mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 20:03:40 +00:00
new video and casing
This commit is contained in:
Beth Levin
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Threat & Vulnerability Management
|
||||
title: Threat and vulnerability management
|
||||
description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
|
||||
keywords: threat & vulnerability management, threat and vulnerability management, MDATP TVM, MDATP-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, microsoft defender atp, microsoft defender atp, endpoint vulnerabilities, next generation
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Threat & Vulnerability Management
|
||||
# Threat and vulnerability management
|
||||
|
||||
**Applies to:**
|
||||
|
||||
@ -25,17 +25,17 @@ ms.topic: conceptual
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.
|
||||
Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.
|
||||
|
||||
It helps organizations discover vulnerabilities and misconfigurations in real-time, based on sensors, without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.
|
||||
|
||||
Watch this video for a quick overview of Threat & Vulnerability Management.
|
||||
Watch this video for a quick overview of threat and vulnerability management.
|
||||
|
||||
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4mLsn]
|
||||
|
||||
## Next-generation capabilities
|
||||
|
||||
Threat & Vulnerability Management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base.
|
||||
Threat and vulnerability management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base.
|
||||
|
||||
It is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft Microsoft Endpoint Configuration Manager.
|
||||
|
||||
@ -47,7 +47,7 @@ It provides the following solutions to frequently-cited gaps across security ope
|
||||
|
||||
### Real-time discovery
|
||||
|
||||
To discover endpoint vulnerabilities and misconfiguration, Threat & Vulnerability Management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead, and provides:
|
||||
To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead, and provides:
|
||||
|
||||
- Real-time device inventory. Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard.
|
||||
- Visibility into software and vulnerabilities. Optics into the organization's software inventory, and software changes like installations, uninstalls, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
|
||||
@ -56,20 +56,26 @@ To discover endpoint vulnerabilities and misconfiguration, Threat & Vulnerabilit
|
||||
|
||||
### Intelligence-driven prioritization
|
||||
|
||||
Threat & Vulnerability Management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, Threat & Vulnerability Management in Microsoft Defender ATP highlights the most critical weaknesses that need attention by fusing its security recommendations with dynamic threat and business context:
|
||||
Threat and vulnerability management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, threat and vulnerability management in Microsoft Defender ATP highlights the most critical weaknesses that need attention by fusing its security recommendations with dynamic threat and business context:
|
||||
|
||||
- Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, Threat & Vulnerability Management dynamically aligns the prioritization of its security recommendations to focus on vulnerabilities that are currently being exploited in the wild and emerging threats that pose the highest risk.
|
||||
- Pinpointing active breaches. Microsoft Defender ATP correlates Threat & Vulnerability Management and EDR insights to provide the unique ability to prioritize vulnerabilities that are currently being exploited in an active breach within the organization.
|
||||
- Protecting high-value assets. Microsoft Defender ATP's integration with Azure Information Protection allows Threat & Vulnerability Management to identify the exposed devices with business-critical applications, confidential data, or high-value users.
|
||||
- Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, threat and vulnerability management dynamically aligns the prioritization of its security recommendations to focus on vulnerabilities that are currently being exploited in the wild and emerging threats that pose the highest risk.
|
||||
- Pinpointing active breaches. Microsoft Defender ATP correlates threat and vulnerability management and EDR insights to provide the unique ability to prioritize vulnerabilities that are currently being exploited in an active breach within the organization.
|
||||
- Protecting high-value assets. Microsoft Defender ATP's integration with Azure Information Protection allows threat and vulnerability management to identify the exposed devices with business-critical applications, confidential data, or high-value users.
|
||||
|
||||
### Seamless remediation
|
||||
|
||||
Microsoft Defender ATP's Threat & Vulnerability Management allows security administrators and IT administrators to collaborate seamlessly to remediate issues.
|
||||
Microsoft Defender ATP's threat and vulnerability management capability allows security administrators and IT administrators to collaborate seamlessly to remediate issues.
|
||||
|
||||
- Remediation requests to IT. Through Microsoft Defender ATP's integration with Microsoft Intune and Microsoft Endpoint Configuration Manager, security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms.
|
||||
- Alternate mitigations. Threat & Vulnerability Management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
|
||||
- Alternate mitigations. Threat and vulnerability management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
|
||||
- Real-time remediation status. Microsoft Defender ATP provides real-time monitoring of the status and progress of remediation activities across the organization.
|
||||
|
||||
## Reduce organizational risk with threat and vulnerability management
|
||||
|
||||
Watch this video for a comprehensive walk-through of threat and vulnerability management.
|
||||
|
||||
>[!VIDEO https://aka.ms/MDATP-TVM-Interactive-Guide]
|
||||
|
||||
## Before you begin
|
||||
|
||||
Ensure that your devices:
|
||||
@ -78,7 +84,7 @@ Ensure that your devices:
|
||||
- Run with Windows 10 1709 (Fall Creators Update) or later
|
||||
|
||||
>[!NOTE]
|
||||
>Threat & Vulnerability Management can also scan devices that run on Windows 7 and Windows Server 2019 operating systems and detects vulnerabilities addressed in patch Tuesday.
|
||||
>Threat and vulnerability management can also scan devices that run on Windows 7 and Windows Server 2019 operating systems and detects vulnerabilities addressed in patch Tuesday.
|
||||
|
||||
- Have the following mandatory updates installed and deployed in your network to boost your vulnerability assessment detection rates:
|
||||
|
||||
@ -95,7 +101,7 @@ Ensure that your devices:
|
||||
|
||||
## APIs
|
||||
|
||||
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615).
|
||||
Run threat and vulnerability management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615).
|
||||
See the following topics for related APIs:
|
||||
|
||||
- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
|
||||
@ -108,7 +114,7 @@ See the following topics for related APIs:
|
||||
## Related topics
|
||||
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md)
|
||||
- [Exposure score](tvm-exposure-score.md)
|
||||
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
@ -118,5 +124,5 @@ See the following topics for related APIs:
|
||||
- [Event timeline](threat-and-vuln-mgt-event-timeline.md)
|
||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||
- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
|
||||
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||
- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||
- [BLOG: Microsoft's Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/)
|
||||
|
||||
Reference in New Issue
Block a user