No Result
View All Result
Simon Angling
  • Home
  • About Me
  • Cyber Security
  • Productivity
  • Blog
    • Cyber Security
    • Design
    • Education
    • Learning Out Loud
    • Microsoft
    • Productivity
    • Technology
  • Contact Me
Simon Angling
  • Home
  • About Me
  • Cyber Security
  • Productivity
  • Blog
    • Cyber Security
    • Design
    • Education
    • Learning Out Loud
    • Microsoft
    • Productivity
    • Technology
  • Contact Me
No Result
View All Result
Simon Angling
No Result
View All Result
Home Cyber Security

What is Vulnerability Management and the Microsoft Defender Vulnerability Management tools

Simon Angling by Simon Angling
May 11, 2023 - Updated on May 12, 2023
in Cyber Security, Microsoft, Technology
What is Vulnerability Management and the Microsoft Defender Vulnerability Management tools

Vulnerability Management tools help identify, categorise, and manage vulnerabilities in IT systems. This can include unsecure configurations; missing updates, patches or other security-related updates for applications, services, and operating systems whether on-prem or cloud based.

The Center for Internet Security (CIS) lists continuous vulnerability management as one of the Critical Security Controls. Vulnerability management allows security teams to identify and resolve vulnerabilities before they can be exploited.

Comprehensive vulnerability management requires a blend of policy, process and technology.

Microsoft Defender Vulnerability Management as part of Defender for Endpoint Plan 2 provides foundational vulnerability management capabilities such as device discovery, inventory and vulnerability and configuration assessments.

Microsoft’s new premium capabilities that are currently in public preview provide advanced assessments to give in-depth visibility into the potential exposure to IT assets.

Microsoft Defender Vulnerability Management (Core) Features

Defender for Endpoint Plan 2 includes the following core Defender Vulnerability Management capabilities:

Device Discovery

Device discovery uses onboarded endpoints, in your network to collect, probe, or scan your network to discover unmanaged devices without the need for extra appliances.

Device Inventory

The Device inventory shows a list of the devices in your network where alerts have been generated. Information such as domain, risk level, OS platform, and other details for easy identification of devices most at risk is easily accessible.

Vulnerability Assessment

The Weaknesses page lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID, view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more.

Configuration Assessment

Microsoft Secure Score for Devices is visible in the Defender Vulnerability Management dashboard of the Microsoft 365 Defender portal. The Microsoft Secure Score reflects the collective security configuration state of your devices with a higher score indicating that endpoints are more resilient to cyber security threats.

Risk Based Prioritization

Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Security recommendations include actionable remediation steps.

Remediation Tracking

Vulnerability management capabilities bridges the gap between Security staff and IT administrators through the remediation request workflow.

Continuous Monitoring

Email notifications includes basic information about the vulnerability events and includes links to filtered views in the Defender Vulnerability Management Security recommendations and Weaknesses pages for further investigation.

Software Inventory

Software inventory in Defender Vulnerability Management is a list of known software in the organization and displays software details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices.

Software Usages Insights

Software usage information gives insights into the number of devices using applications and usage time over the past 30 days.

Defender Vulnerability Management Add-on and Standalone Edition Additional Features

Defender Vulnerability Management Add-on and Defender for Endpoint Plan 2 Defender Vulnerability Management Standalone (currently in Public Preview) provides the following additional Defender Vulnerability Management capabilities:

Security Baselines Assessment

A security baseline profile is a customized profile that you can create to assess and monitor endpoints in your organization against industry security benchmarks.

Security baselines provide support for Center for Internet Security (CIS) benchmarks for Windows 10, Windows 11, and Windows Server 2008 R2 and above, as well as Security Technical Implementation Guides (STIG) benchmarks for Windows 10 and Windows Server 2019.

Block Vulnerable Applications

The block action can reduce the risk of a vulnerability by taking immediate action to block all currently known vulnerable versions of an application, until the remediation request is completed. The warn action can be used to provide a warning to users who launch a vulnerable version of an application when an outright block is undesirable.

Browser Extension Assessment

The Browser extensions page displays a list of the browser extensions installed across different browsers in your organization.

Digital Certificate Assessment

The Certificate inventory lets you view a list of the certificates installed across the organization and can help you identify certificates that are due to expire or use weak signature algorithms.

Network Share Analysis

Vulnerable network share configurations that could be exploited by attackers are identified and mapped to actionable security recommendations.

Hardware and Firmware Assessment

Hardware and Firmware Assessment provides a list of known hardware and firmware in the organization and provides inventories of system models, processors, and BIOS including details such as the vendor name, weaknesses, threat insights, and the number of exposed devices.

Authenticated Scan for Windows

Authenticated scan for Windows provides the ability to run scans on unmanaged Windows devices and provide the latest security recommendations and review recently discovered vulnerabilities for the targeted devices.

Pricing and Trails

If you already have Defender for Endpoint Plan 2, the licence is listed as $2.00 per user/month but you can currently sign up for the Defender Vulnerability Management Add-on Trial.

If you don’t have Defender for Endpoint Plan 1 or Plan 2, or Microsoft 365 E3, you can sign up to try the Defender Vulnerability Management Standalone Trial.

References

Microsoft Defender Vulnerability Management | Microsoft Security

Microsoft Defender Vulnerability Management documentation | Microsoft Learn

Related

Tags: Cyber Security
Previous Post

CIS Security Controls and Compliance

Next Post

Stop Giving Me Back My Time!

Next Post

Stop Giving Me Back My Time!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Table of Contents

  • Microsoft Defender Vulnerability Management (Core) Features
    • Device Discovery
    • Device Inventory
    • Vulnerability Assessment
    • Configuration Assessment
    • Risk Based Prioritization
    • Remediation Tracking
    • Continuous Monitoring
    • Software Inventory
    • Software Usages Insights
  • Defender Vulnerability Management Add-on and Standalone Edition Additional Features
    • Security Baselines Assessment
    • Block Vulnerable Applications
    • Browser Extension Assessment
    • Digital Certificate Assessment
    • Network Share Analysis
    • Hardware and Firmware Assessment
    • Authenticated Scan for Windows
  • Pricing and Trails
  • References

Popular Posts

GTD and InBox Zero with Microsoft Outlook

Microsoft Defender Products and Licensing Demystified

What is Vulnerability Management and the Microsoft Defender Vulnerability Management tools

Defender for Endpoint for Servers vs Defender for Cloud Server

Increasing upload_max_size in php.ini with Azure Web Apps

Free Data Ingestion into Microsoft Sentinel Explained

Azure Front Door Vanilla, Standard and Premium

What is Security Orchestration, Automation, and Response (SOAR)

What is Zero Trust, and how Microsoft implements it

Microsoft Cybersecurity Reference Architectures (MCRA) Updated

Categories

  • Africa Overland
  • Archive
  • Asides
  • Cyber Security
  • Design
  • Education
  • Learning Out Loud
  • Microsoft
  • Personal
  • Productivity
  • Quotes
  • South Africa
  • Technology
  • Travel
  • Web Development
  • Privacy Policy
  • Cookie Policy

© 2024 Simon Angling

No Result
View All Result
  • Home
  • About Me
  • Cyber Security
  • Productivity
  • Blog
    • Cyber Security
    • Design
    • Education
    • Learning Out Loud
    • Microsoft
    • Productivity
    • Technology
  • Contact Me

© 2024 Simon Angling