Microsoft Defender Threat Intelligence is a comprehensive threat intelligence offering designed to help organizations defend against modern cyber threats and exposure. It helps to unmask and disrupt adversaries by providing real-time visibility into cyber attackers and their infrastructure, so you can detect and respond to threats more effectively.
Defender Threat Intelligence includes several key features to support security operations:
Continuous Threat Intelligence: Offers a comprehensive view of the internet and monitors changes on a daily basis so you can understand and minimize exposure.
Adversary Profiling: Helps you identify the group behind an online attack, their tactics, and their tools.
Enhanced Alert Investigations: Adds context to Microsoft Sentinel and Defender XDR incident data with finished and raw threat intelligence.
Accelerated Incident Response: Helps you quickly take down malicious infrastructure, including domains and IPs, and known tools and resources.
Team Collaboration: Helps teams collaborate using the Defender Threat Intelligence workbench to share knowledge and insights.
Prevention and Posture Improvement: Automatically identifies malicious actors and helps prevent external cyber threats by blocking internal resources from accessing malicious internet resources.
Defender Threat Intelligence is tightly integrated with Microsoft's security offerings, including Microsoft Sentinel and Defender XDR, and can help extend their capabilities. It is particularly useful for organizations looking to improve their security posture by staying ahead of cyber threats through timely and actionable threat intelligence.
Microsoft offers two versions of Defender Threat Intelligence:
Standard Version: A free version that includes public indicators of compromise, open-source intelligence, a common vulnerabilities and exposures database, and limited articles and analysis from Microsoft Threat Intelligence.
Premium Version: A paid version that includes full access to operational, strategic, and tactical intelligence, including Microsoft IOCs, enriched OSINT, URL and file intelligence, and more.
Pricing is not disclosed, but customers can explore licensing options through the Microsoft website. With Defender Threat Intelligence, customers can dramatically improve their ability to detect and respond to cyber threats, helping to protect their digital estate from modern cyber threats.