Overview of attack surface management
Microsoft Security Exposure Management helps you to visualize, analyze, and remediate cross-workload attack surfaces.
Security Exposure Management is currently in public preview.
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Enterprise exposure graph
The enterprise exposure graph is the central tool for exploring and managing attack surfaces. The graph gathers information about assets, users, workloads, and more, from across your enterprise to provide a unified, comprehensive view of your organizational security posture.
Graph schemas
Graph schemas provide a framework for organizing and analyzing interconnected assets from multiple workloads across the organization.
- Schemas are made up of tables that provide either event information or information about devices, alerts, identities, and other entity types.
- You query against schemas for proactive threat hunting across data and events. You can build queries in advanced hunting.
- To understand schemas and build effective queries, you can use a built-in schema reference that provides table information.
Enterprise exposure graph schemas
The enterprise exposure graph and the exposure graph schemas extend the existing Defender XDR advanced hunting schemas.
- The schemas provide attack surface information to help understand how potential threats can reach and compromise valuable assets.
- You use the schema tables and operators to query the enterprise exposure graph. Queries allow you to inspect and search attack surface data, and to retrieve exposure information to help prevent risk.
- The enterprise exposure graph currently includes assets, findings, and entity relationships from:
- Microsoft Defender for Cloud
- Microsoft Defender for Endpoint
- Microsoft Defender Vulnerability Management
- Microsoft Defender for Identity
- Microsoft Entra ID
By correlating exposure queries with other graph data, such as incident data, you can uncover risk to a greater degree.
Attack surface map
The attack surface map helps you to visualize the exposure data that you query using the exposure graph schema.
In the map you can explore the data, check what assets are at risk, contextualize them in a broader network framework, and prioritize security focus.
For example, you can check whether a particular asset has unwanted connections, or see whether a device has a path to the internet, and if so, what other devices are exposed.
Next steps
- Review enterprise exposure schemas and operators.
- Query the enterprise exposure graph.
- Explore the attack surface map.
- Read the blog Microsoft Security Exposure Management Graph: unveiling the power.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for