<img alt="" src="https://secure.hims1nice.com/151009.png" style="display:none;">
" style="background-color: #2c3e50;">
 

Blogs

Managing Device Vulnerabilities - Part 1

Posted by Cliff Embry on Sep 22, 2022 9:30:00 AM
Cliff Embry
Find me on:

This month we are looking at Microsoft Defender Vulnerability Management (MDVM). In this post, you will learn how MDVE can identify vulnerabilities and remediate weaknesses in your organization.

Born within Microsoft Defender for Endpoint (MDE) Plan 2, MDVE focuses more on mitigations for standing endpoint vulnerabilities to reduce the attack surface. There are many vantage points from which to view organization exposure, so look below to see how MDVE can raise eyebrows and create a weakness remediation roadmap for any organization.

 

Index: Licensing Requirements | Security Portal | Vulnerabilities | Notifications | Workshop

 

Microsoft Defender Vulnerability Management Licensing Requirements

 

First, let’s look at Microsoft’s licensing requirements for the product. MDVM is partially available within Microsoft Defender for Endpoint P2 with an optional add-on allowing full capabilities. If your organization is not leveraging MDE, there is a standalone option as well. This post will focus on the core capabilities and a Part 2 will encompass the additional capabilities in the middle column below.

Managing Device Vulnerabilities  1

Compare Microsoft Defender Vulnerability Management offerings | Microsoft Docs

Regardless of your current licensing, everyone can get their hands on a 120-day trial to evaluate the full product. Or, if you are using MDE Plan 2 and want to get started with the core capabilities before limiting yourself to 120 days with an Add-on trial, skip this part and return when you are ready to expand MDVM’s capabilities. This post will focus on core capabilities

 

A deeper look into the security portal

 

Next, let’s look at the security portal. We’ll start with the dashboard to get a high-level overview of the environment alongside top vulnerabilities and recommendations.

Managing Device Vulnerabilities 2

On the first half of the dashboard pictured above you will find your exposure score, secure score for devices, and if you scroll down, your device exposure distribution, top vulnerable software, and top exposed devices. You can even track remediation activities derived from security recommendations.

Managing Device Vulnerabilities 3

 

Next, let’s look at the event timeline. This pane displays a risk news feed to assist with mapping new vulnerabilities to devices in the organization.

Managing Device Vulnerabilities

Clicking on a vulnerability event will open details about the vulnerability and how many devices were and are still impacted.

Managing Device Vulnerabilities 5

From here, you can select “Go to related security recommendation” to learn how to remediate devices.

Managing Device Vulnerabilities 6

Here we can see that updating to a later version of chrome will fix the issue. You can also view a list of exposed devices, devices that already have an adequate version installed, and associated CVE information.

 

Remediating Vulnerabilities

 

Now, let’s request a remediation by selecting “Request remediation." This will open a form to complete a remediation request.

Managing Device Vulnerabilities 7

Managing Device Vulnerabilities 8

Now these remediation requests can be tracked from within the security portal.

Managing Device Vulnerabilities 9

If you navigate directly to the “Recommendations” pane, you will see a list of actional recommendations prioritized by highest exposure risk to help focus on the most impactful remediations.

Managing Device Vulnerabilities 10

Now, hover over the “threats” icon for a vulnerability to see threat insights provided by Microsoft Defender threat analytics.

Managing Device Vulnerabilities 11

Now let’s select a vulnerability and review the remediation recommendations.

Managing Device Vulnerabilities 12

The “General” tab will list a description of the security recommendation including the potential risk, user impact, and saturation of the vulnerability in the environment. Select the “Remediation options” tab to see Microsoft’s recommended approach to mitigate the vulnerability.

Managing Device Vulnerabilities 13

Here we will see listed remediation steps with helpful links that provide guidance. This will help save time and ensure you are reducing the organization's attack surface with every security recommendation remediation.

Now let’s look at the “Inventories” pane to see what software provides the most vulnerability for the organization.

Managing Device Vulnerabilities 14

This view shows us all the inventoried software mapped to weaknesses and exposed devices. We can see updates are needed for Windows 10, .net Framework, and Office (M365 apps). It’s clear that patches were recently released. This is expected. If we look beyond Microsoft products, we will find Chrome to be our biggest offender, followed by Zoom meetings and Log4j. If you select Chrome, then select “go to related security recommendation," you will see all the security recommendations related to Chrome. Creating remediation requests from each of these will help track the mitigation of the associated vulnerabilities.

Managing Device Vulnerabilities 15

Let’s take another approach. How can we see our most vulnerable endpoints? Navigate back to the dashboard, scroll down, and select “Top exposed devices."

Managing Device Vulnerabilities 16

Now you can better understand which devices need the most attention from a vulnerability perspective and create the remediation actions necessary to better protect the environment.

Managing Device Vulnerabilities 17

Next, let’s look at the “Weaknesses” blade. It will automatically sort by unmitigated vulnerability prevalence to bring the most impactful vulnerabilities to the surface. You can use the filter to customize what you see here.

Managing Device Vulnerabilities 18

Drilling down into each of these will give you options to create remediation requests as we have seen throughout the product.

 

 

Setting up notifications

 

After familiarizing yourself with the console, notifications can be configured for the proper recipients.

Navigate to the “Settings” pane and select “Endpoints.”

Managing Device Vulnerabilities 19

Select “Email notifications," choose the “Vulnerabilities” tab, then “Add notification rule."

Managing Device Vulnerabilities 20

Supply a name for the notification and a description if desired, then select “Next."

Managing Device Vulnerabilities 21

Configure the notification. Below we have configured to notify on new vulnerabilities with a severity threshold of High or Critical.

Managing Device Vulnerabilities 22

Add notification recipients.

Managing Device Vulnerabilities 23

Then complete the wizard to complete the wizard.

Managing Device Vulnerabilities 24

And finally, check out the reports!

Managing Device Vulnerabilities 25

Managing Device Vulnerabilities 26

If you’ve made it this far in this lengthy post, it should be clear what value MDVE has when it comes to endpoint security. If you are using Microsoft Defender or Endpoint, you can get started today! If you are not, get the 120-day standalone trial and start gathering this information to see the same type of data you see in this post.

If you want to see the additional capabilities, subscribe to the KiZAN blog mailing list, or follow us on LinkedIn to be notified for Part 2 where we will review the additional capabilities available in the add-on and standalone versions.

Demo | Workshop | Managed Service

Learn how Microsoft Defender Vulnerability Management can identify vulnerabilities and remediate weaknesses in your organization.

 

KiZAN Logo Blue

KiZAN is a Microsoft National Solutions Provider with numerous gold and silver Microsoft competencies, including gold data analytics. Our primary offices are located in Louisville, KY, and Cincinnati, OH, with additional sales offices located in Tennessee, Indiana, Michigan, Pennsylvania, Florida, North Carolina, South Carolina, Georgia and Texas.

Posted by Cliff Embry

Cliff Embry is KiZAN’s Microsoft Security Principal Consultant and specializes in Microsoft 365. He has a solid understanding of Microsoft's underlying on-premises infrastructure technologies backed with over a decade of experience in hundreds of environments.

Topics: Security