Microsoft Threat Experts Now Comes with Actual Experts
Microsoft this week announced the general availability of the security consulting service portion of its Threat Experts service.
While the Threat Experts managed detection and response security service was declared to be at the general availability (GA) stage back in late April, its experts-on-demand component still remained in preview until now. (Microsoft Threat Experts also includes a second security service, called "targeted attack notifications," which is a messaging service that notifies organizations about detected threats, but it hit GA back in April.)
The experts-on-demand capability lets an organization's security operations center (SOC) team send questions to Microsoft about suspicious network activities. In response, Microsoft may allow "the SOC to have a line of communication and consultation with Microsoft Threat Experts," per the announcement. In this case, by "Threat Experts," Microsoft literally means its security personnel, who get involved in discussing the incident.
Communications with these Microsoft security experts happens through the Windows Defender Security Center portal, per this Microsoft Threat Experts configuration document. Their advice consists of "insights into attacks, technical guidance on next steps, and advice on risk and protection." A response from Microsoft's security experts will happen "within two days." However, at that time, they may request more information or ask for file samples, or they may state whether the information was sufficient or if more time is needed.
Organizations wanting to use the Threat Experts service with its experts-on-demand and targeted attack notifications components need to be subscribed to the top-of-the-line Microsoft 365 E5 plan, which provides access to the Microsoft Defender Advanced Threat Protection (ATP) security service. Organizations with that licensing still need to apply to use the Threat Experts service. The application gets initiated by organizations using the Microsoft Defender ATP portal, Microsoft's configuration document explained.
It's possible to try out the experts-on-demand capability in the Threat Experts service. Organizations need to have Microsoft Defender ATP deployed. They get the "90-day free trial via the Microsoft Defender Security Center." Details are described in Microsoft's configuration document.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.