by Scott Jack
Content Contributor, E-N Computers
Over 10 years of experience in healthcare IT and tech support.
Small and midsize businesses face increasingly complex cybersecurity threats against their systems and data. Protecting yourself against those threats requires tools and policies so that you can automatically thwart attacks, investigate incidents, and remediate any remaining issues. But a patchwork of tools is inefficient and can leave you with blind spots and higher costs or at least multiple bills to manage.
Microsoft Defender is a family of cloud-based security software. The “Defender” name has been around since the Windows XP days, when it was a free downloadable anti-malware program for workstations. Today, Defender is enterprise-grade security that protects your endpoints, Microsoft 365, and Azure environments.
While we used a combination of several cybersecurity products in the past, we now rely on Defender to provide clients with top-tier security. As cyber threats become more complex and abundant, it’s more important than ever to use unified tooling for compliance, investigation, and remediation. It allows us to keep your costs in check without cutting corners.
This article introduces a few key cybersecurity terms, talks about why we prefer Microsoft Defender XDR over a combination of third-party vendors, and offers a brief overview of features and licensing.
QUICK ANSWER:
How does Microsoft Defender XDR simplify cybersecurity?
Microsoft Defender is a family of cloud-based security software that protects endpoints, Microsoft 365, and Azure environments through unified tooling for compliance, investigation, and remediation. Its Extended Detection and Response (XDR) version integrates with various systems to provide a comprehensive view of an organization’s security posture.
Why we’re using Microsoft Defender XDR (formerly Microsoft 365 Defender)
In the past, we recommended Blackpoint MDR to our managed services clients that needed more than a basic EDR solution.
Endpoint detection and response (EDR) provides unified management of endpoint security with data collection and analysis, automatic containment, and investigation tools.
Managed detection and response (MDR) is a service model that provides 24-hour monitoring, detection, and response using human security analysts. Analysts remediate threats remotely and alert your local IT as necessary.
However, MDR solutions are limited in scope, focusing on your network and endpoints. Microsoft Defender XDR has some advantages that we can’t ignore.
Overview of Microsoft Defender XDR
Microsoft Defender XDR is a comprehensive security solution. It doesn’t just look at your endpoints and network; it also integrates with email, collaboration tools, cloud apps, and identity management solutions. Information from all these systems is fed into a single interface that gives us a holistic view of your security.
This unified approach has some great benefits that allow us to rapidly identify, investigate, and remediate threats to your data and systems.
- Automatic disruption of cyber threats, like ransomware, before they spread too far.
- One incident queue covers all your systems, with issues prioritized by severity.
- Powerful investigation tools pull all related details of an incident together. This includes related devices, users, and automatic remediation steps. Related alerts are listed and arranged in a timeline so that it’s easier to see how a threat moved through your systems. Visualizations are auto generated to help with seeing the connection between affected data and systems.
Defender XDR uses information from up to 10 other Microsoft security products. Let’s look at two of these: Microsoft Defender for Endpoint and Microsoft Defender for Office 365.
Microsoft Defender for Endpoint
Defender for Endpoint is an Endpoint Detection and Response (EDR) tool. EDR) provides unified management of endpoint security with data collection and analysis, automatic containment, and investigation tools.
Endpoints are physical devices connected to a network: desktops, laptops, mobile devices, and Internet of Things (IoT) devices like networked security cameras. Defender for Endpoint enables endpoint security for Windows, macOS, Linux, Android, iOS and IoT devices.
Features of Defender for Endpoint include:
- Automatic attack disruption takes signals from multiple sources and correlates them into a single incident. It can pinpoint the source of attacks and initiate a rapid response (e.g., block a file, quarantine a device), even for events where it is difficult for human security teams to do so.
- Global threat intelligence has over 10,000 security analysts reviewing threat signals to provide prompt insights that allow us to investigate and remediate threats more effectively.
- Discovery methods to find devices on your network, inventory them, and onboard eligible devices for better security monitoring.
- Prioritized recommendations for security policies (e.g. antivirus, disk encryption, firewall policies) that show in Microsoft Secure Score.
Microsoft Defender for Office 365
Microsoft Defender for Office 365 helps secure email and Microsoft Teams against phishing, email compromise, and other threats. Here are a few of the features that help to keep you safe.
- Safe attachments give you extra protection beyond a typical malware scan. After being scanned, these attachments are opened in a virtual environment to see what happens. By default, messages with malicious attachments are quarantined for admin review and future instances of that attachment are automatically blocked. This may delay the delivery of some safe messages. In SharePoint, OneDrive, and Teams, detected malicious attachments can’t be opened, copied, moved, or shared.
- Safe links scans incoming messages for malicious links and wraps all scanned URLs inside a safelinks.protection.outlook.com address. If the URL is identified as malicious, a warning page will display when the link is clicked.
- Anti-phishing protection detects spoofing and impersonation and analyzes coordinated attacks against your organization and Microsoft 365. Spoofing is disguising an email so that it looks like it comes from a legitimate source. Impersonation is sending an email from a real domain (that may look slightly different) with the intent to deceive.
- Attack simulation training allows us to send fake phishing messages to your users, so they learn to recognize these messages and how to report them. Microsoft includes this with the E5 license which costs about $60/month. Third-party vendor KnowBe4 provides a similar service.
Cost considerations
We strongly recommend the Microsoft 365 Business Premium license, at $22/user/month, because it offers a range of essential features. It includes Defender for Endpoint (Plan 1) and Defender for Office 365 (Plan 1), which gives us the ability to manage your cybersecurity effectively.
We think that this is a better value overall. Instead of paying for services from separate vendors for antivirus, MDR, phishing training, email, and collaborative tools, you can bring all that under one roof—and one bill—with Microsoft 365. You’ll get more comprehensive security coverage and a more holistic view of your security posture than you would with an MDR solution.
Next Steps
When you have the right people working together, you can implement systems and processes that actively help you reach your business goals. We sometimes call this IT maturity. But for many organizations, something is off when it comes to their partnerships, strategy, systems, and settings. How can you know what’s working well and where you have room for improvement? Start by taking our free IT Maturity Self-Assessment. You’ll walk away with some pointers and, if you want, a free appointment to discuss your results.
Not sure if you need managed IT services?
Take the IT Maturity Self-Assessment
In a few minutes, get actionable insights on your IT strategy, plus a free strategic consultation.
Industries
Locations
Waynesboro, VA
Corporate HQ
215 Fifth St.
Waynesboro, VA 22980
Sales: 540-217-6261
Service: 540-885-3129
Accounting: 540-217-6260
Fax: 703-935-2665
Washington D.C.
1126 11th ST. NW
Suite 603
Washington, DC 20001-4366
Sales: 202-888-2770
Service: 866-692-9082
VA DCJS # 11-6604
Locations
Harrisonburg, VA
45 Newman Ave.
Harrisonburg, VA 22801
Sales: 540-569-3465
Service: 866-692-9082
Richmond, VA
3026A W. Cary St.
Richmond, VA 23221
Sales: 804-729-8835
Service: 866-692-9082