Merge pull request #2493 from DebLanger/353538_HL_Posture

HL article in unified sec-ops

Author: DebLanger

unified-secops-platform/TOC.yml

@@ -44,7 +44,11 @@
       - name: Connect Microsoft Sentinel to Microsoft Defender
         href: microsoft-sentinel-onboard.md
     - name: Reduce security risk
-      href: reduce-risk-overview.md
+      items:
+      - name: Improve security posture and reduce risk"
+        href: reduce-risk-overview.md
+      - name: Protect your environment with Exposure Management
+        href: overview-msem-strategy.md  
     - name: Detect threats
       href: detect-threats-overview.md
     - name: Uncover adversaries with threat intel

unified-secops-platform/media/reduce-risk-overview/MS_products.png

@@ -0,0 +1,93 @@
+---
+title: "Enhancing your organization's security posture"
+description: Provides an overview of security posture management and risk reduction in Microsoft's unified security operations platform.
+search.appverid: met150
+ms.service: unified-secops-platform
+ms.author: dlanger
+author: dlanger
+ms.localizationpriority: medium
+ms.date: 02/05/2025
+audience: ITPro
+ms.collection:
+- M365-security-compliance
+- tier1
+- usx-security
+ms.topic: overview
+
+# customer intent: As a security professional, I want to understand how Microsoft's unified security operations platform, specifically tools like Microsoft Security Exposure Management can enhance my organization's security posture by providing comprehensive visibility, prioritizing remediation efforts, and continuously monitoring for threats.
+---
+
+# Microsoft Security Exposure Management for enhanced security posture
+
+Security posture refers to an organization’s strength of protection over its networks, data, and systems (hardware and software). It measures how vulnerable your organization is to cyber-attacks or data breaches.
+
+The cyber landscape is becoming more perilous with increasing threat actors, faster phishing attacks, and more password attacks. Cyber jobs are harder due to regulatory updates, numerous security tools, and open jobs. Organizations face exposure with critical assets and open attack paths.
+
+Microsoft Security Exposure Management transforms the attack surface by providing tools to discover, assess, and reduce risk with confidence. It integrates with various Microsoft Defender products and offers a unified view of internal and external exposure, potential attack paths, and critical asset protection.
+
+Proactively protecting your organization from potential data breaches is more effective than just doing damage control once a breach occurs.
+
+## Scoping - Make a plan
+
+A well-defined plan is essential for effective exposure management. Your plan should outline the purpose and objectives of posture management for your organization, aligning with legal and regulatory requirements and the risks to your organization's goals. Identify internal stakeholders and important external parties and establish clear roles and responsibilities.
+
+## Discovery - Find vulnerabilities
+
+The **Discovery** step identifies vulnerabilities within your infrastructure. This involves scanning networks, systems, and applications for potential weaknesses. By regularly conducting vulnerability assessments, you can stay ahead of emerging threats and ensure your security posture remains strong.
+
+
+We recommend that you maintain an up-to-date inventory of your assets, including on-premises resources, cloud resources, and endpoints. Work with security governance teams to ensure assets are properly tagged and inventories are current. This helps incident responders quickly identify and address security issues.
+
+## Education and training
+
+Security posture management is a complex topic that requires a wide range of technical knowledge. Continuously educate and train your operations and incident response staff on Exposure Management technologies and how your organization uses them. This ensures your team is prepared to handle security incidents effectively.
+
+The evolution of vulnerability management includes TI-Based, Risk-Based, and Exposure Management stages. Continuous exposure management involves attack surface management, attack path analysis, and unified exposure insights. Microsoft integrates exposure management data across Defender products to enhance security posture.
+
+**Incident classification framework**
+
+Define what constitutes a "security incident" for your organization and develop a method for classifying incidents. A classification framework helps prioritize response and preparation activities, collect useful metrics, and improve the performance of your posture management program. Categories might include denial of service, malware, or unauthorized access, with impact-based severity levels such as critical, high, medium, or low.
+
+## Assess your security posture
+
+Use Exposure Management to get a comprehensive view of your organization's security posture, including key metrics, critical assets, and potential vulnerabilities. Exposure Management provides a 360-degree view of your security landscape, helping you understand and quantify your attack surface exposure.
+
+Learn more here, [What is Microsoft Security Exposure Management?](/security-exposure-management/microsoft-security-exposure-management)
+
+## Identify attack entry points
+
+Exposure Management helps you identify and map out potential attack paths, giving you visibility into critical choke points that need to be addressed. This proactive approach allows you to close down attack paths before they can be exploited.
+
+80% of organizations have at least one open attack path to a critical asset. 61% of attack paths lead to sensitive user accounts. Only 1% of total assets in organizations are critical or sensitive.
+
+Learn more here, [Overview of attack surface management](/security-exposure-management/cross-workload-attack-surfaces)
+
+## Prioritize remediation efforts
+
+Focus on the most critical vulnerabilities and attack paths first. Exposure Management provides recommendations for remediation actions to help you prioritize your efforts. This ensures that your resources are used effectively to mitigate the most significant risks.
+
+Learn more here, [Review security recommendations](/security-exposure-management/security-recommendations) 
+
+## Validation – Test and confirm fixes
+
+Incorporate the **Validation** step to test and confirm that remediation efforts effectively address identified vulnerabilities. This involves conducting penetration tests and security audits to ensure that vulnerabilities are properly mitigated and that the fixes are effective.
+
+## Key considerations for users
+
+For users new to Exposure Management, it's important to understand the following benefits:
+
+- **Comprehensive view**: Exposure Management provides a 360-degree view of your organization's security posture, helping you understand the overall security landscape.
+- **Prioritization**: Focus on the most critical vulnerabilities and attack paths first to maximize the impact of your remediation efforts.
+- **Continuous monitoring**: Exposure Management continuously monitors your threat exposure and provides updates on your security posture.
+
+For users with an established posture program, consider the following advanced features:
+
+- **Integration**: Exposure Management integrates with existing security tools and solutions, providing a unified view of your security posture.
+- **Advanced metrics**: Utilize advanced security metrics and insights provided by Exposure Management to fine-tune your security strategies.
+- **Collaboration**: Work with different teams within your organization to ensure a coordinated approach to exposure management.
+
+A great starting point for any user is to set a specific goal. For instance, you might choose to enhance Ransomware Protection initiative by 20%. Use Exposure Management metrics and recommendations to identify and mitigate vulnerabilities that could be exploited by ransomware attacks to achieve this improvement.
+
+## Ensuring your security posture
+
+Maintaining a robust security posture is essential for safeguarding your organization's networks, data, and systems against cyber threats. By using tools like Exposure Management, you can gain a comprehensive view of your security landscape, identify critical vulnerabilities, and prioritize remediation efforts effectively. Continuous monitoring and proactive measures are key to staying ahead of potential threats and ensuring that your security posture remains strong. Following the guidelines outlined here and fostering a culture of security awareness, your organization can better protect itself from cyber-attacks and data breaches, building trust with customers and stakeholders.

unified-secops-platform/media/reduce-risk-overview/posture.png

@@ -1,12 +1,12 @@
 ---
-title: "Overview - Improve security posture and reduce risk"
+title: "Improve Security Posture and Reduce Risk"
 description: Provides an overview of solutions that help reduce security risk in Microsoft's unified security operations platform.
 search.appverid: met150
 ms.service: unified-secops-platform
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
-ms.date: 11/19/2024
+ms.date: 02/05/2025
 audience: ITPro
 ms.collection:
 - M365-security-compliance
@@ -16,16 +16,15 @@ ms.topic: concept-article
 # customer intent: As a security administrator, I want to learn how to proactively improve security posture and reduce risk exposure in my organization.
 ---
 
-# Security posture management and risk reduction
+# Improve security posture management and reduce risk
 
-To battle increasingly sophisticated and well-resourced threat actors, security teams need a comprehensive strategy that reduces vulnerabilities, prevents breaches, and mitigates threats in real-time.
+Security teams need a comprehensive strategy to reduce vulnerabilities, prevent breaches, and mitigate threats in real time.
 
 Microsoft's unified SecOps platform provides a set of integrated tools and solutions that work together to help security teams proactively reduce security risk.
 
 Proactive security management allows you to manage cybersecurity as an ongoing risk, rather than series of unpredictable events. Proactive risk management helps to reduce the likelihood of breaches, minimize business disruptions when attacks do occur, and raise security awareness as an ongoing practice across the business.
 
-
-## Improving prebreach security
+## Improve prebreach security
 
 Security teams must address key activities for effective prebreach security.
 
@@ -47,8 +46,8 @@ A range of solutions within Microsoft's unified SecOps platform helps security t
 
 Solution | Details | Capabilities
 --- | --- | ---
-**[Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management)**<br/><br/>Reduce security risk by reducing attack surfaces. | Automatically discover assets, including devices, identities, cloud apps, and more. Extend visibility to non-Microsoft solutions.<br/><br/>Aggregate security posture data across data silos into a single location.<br/><br/>Organize data into security initiatives to monitor, track, measure, and prioritize posture in the areas that are most important to you.<br/><br/> identify, classify, and protect critical business assets to reduce the likelihood of them being attacked.<br/><br/>Discover and visualize attack surfaces and potential blast radius.<br/><br/>Understand and analyze potential attack paths to map how attackers might exploit vulnerabilities across the organization.<br/><br/> Get contextual insights to understand, prioritize, and mitigate security risk.
-**[Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)**<br/><br/> Detect real-time threats to cloud workloads, and proactively improve security posture. | Cloud security posture management capabilities assess the posture of resources across Azure, AWS, GCP, and on-premises. Defender for Cloud improves security posture for machines, containers, sensitive data, databases, AI workloads, storage, and DevOps.<br/><br/> Security recommendations provide information and manual/automatic actions to remediate issues and harden resource security.
-**[Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)**<br/><br/> Improve security posture and protect against threats. | Defender for Endpoint includes a number of security posture management features.<br/><br/>[Attack surface reduction](/defender-endpoint/overview-attack-surface-reduction) proactively blocks common activities associated with malicious actions, and provides [attack surface reduction rules](/defender-endpoint/attack-surface-reduction) to constrain risky software-based behavior.<br/><br/>Other features include [controlled folder access](/defender-endpoint/controlled-folders), [peripheral device control](/defender-endpoint/device-control-overview), [exploit protection](/defender-endpoint/exploit-protection), [network](/defender-endpoint/network-protection) and [web](/defender-endpoint/network-protection) protection.
-**[Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)**<br/><br/> Remediate security vulnerabilities across the organization. | Defender Vulnerability Management continuously identifies vulnerabilities and misconfigurations, providing contextual insights into potential threats, and recommendations to mitigate them.
+**[Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management)**<br/><br/>Reduce security risk by reducing attack surfaces. | Automatically discover assets, including devices, identities, cloud apps, and more. Extend visibility to non-Microsoft solutions.<br/><br/>Organize data into security initiatives to monitor, track, measure, and prioritize posture in the areas that are most important to you.<br/><br/>Discover and visualize attack surfaces and potential blast radius.<br/><br/>[Get contextual insights to understand, prioritize, and mitigate security risk.](overview-msem-strategy.md)
+**[Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)**<br/><br/>Detect real-time threats to cloud workloads, and proactively improve security posture. | Cloud security posture management capabilities assess the posture of resources across Azure, AWS, GCP, and on-premises. Defender for Cloud improves security posture for machines, containers, sensitive data, databases, AI workloads, storage, and DevOps.<br/><br/>Security recommendations provide information and manual/automatic actions to remediate issues and harden resource security.
+**[Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)**<br/><br/>Improve security posture and protect against threats. | Defender for Endpoint includes a number of security posture management features.<br/><br/>[Attack surface reduction](/defender-endpoint/overview-attack-surface-reduction) proactively blocks common activities associated with malicious actions, and provides [attack surface reduction rules](/defender-endpoint/attack-surface-reduction) to constrain risky software-based behavior.<br/><br/>Other features include [controlled folder access](/defender-endpoint/controlled-folders), [peripheral device control](/defender-endpoint/device-control-overview), [exploit protection](/defender-endpoint/exploit-protection), [network](/defender-endpoint/network-protection) and [web](/defender-endpoint/network-protection) protection.
+**[Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)**<br/><br/>Remediate security vulnerabilities across the organization. | Defender Vulnerability Management continuously identifies vulnerabilities and misconfigurations, providing contextual insights into potential threats and recommendations to mitigate them.
 **[Microsoft Secure Score](/defender-xdr/microsoft-secure-score)**<br/><br/>Measure organizational security posture. | Secure Score helps to monitor the security posture of Microsoft 365 workloads, including devices, identities, and apps. [Compare Security Score with security posture in Security Exposure Management](/security-exposure-management/compare-secure-score-security-exposure-management).