Description #

Microsoft Defender External Attack Surface Management (EASM) is a security tool designed to provide continuous discovery and monitoring of an organization's digital attack surface from an external perspective. By leveraging Microsoft's proprietary discovery technology, Defender EASM uncovers infrastructure connected to known assets, providing IT and security teams with visibility into domains, IP blocks, hosts, email contacts, Autonomous System Numbers (ASNs), and WHOIS organizations. These asset types form the attack surface inventory, revealing external-facing properties that are exposed to the open internet and thus pose potential risks.

With Defender EASM, organizations can gain a comprehensive view of their online infrastructure, including previously unknown or unmonitored properties, extending vulnerability management beyond traditional firewall boundaries. IT Partner will guide you through the initial setup, resource configuration, and implementation of Defender EASM, ensuring that your digital assets are continuously monitored and protected against external threats.

IT Partner Responsibilities #

1. Assist in setting up or verifying the existing Azure subscription or Defender EASM trial account.
2. Guide the client through understanding the core functionalities and prerequisites for Defender EASM.
3. Set up the Defender EASM Azure resource.
4. Configure seed and start initial assessment.
5. Provide knowledge on how to use the tool effectively, including interpreting reports and responding to alerts.
6. Help optimize the ongoing monitoring process and suggest enhancements based on the client's evolving security needs.

Client Responsibilities #

1. Ensure access to the required Azure.
2. Provide details of known legitimate assets that can be used as discovery "seeds" for the initial setup.
3. Collaborate with IT Partner to define key security priorities and known assets.

Prerequisites #

1. An Azure subscription is required, or a 30-day free trial of Defender EASM can be utilized for initial setup and evaluation.

Plan #

1. Verify the client’s Azure subscription and access permissions.
2. Collect information on known legitimate assets to be used for initial discovery.
3. Create a new resource group in Azure for Defender EASM.
4. Configure the Defender EASM resource in the resource group.
5. Configure the discovery settings and connect initial discovery seeds.
6. Start the initial discovery process to map the external attack surface.
7. Establish monitoring rules and alerts for newly discovered assets.
8. Provide recommendations for further optimization based on initial discovery results.

Success criteria #

1. Defender EASM configured and operational in the client's Azure environment.
2. Comprehensive mapping of the organization’s external attack surface, including domains, IP blocks, and other assets.
3. Continuous monitoring of external-facing properties with alerts for any changes or new discoveries.
4. Actionable insights that help prioritize risk mitigation efforts and reduce exposure to external threats.
5. Knowledge transfer provided to the client's security team for effective use and management of Defender EASM.