365 Defender: An Overview of the 4 Pillars of Microsoft’s Security Suite
In March 2021, Microsoft announced that their endpoint, email, and collaboration security capabilities would be integrated into one, unified experience known as Microsoft 365 Defender. This became generally available in April 2021, allowing security teams to manage previously distinct portals (which will eventually be phased out) into a single, consolidated portal.
As a part of Microsoft’s XDR solution, 365 Defender’s cross-domain security:
- Stops attacks before they happen, reducing attack surface
- Detects and automates across domains, integrating threat data for fast and complete responses
- Hunts across all data, leveraging time saved to apply each business’s unique expertise
This pre- and post-breach suite coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
By integrating multiple portals into one solution, 365 Defender automatically analyzes threat data across domains so security teams can better determine the full scope and impact of threats within a single dashboard. Further, 365 Defender has the capability to auto-heal any affected assets.
As one unified enterprise defense suite, Microsoft 365 Defender encompasses four distinct security platforms that allow security teams to stitch together the full picture of their security posture.
As there have been a number of changes in recent years, in this blog we’ll break down the four pillars that make up Microsoft 365 Defender.
Microsoft Defender for Identity
Microsoft Defender for Identity (previously known as Azure Theat Protection, or Azure ATP), is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your company.
This solution monitors activity across your network to establish a behavioral baseline for each user to identify potential anomalies. This allows security teams to identify rogue users, attack attempts to gain information or move laterally within the network.
Defender for Identity is designed to reduce alert noise and provide only relevant, important security alerts.
Microsoft Defender for Endpoint
This solution provides advanced threat protection including, antivirus, antimalware, and ransomware mitigation, all with centralized management and reporting. Using a combination of technology, including endpoint behavioral sensors, cloud security analytics, and threat intelligence, Defender for Endpoint provides the following:
- Threat and vulnerability management: This uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
- Attack surface reduction: As the first line of defense, this ensures configuration settings are proper and exploit mitigation techniques are applied.
- Next-generation protection: This is designed to catch all types of emerging threats to further reinforce your network’s security perimeter.
- Endpoint detection and response: Should threats bypass the first two security parameters, advanced hunting provides a query-based threat-hunting tool.
- Automated investigation and remediation: In conjunction with the ability to respond to attacks quickly, this offers automatic investigation and remediation to reduce the volume of alerts in minutes at scale.
- Microsoft Threat Experts: With the new managed threat hunting service, users have access to proactive hunting, prioritization, and insights that empower security teams to identify and respond to threats quickly and accurately.
Microsoft Defender for Endpoint is available in two separate plans. Read more about comparing Plan 1 and Plan 2.
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps (formerly known as Microsoft Cloud App Security) enables both local and remote users to adopt business applications without compromising security.
Businesses continue to embrace cloud apps to improve productivity and the average company now uses 1,180 cloud apps. This modern workforce requires a present-day approach to security and compliance.
Microsoft Defender for Cloud Apps provides security teams with visibility across cloud deployed apps, discovers shadow IT, and protects against cyber threats seeking sensitive information. With app governance, security teams can monitor and govern app behaviors and quickly identify, alert, and protect against risky behaviors with data, users, and apps.
Microsoft Defender for Office 365
Microsoft Defender for Office 365 protects businesses from malicious threats sent via emails, links (URLS), and collaboration tools. As businesses face more advanced and targeted attacks, including zero-day phishing attacks, malware, and business email compromise attacks, the risk of falling victim to a cyber attack has never been higher.
This solution provides threat protection policies, investigation and response capabilities (which can be automated), and real-time reports to monitor Defender for Office 365’s performance within your organization.
Microsoft Defender for Office 365 is also available in two separate plans.
Next Steps: Learn More During a 3-Part Virtual Series on 365 Defender
2021 was a trying year for cyber security and it’s anticipated that 2022 could be even worse. With Microsoft 365 Defender, users can rely on one unified portal for their detection, prevention, investigation, and response to sophisticated attacks.
Join our Arraya experts for a 3-part virtual series on 365 Defender:
- March 9, 2022: Defender for Office 365
2. March 16, 2022: Defender for Endpoints
3. March 23, 2022: Defender for Cloud Apps
Register now to reserve your spot, or contact an Arraya expert with any questions.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.