Email: helpdesk@telkomuniversity.ac.id

This Portal for internal use only!

All Categories

All Categories

Search

0 Wishlist

Cart

Categories
More Categories Less Categories

iconTicket Service Desk

All Categories

All Categories

Search

0 Wishlist

Cart

Menu
Home/Microsoft/Enhancing vulnerability prioritization with asset context and EPSS – Now in Public Preview.

Enhancing vulnerability prioritization with asset context and EPSS – Now in Public Preview.

/ 2024-08-14
Enhancing vulnerability prioritization with asset context and EPSS – Now in Public Preview.
Microsoft

Vulnerability prioritization is a critical component of an effective Vulnerability Risk Management (VRM) program.
It involves identifying and ranking security weaknesses in an organization’s systems based on their potential impact and exploitability.
Given the vast number of potential vulnerabilities, it is impossible to address all of them at once. Effective prioritization ensures that the most critical vulnerabilities are addressed first, maximizing security efforts.
This approach is crucial for defending against cyberattacks, as it helps allocate resources effectively, reduce the attack surface, and protect sensitive data more efficiently.

 

We are excited to announce the addition of three crucial factors to our prioritization process in Microsoft Defender Vulnerability Management, aimed at improving accuracy and efficiency. These factors include:

Information about critical assets (defined in Microsoft Security Exposure Management)
Information about internet-facing device
Exploit Prediction Scoring System (EPSS) score

In this article, you can learn more about each of these enhancements, how they contribute to a more robust vulnerability prioritization process, and how you can use them.

 

Critical devices

In Microsoft Security Exposure Management (preview), you can define and manage resources as critical assets.

Identifying critical assets helps ensure that the most important assets in your organization are protected against risk of data breaches and operational disruptions. Critical asset identification contributes to availability and business continuity. Exposure Management provides an out-of-the-box catalog of predefined critical asset classifications and ability to create your custom definitions, in addition to the capability to manually tag devices as critical to your organization. Learn more about critical asset management in this deep dive blog.

 

Now in preview, you can prioritize security recommendations, and remediation steps to focus on critical assets first.
A new column displaying the sum of critical assets for each recommendation has been added to the security recommendations page, as shown in figure 1.

 

 

 

Figure 1. New column in the recommendations page that displays the number of critical devices that are correlated to each recommendation (all criticality levels).

 

Additionally, in the exposed device lists (found throughout the Microsoft Defender portal), you can view device criticality, as shown in figure 2.

 

Figure 2. Exposed devices with their criticality level in the recommendation object.

 

You can also use the critical devices filter to display only recommendations that involve critical assets, as shown in figure 3.

Figure 3. Capability to filter and display only recommendations that involves critical assets.

 

The sum of critical assets (in any criticality level) for each recommendation is now consumable through the recommendations API.

This is the first factor we are incorporating from Exposure Management, and we plan to expand this feature to include more context from the enterprise graph for prioritization enhancements. This will enable a more comprehensive understanding and management of security risks, ensuring that critical areas are addressed with the highest priority.

 

Internet facing devices

As threat actors continuously scan the web for exposed devices to exploit, Microsoft Defender for Endpoint automatically identifies and flags onboarded, exposed, internet-facing devices in the Microsoft Defender portal. This critical information enhances visibility into your organization’s external attack surface and provides insights into asset exploitability. Devices that are successfully connected via TCP or are identified as host reachable through UDP are flagged as internet-facing in the portal. Learn more about devices flagged as internet-facing.

 

The internet-facing device tag is now integrated into Defender Vulnerability Management experiences. This allows you to filter and see only weaknesses or security recommendations that impact internet-facing devices. The tag is displayed in the tags column, as shown in figure 4, for all relevant devices in the exposed device lists found throughout the Microsoft Defender portal.

 

 

Figure 4. Internet-facing tag on the CVE object and on the relevant device.

 

Exploit Prediction Scoring System (EPSS)

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS uses current threat information from CVE and real-world exploit data.  The EPSS model produces for each CVE a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited. Learn more about EPSS.

In the Microsoft Defender portal, you can see the EPSS score for each weakness, as shown in figure 5.

 

 

Figure 5. Screenshot showing EPSS score.

 

When the EPSS is greater than 0.9, the bug tip is highlighted to reflect the urgency of mitigation, as shown in figure 6.

 

Figure 6. On the weaknesses page: the bug tip is highlighted for this CVE as EPSS > 0.9.

 

EPSS is designed to help you enrich your knowledge of weaknesses, understand exploit probability, and enable you to prioritize accordingly. The EPSS score is also consumable through the Vulnerability API.

Note that if the EPSS score is smaller than 0.001, it’s considered to be 0.

 

Try the new capabilities

Incorporating asset context and EPSS into Defender Vulnerability Management marks a significant advancement in our vulnerability prioritization capabilities. These new features—critical asset identification, internet-facing device tagging, and EPSS scoring—provide a more accurate and efficient approach to managing security risks.

 

By leveraging these tools, you can better protect your organization’s most valuable assets, reduce their attack surface, and stay ahead of potential threats. We invite you to explore these new capabilities and see how they can help with prioritization and enhance your security posture.

 

For more information, see the following articles:

What’s new in Microsoft Defender Vulnerability Management
What is Microsoft Security Exposure Management?
Device inventory
Overview of management and APIs

 

 

 

 

 

 

 

 

 

​Microsoft Tech Community – Latest Blogs –Read More 

Tags:

Related posts

From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data
2024-11-14

From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data

Microsoft introduces new adapted AI models for industry
2024-11-13

Microsoft introduces new adapted AI models for industry

IDC’s 2024 AI opportunity study: Top five AI trends to watch
2024-11-13

IDC’s 2024 AI opportunity study: Top five AI trends to watch

Leave a Reply

Your email address will not be published. Required fields are marked *

Adobe
Google for Education
IBM
Matlab
Microsoft
Wordpress
Visual Paradigm
Opensource

Portal Application Package Repository Telkom University, for internal use only, empower civitas academica in study and research.

Information

Contact Us

Copyright © Telkom University. All Rights Reserved. ch