Organizations can now review recently discovered vulnerabilities within installed applications across the Linux OS and issue remediation tasks for all affected devices. These allow organizations to discover, prioritize, and remediate dozens of insecure configurations to improve their overall security posture. They are available in Microsoft Defender for Endpoint as part of an integrated experience that provides device context, prioritizes based on risk, and minimizes time to remediation across their entire portfolio of managed and unmanaged devices.
As we continue to expand the coverage for our TVM capabilities and remain focused on providing natively integrated experiences across the Microsoft portfolio, we are also partnering with industry-leading solution providers to ensure the interoperability of our solution.
We understand that our customers have existing investments and established processes to run their security and IT operations. That is why a broad ecosystem of integration partners is a critical focus as we continue to grow our vulnerability management capabilities. Customers can already leverage integrations with Skybox , Kenna Security , and ServiceNow Vulnerability Response , and we are actively working on expanding this list.
See the current state of your organization's device exposure to threats and vulnerabilities. Several factors affect your organization's exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower the exposure score of your organization to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations.
Microsoft Secure Score for Devices. See the security posture of the operating system, applications, network, accounts, and security controls of your organization.
The goal is to remediate the related security configuration issues to increase your score for devices. Selecting the bars will take you to the Security recommendation page. See how many devices are exposed based on their exposure level.
Select a section in the doughnut chart to go to the Devices list page and view the affected device names, exposure level, risk level, and other details such as domain, operating system platform, its health state, when it was last seen, and its tags. See the collated security recommendations that are sorted and prioritized based on your organization's risk exposure and the urgency that it requires.
Select the software that you want to investigate. A flyout panel will open with a more compact view of the information on the page. You can either dive deeper into the investigation and select Open software page , or flag any technical inconsistencies by selecting Report inaccuracy. Because it is not supported, only limited data will be available. Filter by unsupported software with the "Not available" option in the "Weakness" section. Currently, products without a CPE are not shown in the software inventory page, only in the device level software inventory.
From the Microsoft Defender portal navigation panel, go to the Device inventory. Select the name of a device to open the device page like Computer1 , then select the Software inventory tab to see a list of all the known software present on the device.
Select a specific software entry to open the flyout with more information. Software may be visible at the device level even if it is currently not supported by threat and vulnerability management. However, only limited data will be available. You'll know if software is unsupported because it will say "Not available" in the "Weakness" column.
Factor in common Microsoft and third-party applications, and the test matrix expands dramatically. Microsoft typically includes up to 3, of the most commonly deployed applications in these test matrices to help minimize disruption to customers. Figure: An illustration reflecting the size of an example test matrix for a security update for Windows containing a subset for the purposes of example of tested languages and applications; read the paper for all the details.
Another way Microsoft helps minimize disruptions to customers and businesses is by combining updates to address multiple issues where possible. This action is driven by customer feedback because it reduces the number of updates that are required for deployment.
It is impossible to completely prevent the introduction of vulnerabilities during software development.
This is why such a rigorous process is undertaken to provide high quality security updates that customers can confidently deploy.
0コメント