According to Microsoft, it is a single cutting-edge tool that delivers intelligent assessments, asset visibility, and built-in remediation for Windows, macOS, Linux, Android, iOS, and network devices. This new Defender feature leverages the core threat and vulnerability management tools launched as far back as 2019. This includes breach likelihood predictions and threat intelligence that you’d find in Microsoft Advanced Threat Protection.

With Microsoft Defender Vulnerability Management, you should sufficiently empower your security, and IT teams to reduce cyber security risk with:

Asset Discovery and Inventory for Vulnerability Management

Defender Vulnerability Management comes with agentless scanners. These come in especially handy in hybrid and remote workplaces, whereby you continuously monitor and detect risk in your organization even with disconnected devices.

Your security and IT teams are better equipped to discover and assess all your organization’s assets as you then have a single inventory with a real-time consolidated view of your organization’s software applications, digital certificates, browser extensions, and network shares. What’s more, your IT team should be able to extend permissions and associated risk levels, identify certificates before they expire, assess misconfigurations in internal network shares, and troubleshoot any weak signature algorithms.

Vulnerability and Configuration Assessment

Vulnerability assessment entails a systematic review of existing security weaknesses within your infrastructure. It involves the evaluation of the latter for susceptibility to known vulnerabilities. With Defender Vulnerability Management, you get a security baseline assessment that’ll help with creating a customizable baseline profile. This profile becomes your benchmark against which you can measure risk compliance.

You should be able to see and review any changes, including installations, uninstalls, and patches, to your organization’s software inventory. What’s more, on the main certificate inventory page, you can review the list of certificates you’ve installed across your organization. Finally, you can view event timelines and entity-level vulnerability to help with understanding and prioritizing vulnerabilities.

Risk-Based Intelligent Prioritization

As highlighted, Defender Vulnerability Management leverages Microsoft’s threat intelligence, breach prediction, and device assessments, among others, to help with quickly prioritizing the most significant vulnerabilities within your organization. Your IT and security experts should be able to quickly pick on emerging threats seeing as these are dynamically aligned with the prioritization of security recommendations.

In line with the promise of a quicker tool, Defender Vulnerability Management helps correlate vulnerability management and EDR insights to help pinpoint active breaches. Finally, like all devices, even those not currently connected to the organization’s network, are monitored, you should be able to identify exposed high-value assets. This comes in handy, especially when it comes to devices with business-critical applications, confidential data, or high-value users.

Remediation and Tracking

If you are to tackle security incidences, you must create an environment where IT administrators and security administrators can collaborate. Defender Vulnerability Management offers built-in workflows that deliver just that! You can have remediation requests sent to IT. This is considered a remediation task that you can create on Microsoft Intune featuring a specific security recommendation.

You can block vulnerable applications for specific device groups as you’ve got a better hang of tracking. Further, you gain insights on other mitigations, including configuration changes that should enable your IT team to reduce the risk associated with known software vulnerabilities. Finally, the surest way to avoid diverse effects following intrusion would be to seek real-time remediation status. You gain insight into the progress of the remediation activities in play.

Vulnerability Management Capabilities Currently Available Through Public Preview

Security Baseline Assessment 

At the public preview, you can access Center for Internet Security (CIS) benchmarks and Security Technical Implementation Guides (STIG) benchmarks. These are critical for managing your security posture and measuring risk compliance.

Browse Extension Inventory and Assessment 

With Defender Vulnerability Management’s browser extension inventory, receive detailed information on the permissions requested by each extension. The solution also helps the IT team identify which of these have the highest associated risk levels.

You should be able to leverage these risk-based assessments to make informed, contextual decisions as it pertains to the management of the extensions within your organization.

Digital Certificate Inventory Assessment 

Discovering, assessing, and managing all certificates in a single view should help ensure the secure transfer of information within your network and over the internet.

With Defender Vulnerability Management, you should be able to pick out certificates that are soon to expire and in need of updates to prevent service disruptions. Further, you should be able to detect any potential vulnerabilities as a result of weak signature algorithms. Finally, you should have an easier time keeping tabs on compliance with regulatory guidelines as well as organizational policies.

Learn More About Vulnerability Management With Microsoft Defender

In retrospect, Microsoft Defender Vulnerability Management is designed for customers looking for a proactive, risk-based vulnerability management solution. The features therein help organizations efficiently discover, assess, and remediate vulnerabilities and misconfigurations that might be occurring.

As an organization, you will benefit from continuous asset visibility and a host of intelligent assessment tools. You also will have in place a risk-based prioritization and built-in remediation workflows that should help with dealing with risks.

Suppose you are already a Defender for Endpoint Plan 2. In that case, you have the add-on option that can enhance your vulnerability management program. Specifically, you have available to you expanded asset recovery, cross-platform support, and new assessment and mitigation tools.

A neat feature is that the platform retains the existing vulnerability management tools you currently have. Currently, you should also have access to security baseline assessments that proactively manage your organization’s security posture. Additionally, you have access to browser extension inventory and assessments and digital certification inventory and assessments.

Note that currently in beta, you can block vulnerable applications while they’re being remediated. Your admins block specific versions of applications for certain device groups flagged as containing vulnerabilities. Further, the admins can view devices impacted by a security bug, view the file indicators created during the mitigation, and consequently export this complete list of indicators for reporting and validation.

If you want help enabling the Microsoft security stack and identifying and remediating vulnerabilities in your environment, Agile IT is a Microsoft Security Gold partner with experience across thousands of organizations. Contact us to find out more.