In a blog post, Microsoft says it developed Threat & Vulnerability Management through previews with customers for over a year. Using feedback, the company says it better understands what organizations need for vulnerability management. TVM is integrated into Microsoft Defender Advanced Threat Protection (ATP). The solution assesses risk to find and prioritize endpoint vulnerabilities and solve discovered issues. Microsoft says TVM paired with Microsoft Defender ATP provides the following features:
Continuous discovery of vulnerabilities and misconfigurations Prioritization based on business context and dynamic threat landscape Correlation of vulnerabilities with endpoint detection and response (EDR) alerts to expose breach insights Machine-level vulnerability context during incident investigations Built-in remediation processes through unique integration with Microsoft Intune and Microsoft System Center Configuration Manager
Real-time Protection
TVM is different to standard vulnerability scans, which typically only run periodically. Organizations can be at risk during times when a scan is not running. Microsoft says this model of protection is problematic. “This is coupled with the fact that mitigation of vulnerabilities is a manual process, often across teams, that can take days, weeks, or months to complete. This leaves a window of opportunity for attackers and puts our defenders in a tough spot.” Threat & Vulnerability Management provides consistent active real-time scanning to find threats. “Our goal is to empower defenders with the tools they need to better protect against evolving threats, and we believe this solution will help provide that additional visibility and agility they need.”