Merge pull request #279897 from ElazarK/WI265756-DEASM

DEASM new article

Author: Jill Grant

articles/defender-for-cloud/TOC.yml

@@ -207,8 +207,8 @@
       - name: Investigating risks with security explorer/attack paths
         displayName: cloud security graph, attack path analysis, cloud security explorer, attack, path, graph, security, explorer
         href: concept-attack-path.md
-      - name: Integration with Defender EASM
-        displayName: EASM, attack surface management
+      - name: External attack surface management in Defender for Cloud
+        displayName: EASM, attack surface management, integration
         href: concept-easm.md
       - name: Critical assets protection
         href: critical-assets-protection.md
@@ -424,6 +424,9 @@
         - name: Build queries with cloud security explorer
           displayName: queries, security explorer, explorer, templates, query
           href: how-to-manage-cloud-security-explorer.md
+        - name: Detect internet exposed IP addresses
+          displayName: exposed, ip, addresses, easm
+          href: detect-exposed-ip-addresses.md
     - name: Built-in security protections
       items:
         - name: Use Purview to protect sensitive data

articles/defender-for-cloud/concept-cloud-security-posture-management.md

@@ -2,7 +2,7 @@
 title: Cloud Security Posture Management (CSPM)
 description: Learn more about Cloud Security Posture Management (CSPM) in Microsoft Defender for Cloud and how it helps improve your security posture.
 ms.topic: concept-article
-ms.date: 06/30/2024
+ms.date: 07/04/2024
 #customer intent: As a reader, I want to understand the concept of Cloud Security Posture Management (CSPM) in Microsoft Defender for Cloud.
 ---
 
@@ -48,7 +48,7 @@ The following table summarizes each plan and their cloud availability.
 | [Code-to-cloud mapping for IaC](iac-template-mapping.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure DevOps |
 | [PR annotations](review-pull-request-annotations.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | GitHub, Azure DevOps |
 | Internet exposure analysis | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP |
-| [External attack surface management (EASM)](concept-easm.md) (for details see [Defender CSPM integration](concept-easm.md#defender-cspm-integration)) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP |
+| [External attack surface management (EASM)](concept-easm.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP |
 | [Permissions Management (CIEM)](permissions-management.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP |
 | [Regulatory compliance assessments](concept-regulatory-compliance-standards.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP |
 | [ServiceNow Integration](integration-servicenow.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP |

articles/defender-for-cloud/concept-easm.md

@@ -1,34 +1,39 @@
 ---
-title: Microsoft Defender for Cloud integration with Defender External attack surface management (EASM)
+title: External attack surface management in Defender for Cloud
 description: Learn about Defender for Cloud integration with Defender External attack surface management (EASM) to enhance security and reduce the risk of attacks.
 ms.topic: concept-article
-ms.date: 05/20/2024
+ms.date: 07/03/2024
 #customer intent: As a reader, I want to learn about the integration between Defender for Cloud and Defender External attack surface management (EASM) so that I can enhance my organization's security.
 ---
 
-# Integration with Defender EASM
+# External attack surface management in Defender for Cloud
 
-You can use Microsoft Defender for Cloud's integration with Microsoft Defender External Attack Surface Management (EASM) to improve your organization's security posture, and reduce the potential risk of being attacked.
+Microsoft Defender for Cloud has the capability to perform external attack surface management (EASM), (outside-in) scans on multicloud environments. Defender for Cloud accomplishes this through its integration with Microsoft Defender EASM. The integration allows organizations to improve their security posture while reducing the potential risk of being attacked by exploring their external attack surface. The integration is included with the Defender Cloud Security Posture Management (CSPM) plan by default and doesn't require a license from Defender EASM or any special configurations.
 
-An external attack surface is the entire area of an organization or system that is susceptible to an attack from an external source. The attack surface is made up of all the points of access that an unauthorized person could use to enter their system. The larger your attack surface is, the harder it's to protect.
+Defender EASM applies Microsoft’s crawling technology to discover assets that are related to your known online infrastructure, and actively scans these assets to discover new connections over time. Attack Surface Insights are generated by applying vulnerability and infrastructure data to showcase the key areas of concern for your organization, such as:
 
-Defender EASM continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall.
+- Discover digital assets, always-on inventory.
+- Analyze and prioritize risks and threats.
+- Pinpoint attacker-exposed weaknesses, anywhere and on-demand.
+- Gain visibility into third-party attack surfaces.
 
-Defender EASM applies Microsoft’s crawling technology to discover assets that are related to your known online infrastructure, and actively scans these assets to discover new connections over time. Attack Surface Insights are generated by applying vulnerability and infrastructure data to showcase the key areas of concern for your organization, such as:
+With this information, security and IT teams are able to identify unknowns, prioritize risks, eliminate threats, and extend vulnerability and exposure control beyond the firewall. The attack surface is made up of all the points of access that an unauthorized person could use to enter their system. The larger your attack surface is, the harder it's to protect.
+
+EASM collects data on publicly exposed assets (“outside-in”) which Defender for Cloud's  Cloud Security Posture Management (CSPM) (“inside-out”) plan uses to assist with internet-exposure validation and discovery capabilities.
 
-- Discover digital assets, always-on inventory  
-- Analyze and prioritize risks and threats
-- Pinpoint attacker-exposed weaknesses, anywhere and on-demand
-- Gain visibility into third-party attack surfaces
+Learn more about [Defender EASM](../external-attack-surface-management/overview.md).
 
-EASM collects data for publicly exposed assets (“outside-in”). Defender for Cloud CSPM (“inside-out”) can use that data to assist with internet-exposure validation and discovery capabilities, to provide better visibility to customers.
+## EASM capabilities in Defender CSPM
 
-## Defender CSPM integration
+The [Defender CSPM](concept-cloud-security-posture-management.md) plan utilizes the data collected through the Defender EASM integration to provide the following capabilities within the Defender for Cloud portal:
 
-While [Defender CSPM](concept-cloud-security-posture-management.md) includes some external attack surface management capabilities, it doesn't include the full EASM solution. Instead, it provides detection of internet accessible assets via Defender for Cloud recommendations and attack paths.
+- Discover of all the internet facing cloud resources through the use of an outside-in scan.
+- Attack path analysis which finds all exploitable paths starting from internet exposed IPs.
+- Custom queries that correlate all internet exposed IPs with the rest of Defender for Cloud data in the cloud security explorer.
 
-## Next steps
+:::image type="content" source="media/concept-easm/cloud-security-explorer.png" alt-text="Screenshot of the cloud security explorer page in the Defender for Cloud portal." lightbox="media/concept-easm/cloud-security-explorer.png":::
 
-- Learn about [cloud security explorer and attack paths](concept-attack-path.md) in Defender for Cloud.
-- Learn about [Defender EASM](../external-attack-surface-management/overview.md).
-- Learn how to [deploy Defender for EASM](../external-attack-surface-management/deploying-the-defender-easm-azure-resource.md).
+## Related content
+- [Detect internet exposed IP addresses](detect-exposed-ip-addresses.md)
+- [Cloud security explorer and attack paths](concept-attack-path.md) in Defender for Cloud.
+- [Deploy Defender for EASM](../external-attack-surface-management/deploying-the-defender-easm-azure-resource.md).

articles/defender-for-cloud/detect-exposed-ip-addresses.md

@@ -0,0 +1,85 @@
+---
+title: Detect internet exposed IP addresses
+description: Learn how to detect exposed IP addresses with cloud security explorer in Microsoft Defender for Cloud to proactively identify security risks.
+ms.topic: how-to
+ms.date: 07/03/2024
+ms.author: dacurwin
+author: dcurwin
+ai-usage: ai-assisted
+#customer intent: As a security professional, I want to learn how to detect exposed IP addresses with cloud security explorer in Microsoft Defender for Cloud so that I can proactively identify security risks in my cloud environment and improve my security posture.
+---
+
+# Detect internet exposed IP addresses
+
+Microsoft Defender for Cloud's provides organizations the capability to perform External Attack Surface Management (EASM) (outside-in) scans to improve their security posture through its integration with Defender EASM. Defender for Cloud's EASM scans uses the information provided by the Defender EASM integration to provide actionable recommendations and visualizations of attack paths to reduce the risk of bad actors exploiting internet exposed IP addresses. 
+
+Through the use Defender for Cloud's cloud security explorer, security teams can build queries and proactively hunt for security risks. Security teams can also use the attack path analysis to visualize the potential attack paths that an attacker could use to reach their critical assets. 
+
+## Prerequisites
+
+- You need a Microsoft Azure subscription. If you don't have an Azure subscription, you can [sign up for a free subscription](https://azure.microsoft.com/pricing/free-trial/).
+
+- You must [enable the Defender Cloud Security Posture Management (CSPM) plan](tutorial-enable-cspm-plan.md).
+
+## Detect internet exposed IP addresses with the cloud security explorer
+
+The cloud security explorer allows you to build queries, such as an outside-in scan, that can proactively hunt for security risks in your environments, including IP addresses that are exposed to the internet. 
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Search for and select **Microsoft Defender for Cloud** > **Cloud security explorer**.
+
+1. In the dropdown menu, search for and select **IP addresses**.
+
+    :::image type="content" source="media/detect-exposed-ip-addresses/search-ip-addresses.png" alt-text="Screenshot that shows where to navigate to in Defender for Cloud to search for and select the IP addresses option." lightbox="media/detect-exposed-ip-addresses/search-ip-addresses.png":::
+
+1. Select **Done**.
+
+1. Select **+**.
+
+1. In the select condition dropdown menu, select **DEASM Findings**.
+
+    :::image type="content" source="media/detect-exposed-ip-addresses/deasm-findings.png" alt-text="Screenshot that shows where to locate the DEASM Findings option." lightbox="media/detect-exposed-ip-addresses/deasm-findings.png":::
+
+1. Select the **+** button.
+
+1. In the select condition dropdown menu, select **Routes traffic to**.
+
+1. In the select resource type dropdown menu, select **Select all**.
+
+    :::image type="content" source="media/detect-exposed-ip-addresses/select-all.png" alt-text="Screenshot that shows where the select all option is located." lightbox="media/detect-exposed-ip-addresses/select-all.png":::
+
+1. Select **Done**.
+
+1. Select the **+** button.
+
+1. In the select condition dropdown menu, select **Routes traffic to**.
+
+1. In the select resource type dropdown menu, select **Virtual machine**.
+
+1. Select **Done**.
+
+1. Select **Search**.
+
+    :::image type="content" source="media/detect-exposed-ip-addresses/search-results.png" alt-text="Screenshot that shows the fully built query and where the search button is located." lightbox="media/detect-exposed-ip-addresses/search-results.png":::
+
+1. Select a result to review the findings.
+
+## Detect exposed IP addresses with attack path analysis
+
+Using the attack path analysis, you can view a visualization of the attack paths that an attacker could use to reach your critical assets.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Search for and select **Microsoft Defender for Cloud** > **Attack path analysis**.
+
+1. Search for **Internet exposed**.
+
+1. Review and select a result.
+
+1. [Remediate the attack path](how-to-manage-attack-path.md#remediate-attack-paths).
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Identify and remediate attack paths](how-to-manage-attack-path.md)