Integration with Defender EASM

You can use Microsoft Defender for Cloud's integration with Microsoft Defender External Attack Surface Management (EASM) to improve your organization's security posture, and reduce the potential risk of being attacked.

An external attack surface is the entire area of an organization or system that is susceptible to an attack from an external source. The attack surface is made up of all the points of access that an unauthorized person could use to enter their system. The larger your attack surface is, the harder it's to protect.

Defender EASM continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall.

Defender EASM applies Microsoft’s crawling technology to discover assets that are related to your known online infrastructure, and actively scans these assets to discover new connections over time. Attack Surface Insights are generated by applying vulnerability and infrastructure data to showcase the key areas of concern for your organization, such as:

  • Discover digital assets, always-on inventory
  • Analyze and prioritize risks and threats
  • Pinpoint attacker-exposed weaknesses, anywhere and on-demand
  • Gain visibility into third-party attack surfaces

EASM collects data for publicly exposed assets (“outside-in”). Defender for Cloud CSPM (“inside-out”) can use that data to assist with internet-exposure validation and discovery capabilities, to provide better visibility to customers.

Next steps