More Threat Intelligence Content in MDTI, TA Enables Better Security Outcomes


Microsoft empowers our customers to keep up with the global threat landscape and understand the threats and vulnerabilities most relevant to their organization. We are excited to announce that we have recently accelerated the speed and scale at which we publish , giving our customers more critical security insights, data, and guidance than ever before. 


This blog will show how our 10,000 interdisciplinary experts and applied scientists reason over more than 78 trillion daily threat signals to continuously add to our understanding of threat actors and activity. It will also show how this increased publishing cadence in Microsoft Defender Threat Intelligence (MDTI), Threat Analytics, and Copilot for Security helps enrich and contextualize hundreds of thousands of security alerts while enhancing customers' overall cybersecurity programs.  


Increased Intel Profiles 


Microsoft has published 270 new Intel profiles over the past year to help customers maintain situational awareness around the threat activity, techniques, vulnerabilities, and the more than 300 named actors Microsoft tracks. These digital compendiums of intelligence help organizations stay informed about potential threats, including Indicators of Compromise (IOCs), historical data, mitigation strategies, and advanced hunting queries. Intel profiles are continuously maintained and updated by Microsoft's threat intelligence team, which added 24 new Intel profiles in May alone, including 10 Activity Profiles, 4 Actor Profiles, 5 Technique Profiles, and 5 Vulnerability Profiles 


Intel profiles are published to both MDTI and Threat Analytics, which can be found under the “Threat Intelligence” blade in the left-hand navigation menu in the Defender XDR Portal. In Threat Analytics, customers can understand how the content in Intel profiles relates to devices and vulnerabilities in their environment. In MDTI, Intel Profiles enhance security analyst triage, incident response, threat hunting, and vulnerability management workflows. 


In Copilot for Security, customers can quickly retrieve information from intel profiles to contextualize artifacts and correlate MDTI and Threat Analytics content and data with other security information from Defender XDR, such as incidents and hunting activities, to help customers assess their vulnerabilities and quickly understand the broader scope of an attack. For example, Copilot can reason over vulnerability intelligence in MDTI and Threat Analytics to deliver a customized, prioritized list based on a customer organization's unique security posture. 


Enhanced OSINT 


Microsoft has also added to the breadth of intelligence we make available to customers, improving the quantity and depth of open-source intelligence (OSINT). Microsoft's threat intelligence teams have begun adding 500% more OSINT to MDTI since mid-March to capture more insights for our customers to apply to their security programs. 


Because OSINT involves collecting and analyzing information from publicly available sources, such as the internet, public records, and media, Microsoft's teams have begun enriching OSINT profiles with proprietary IOCs, recommendations, detections, and analysis to give customers even more situational awareness and actionable insights around threat activity analyzed across the industry. In May alone, our threat intelligence teams published and enriched more than 50 OSINT articles in MDTI. 


These OSINT articles are cross-linked to other threat intelligence in MDTI to enable analysts to understand how threat activity is connected. In Copilot, customers can quickly retrieve information on indicators related to this OSINT, including IP addresses and domains, and contextualize artifacts with content such as threat articles and intel profiles.  


Microsoft Defender XDR Threat Analytics 


Microsoft's teams build detections based on content from MDTI and Threat Analytics to help customers detect, understand, and address related activities. In the Threat Analytics portal, Microsoft's threat intelligence teams provide security recommendations, which can be tracked by customers within the product. The portal also shows affected endpoints using Microsoft Defender for Vulnerability Management data and lists any impacted devices associated with the alerts. In May, Threat Analytics generated 235,000 alerts. 


Threat Intelligence published in Threat Analytics is crucial for giving customers context on daily alerts. For instance, a recent Technique Profile for PowerShell led to over 1.3 million alerts across Microsoft security products. 


New to MDTI? Here's where to start 


If you are interested in learning more about MDTI and how it can help you unmask and neutralize modern adversaries and cyberthreats such as , and to explore the features and benefits of MDTI please visit the MDTI product web page 


Also, be sure to contact our sales team to request a demo or a quote. Learn how you can begin using MDTI with the purchase of just one Copilot for Security SCU here. 



This article was originally published by Microsoft's Defender Threat Intelligence Blog. You can find the original article here.