Microsoft 365 Defender
Microsoft 365 Defender delivers extended detection and response (XDR) capabilities for identities, endpoints, cloud apps, email and documents. It offers integrated protection against advanced attacks.
With an integrated Microsoft 365 Defender solution, you can analyze the threat signals and determine the full scope and impact of the threat. You can also determine how the threat entered your environment, which helps to identify what it has affected, and how it is affecting your organization. Microsoft 365 Defender can take automated actions to prevent and combat several types of cybersecurity attacks and assist cybersecurity analysts to contain, mitigate and remediate endpoints, mailboxes, and user identities. Microsoft 365 Defender services include:
for Office 365
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is the most comprehensive XDR product in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. It provides multi-cloud (Microsoft, Google Cloud and AWS) as well as multi-platform (Windows, Mac, Linux, Android, and iOS) support
Microsoft Defender for Endpoint leverages technologies built into Windows 10 and Microsoft’s powerful cloud service to:
Endpoint behavior sensors
Built-in sensors and agents provided by Microsoft Defender for Endpoint enable the collection and analysis of behavioral signals from a variety of operating systems (OS).
Cloud security analytics
Microsoft Defender for Endpoint uses big-data, AI/ML, and Microsoft Security Graph signals across Windows, Linux, OSX, iOS, and Android to detect and respond to advanced threats.
Threat intelligence capabilities enable Microsoft Defender for Endpoint to identify cyber criminals’ tactics, techniques, and procedures (TTP) to send alerts when these signals are detected.
Microsoft Defender for Office 365
Microsoft Defender for Office 365 protects your organizations against malicious threats posed by email messages, collaboration tools, and URLs. Microsoft Defender for Office 365 provides:
Advanced threat protection policies
These policies are defined based on your organizational risk profile to enable you to determine protection level for predefined cyber attacks
Microsoft Defender Office 365 features an advanced reporting dashboard that monitors your cybersecurity landscape. It updates reports in real-time, offering you the latest insights about your company’s cybersecurity posture. These reports also provide alerts about potential cyber threats and recommendations on how to manage them.
Threat investigation and response capabilities
Microsoft Defender for Office 365 offers robust threat investigation and response tools that enable security defenders to anticipate, understand, and prevent malicious threats. Microsoft Defender for Office 365 features threat attackers that offer the latest intelligence on current cybersecurity threats. Also, it allows defenders to simulate attacks to run realistic attack scenarios in your organization to identify cybersecurity weaknesses.
Automated investigation and response (AIR)
When investigating potential cyberattacks, time is of the essence. AIR capabilities of Microsoft Defender for Office 365 enable the security operations professionals to reduce the time and effort required for managing incident response using both automated and user-initiated actions.
Microsoft Defender for Identity
Microsoft Defender for Identity is a security solution for protecting your on-premise Active Directory (AD) signals by detecting, identifying, and investigating sophisticated threats, suspicious identities, and malicious insider actions targeting your company.
Microsoft Defender for Identity allows security operations analysts to detect identity-driven attacks to:
Monitor users’ behavior and activities with learning-based analytics
Safeguard user identities and data stored in AD
Identify and investigate suspicious user activities and sophisticated threats
Provide threat information on a simple timeline for fast triage
Microsoft Cloud App Security (MCAS)
As a Cloud Access Security Broker (CASB), MCAS provides log collection, API connectors, and reverse proxy for thousands of cloud services. It offers visibility, data protection, and advanced analytics. MCAS enables defenders to identify and prevent cyber threats across both Microsoft and third-party cloud services.
MCAS natively combines with popular Microsoft solutions to provide effortless deployment, centralized management, and innovative automation capabilities.