威胁和漏洞管理Threat and vulnerability management

适用于:Applies to:

想要体验适用于终结点的 Defender?Want to experience Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

有效识别、评估和修正终结点缺陷是运行正常安全计划并降低组织风险的关键。Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. 威胁和漏洞管理是减少组织风险,强化终结点表面区域和提高组织复原能力的基础结构。Threat and vulnerability management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.

使用传感器实时发现漏洞和错误配置,无需代理或定期扫描。Discover vulnerabilities and misconfigurations in real time with sensors, and without the need of agents or periodic scans. 它根据威胁环境、您组织的检测、易受攻击的设备的敏感信息和业务上下文确定漏洞的优先级。It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.

观看此视频,快速概览威胁和漏洞管理。Watch this video for a quick overview of threat and vulnerability management.

桥接工作流差距Bridging the workflow gaps

威胁和漏洞管理内置、实时且由云支持。Threat and vulnerability management is built in, real time, and cloud powered. 它与 Microsoft 终结点安全堆栈、Microsoft Intelligent Security Graph 和应用程序分析知识库完全集成。It's fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base.

漏洞管理是行业首个在修正过程中弥补安全管理和 IT 管理差距的解决方案。Vulnerability management is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. 与 Microsoft Intune 和 Microsoft Endpoint Configuration Manager 集成,创建安全任务或票证。Create a security task or ticket by integrating with Microsoft Intune and Microsoft Endpoint Configuration Manager.

实时发现Real-time discovery

为了发现终结点漏洞和错误配置,威胁和漏洞管理使用相同的无代理内置 Defender for Endpoint 传感器,以减少繁琐的网络扫描和 IT 开销。To discover endpoint vulnerabilities and misconfiguration, threat and vulnerability management uses the same agentless built-in Defender for Endpoint sensors to reduce cumbersome network scans and IT overhead.

它还提供:It also provides:

  • 实时设备清单 - 载入 Defender for Endpoint 的设备会自动将漏洞和安全配置数据报告并推送到仪表板。Real-time device inventory - Devices onboarded to Defender for Endpoint automatically report and push vulnerability and security configuration data to the dashboard.
  • 了解软件和漏洞 - 组织软件清单的光学镜头,以及安装、卸载和修补程序等软件更改。Visibility into software and vulnerabilities - Optics into the organization's software inventory, and software changes like installations, uninstalls, and patches. 新发现的漏洞通过针对第一方和第三方应用程序的可操作缓解建议进行报告。Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
  • 应用程序运行时上下文 - 有关应用程序使用模式的可见性,以更好地进行优先顺序和决策制定。Application runtime context - Visibility on application usage patterns for better prioritization and decision-making.
  • 配置状态 - 了解组织安全配置或错误配置。Configuration posture - Visibility into organizational security configuration or misconfigurations. 在仪表板中报告的问题以及可操作的安全建议。Issues are reported in the dashboard with actionable security recommendations.

智能驱动的优先顺序Intelligence-driven prioritization

威胁和漏洞管理可帮助客户确定优先级,并重点关注对组织构成最紧急且风险最高的漏洞。Threat and vulnerability management helps customers prioritize and focus on the weaknesses that pose the most urgent and the highest risk to the organization. 它将安全建议与动态威胁和业务上下文融合在一起:It fuses security recommendations with dynamic threat and business context:

  • 在通配符中公开新出现的攻击 - 动态对齐安全建议优先顺序。Exposing emerging attacks in the wild - Dynamically aligns the prioritization of security recommendations. 威胁和漏洞管理重点关注当前在构成最高风险的新兴威胁中利用的漏洞。Threat and vulnerability management focuses on vulnerabilities currently being exploited in the wild and emerging threats that pose the highest risk.
  • 精确定位活动漏洞 - 关联威胁和漏洞管理和 EDR 见解,以确定在组织内部的活动泄露中利用的漏洞的优先级。Pinpointing active breaches - Correlates threat and vulnerability management and EDR insights to prioritize vulnerabilities being exploited in an active breach within the organization.
  • 保护高价值资产 - 使用业务关键应用程序、机密数据或高价值用户标识公开的设备。Protecting high-value assets - Identify the exposed devices with business-critical applications, confidential data, or high-value users.

无缝修正Seamless remediation

威胁和漏洞管理允许安全管理员和 IT 管理员无缝协作以修正问题。Threat and vulnerability management allows security administrators and IT administrators to collaborate seamlessly to remediate issues.

  • 发送给 IT 的修正请求 - 根据特定安全建议在 Microsoft Intune 中创建修正任务。Remediation requests sent to IT - Create a remediation task in Microsoft Intune from a specific security recommendation. 我们计划将此功能扩展到其他 IT 安全管理平台。We plan to expand this capability to other IT security management platforms.
  • 备用缓解 - 深入了解其他缓解,例如可降低与软件漏洞关联的风险的配置更改。Alternate mitigations - Gain insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
  • 实时修正状态 - 实时监视整个组织中修正活动的状态和进度。Real-time remediation status - Real-time monitoring of the status and progress of remediation activities across the organization.

威胁和漏洞管理演练Threat and vulnerability management walk-through

观看此视频,全面演练威胁和漏洞管理。Watch this video for a comprehensive walk-through of threat and vulnerability management.

区域Area 说明Description
仪表板Dashboard 获取组织曝光分数、适用于设备的 Microsoft 安全分数、设备曝光分布、顶级安全建议、最易受攻击的软件、顶级修正活动和最公开设备数据等高级视图。Get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
安全性建议Security recommendations 请参阅安全建议和相关威胁信息列表。See the list of security recommendations and related threat information. 当你从列表中选择一个项目时,将打开一个包含漏洞详细信息的飞出面板、一个打开软件页的链接以及修正和例外选项。When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. 如果你的设备通过 Azure Active Directory 加入,并且你已启用 Defender for Endpoint 中的 Intune 连接,则还可以在 Intune 中打开票证。You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you've enabled your Intune connections in Defender for Endpoint.
修正Remediation 请参阅已创建的修正活动和建议例外。See remediation activities you've created and recommendation exceptions.
软件库存Software inventory 请参阅组织中易受攻击的软件列表,以及漏洞和威胁信息。See the list of vulnerable software in your organization, along with weakness and threat information.
漏洞Weaknesses 请参阅组织中 C CV 的常见 (曝光) 列表。See the list of common vulnerabilities and exposures (CVEs) in your organization.
活动日程表Event timeline 查看可能会影响组织风险的事件。View events that may impact your organization's risk.

APIAPIs

运行与威胁和漏洞管理相关的 API 调用,以自动执行漏洞管理工作流。Run threat and vulnerability management-related API calls to automate vulnerability management workflows. 从此 Microsoft 技术社区博客文章了解更多信息Learn more from this Microsoft Tech Community blog post.

请参阅以下相关 API 文章:See the following articles for related APIs:

另请参阅See also