Microsoft Defender External Attack Surface Management (EASM)

Published by Justin on

Microsoft Defender External Attack Surface Management (EASM) is a security solution for an organization’s external attack surfaces. It operates by monitoring security and operational integrity across the following assets:

  • Websites
  • IP addresses
  • Domains
  • SSL certificates
  • Other digital assets

In addition to these components, EASM can also forward all relevant information and logs to SIEM solutions such as Microsoft Sentinel.

It is also possible to manually input company-specific data, such as all domain names and IP addresses associated with its services.

The costs for this solution are minimal; you pay €0.01 per day per host, domain, or IP address added. For example, I configured it with 10 instances of each, resulting in a total monthly cost of €9.17. The costs are billed on your Azure invoice.

Best features of Microsoft Defender EASM

The best features of this solution include:

  • Open port scanning on IP addresses
  • SSL certificate monitoring + expiration date checks
  • Domain name checks + expiration date verification
  • Scanning for potential CVE score vulnerabilities
  • Identifying common administrative misconfigurations
  • Web server assessments based on OWASP guidelines
  • Tracking changes in assets

Here, for example, you can see a common vulnerability detected in servers, even when running in environments such as Amazon Web Services (AWS):

Summary

To summarize this solution, its a must-need for organizations who want security on every level. Security is like a team sport, it has to be great on every level. Not just one level. This solution will help you achieve this.

End of the page 🎉

You have reached the end of the page. You can select a category, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.

If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/

Go back to Blog

The terms and conditions apply to this post.

Page visitors: No page-counter data available yet.
Categories: Microsoft Defender XDR
Tags:

Related Posts

Microsoft Defender XDR

Penetration testing Defender for Identity and Active Directory

In this guide, i will show how to do some popular Active Directory attacking tests and show how Defender for Identity (MDI) will alert you about the attacks. Not everyting detected by Defender for Identity Read more

Microsoft Defender XDR

How to monitor your Active Directory with Defender for Identity

When it comes to security, it is great to secure every perimeter. In the Zero Trust model, it has been stated that we have to verify everything, everytime, everywhere. So why consider not monitoring and Read more

Microsoft Defender XDR

The MITRE ATTACK Framework

The MITRE ATTACK (ATT&CK) Framework is a framework which describes all stages and methods cyberattacks attacks are launched on companies in the last 15 years. The main purpose of the framework is to help Red Read more