What is Microsoft Defender EASM?
Microsoft Defender External Attack Surface Management (EASM) continuously discovers and monitors your organization’s external, internet-exposed attack surface. The service scans the internet from the perspective of a potential attacker and identifies all assets associated with your organization: domains, IP addresses, web applications, SSL certificates and cloud resources.
EASM goes beyond traditional vulnerability scanners by also finding unknown or forgotten assets: shadow IT, expired domains, orphaned subdomains or exposed development environments. Many security incidents begin with the exploitation of exactly such forgotten resources.
The service provides a current inventory of all external assets, evaluates their security risk and prioritizes recommendations based on vulnerabilities, misconfigurations and exposure.
Core Features
- Automatic discovery of all external assets starting from seed information
- Continuous monitoring for new vulnerabilities and misconfigurations
- Risk assessment and prioritization by criticality and exposure
- Detection of shadow IT and unknown cloud resources
- Integration with Microsoft Sentinel and Microsoft Defender for Cloud
Typical Use Cases
Attack Surface Reduction: Identifying and eliminating unnecessarily exposed services, forgotten subdomains and outdated web applications to reduce the attack surface.
M&A Due Diligence: Assessing the external attack surface of an acquisition target to identify security risks before the acquisition and factor them into the valuation.
Compliance Monitoring: Continuously verifying that all externally reachable systems comply with security policies, including SSL certificates, patch levels and configuration.
Benefits
- Visibility across the entire external attack surface from an attacker’s perspective
- Detection of shadow IT and forgotten assets
- Prioritized recommendations instead of data overload
- GDPR-compliant with European data processing
Frequently Asked Questions
What differentiates EASM from a vulnerability scanner?
Vulnerability scanners check known assets for known vulnerabilities. EASM first discovers all assets (including unknown ones) and then evaluates their risk. EASM works from an external perspective and finds shadow IT that internal scanners cannot reach.
What seed information is required?
For initial setup, domain names, IP ranges or organization names are sufficient. EASM automatically expands these seeds through analysis of DNS records, SSL certificates, WHOIS data and web crawling.
How frequently are assets scanned?
EASM scans continuously. New assets are typically assessed within 24 to 48 hours of discovery. Existing assets are regularly checked for new vulnerabilities and configuration changes.
Integration with innFactory
As a Microsoft Solutions Partner, innFactory supports you with Microsoft Defender EASM: from initial setup and asset discovery to risk assessment and developing a strategy for reducing your external attack surface.
