Nowadays, most of the employees work at home and on the road, reason why the information security teams are scrambling to secure their rapidly expanding remote workforces. Organizations face threats across a variety of platforms and devices, and the the typical perimeter around the office walls is no longer sufficient to keep all cyberthreats far from the company data. One of the most common approaches to this new world of cyberthreats is the introduction of protection on several layers of defense.
One of those layers that the organizations must protect is the Endpoint. By 2025, cloud delivered Endpoint Protection Platform solutions will grow from 20% of new deals to 95%.
According to Gartner, “An endpoint protection platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware, malicious scripts and memory-based threats. It is also deployed to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts”.
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats it centers around 6 pillars:
- Threat and Vulnerability Management: Discover vulnerabilities and misconfigurations in real-time
- Attack Surface Reduction: Eliminate risks and minimize the vulnerable areas of your organization
- Next-Generation Protection: Block sophisticated threats and malware including never-seen-before polymorphic/metamorphic malware and fileless/file-based threats
- Endpoint Detection and Response (EDR): Spot attacks and zero-day exploits using advanced behavioral analytics and machine learning
- Auto Investigation and Remediation: Automatically investigate alerts and remediate complex threats in minutes at scale
- Microsoft Threat Experts: Get expert-level threat monitoring and analysis – identify critical threats in your environment.
Microsoft Defender for Endpoint uses endpoint behavioral sensors. These sensors gather and process behavioral signals from the operating system and they send this information to your private and isolated cloud instance of Microsoft Defender for Endpoint. Check the official portal Microsoft Defender for Endpoint, Microsoft 365 for more information here.
When talking about Licensing, be aware that you can onboard MacOS, Windows 7, Windows 8.1, Windows 10 devices, Windows Server, Android, Linux. Microsoft Defender for Endpoint requires one of the following Microsoft Volume Licensing offers:
- Windows 10 Enterprise E5
- Windows 10 Education A5
- Microsoft 365 E5 (M365 E5)
- Microsoft 365 E5 Security
- Microsoft 365 A5 (M365 A5)
Also, Microsoft Defender for Endpoint, on Windows Server, requires one of the following licensing options:
- Azure Security Center with Azure Defender enabled
- Defender for Endpoint for Servers (one per covered server)
Defender for Endpoint detection and response
When it comes to detection and response, the endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. When a threat is detected, the system creates alerts for an analyst to investigate while the response capabilities give you the ability to promptly remediate threats by acting on the affected entities.
The device isolation feature disconnects the compromised device from the network while retaining connectivity to the Defender for Endpoint service, which continues to monitor the device. This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement.
In addition to that, the extended detection and response (XDR) features of Defender for Endpoint can be integrated with Azure Sentinel, and it can help automate the 80% of the most common tasks that security operations teams spend time on, allowing them to focus on the task that matter the most to them.
Why choose Microsoft Defender for Endpoint?
There are many benefits of leveraging Defender for Endpoint and one is that it’s part of Microsoft 365, which means that by owning theses licenses, you will have access to the Microsoft security suite and the integration between the Microsoft Security services will provide what you need to keep your organization secure. Apart from that, Gartner has named Microsoft as a Leader in 2019 Endpoint Protection Platforms Magic Quadrant.
If you’d like to experience Defender for Endpoint, you can sign up for a free trial in this link here.
In the meantime, don’t forget that you can reach out to us at email@example.com if you have any question or need any help, otherwise stay tuned for our next Security blog as we’ll keep sharing tips, updates and announcements.