Threat and vulnerability management

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.

Discover vulnerabilities and misconfigurations in real time with sensors, and without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.

Watch this video for a quick overview of threat and vulnerability management.

Bridging the workflow gaps

Threat and vulnerability management is built in, real time, and cloud powered. It's fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base.

Vulnerability management is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. Create a security task or ticket by integrating with Microsoft Intune and Microsoft Endpoint Configuration Manager.

Real-time discovery

To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Defender for Endpoint sensors to reduce cumbersome network scans and IT overhead.

It also provides:

  • Real-time device inventory - Devices onboarded to Defender for Endpoint automatically report and push vulnerability and security configuration data to the dashboard.
  • Visibility into software and vulnerabilities - Optics into the organization's software inventory, and software changes like installations, uninstalls, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
  • Application runtime context - Visibility on application usage patterns for better prioritization and decision-making.
  • Configuration posture - Visibility into organizational security configuration or misconfigurations. Issues are reported in the dashboard with actionable security recommendations.

Intelligence-driven prioritization

Threat and vulnerability management helps customers prioritize and focus on the weaknesses that pose the most urgent and the highest risk to the organization. It fuses security recommendations with dynamic threat and business context:

  • Exposing emerging attacks in the wild - Dynamically aligns the prioritization of security recommendations. Threat and vulnerability management focuses on vulnerabilities currently being exploited in the wild and emerging threats that pose the highest risk.
  • Pinpointing active breaches - Correlates threat and vulnerability management and EDR insights to prioritize vulnerabilities being exploited in an active breach within the organization.
  • Protecting high-value assets - Identify the exposed devices with business-critical applications, confidential data, or high-value users.

Seamless remediation

Threat and vulnerability management allows security administrators and IT administrators to collaborate seamlessly to remediate issues.

  • Remediation requests sent to IT - Create a remediation task in Microsoft Intune from a specific security recommendation. We plan to expand this capability to other IT security management platforms.
  • Alternate mitigations - Gain insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
  • Real-time remediation status - Real-time monitoring of the status and progress of remediation activities across the organization.

Threat and vulnerability management walk-through

Watch this video for a comprehensive walk-through of threat and vulnerability management.

Area Description
Dashboard Get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
Security recommendations See the list of security recommendations and related threat information. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you've enabled your Intune connections in Defender for Endpoint.
Remediation See remediation activities you've created and recommendation exceptions.
Software inventory See the list of vulnerable software in your organization, along with weakness and threat information.
Weaknesses See the list of common vulnerabilities and exposures (CVEs) in your organization.
Event timeline View events that may impact your organization's risk.

APIs

Run threat and vulnerability management-related API calls to automate vulnerability management workflows. Learn more from this Microsoft Tech Community blog post.

See the following articles for related APIs:

See also