On Expel’s EXE Blog, we regularly share our thought process on how we think about security operations at scale at Expel and the decision support( or additional context) we provide our analysts through automation.
In short, Defender for Endpoint stimulates it easy for us to achieve our standard of investigative quality and response time, but it doesn’t require a heavy raise from our analysts. And that’s good news both for our customers and for us.
So, what is Microsoft Defender for Endpoint?
Defender for Endpoint is an enterprise endpoint security product that are compatible with Mac, Linux, and Windows operating systems, along with Android and iOS. There are lots of cool things that Defender for Endpoint does at an administrative level( such as attack surface reduction and configurable remediation ). Nonetheless, from our vantage point, we know it best for its detection and response capabilities.
Defender for Endpoint is unique because is not simply does it combine an Endpoint Detection and Response( EDR) and AV detection engine into the same product, but for Windows 10 hosts, this functionality is built into the operating system, removing the need to install an endpoint agent.
How EDR tools help us as an XDR vendor
When we integrate with an EDR product like Defender for Endpoint in support of our patrons, our goal is to predict the investigative those issues that an analyst will ask and then automate the action of getting the necessary data from that tool.
This frees up our analysts to make the decision–versus attain them spend time extracting the right data.
Thanks to Defender for Endpoint’s robust APIs, we augmented its capability to provide upfront decision support to our analysts. As a ensue, we’re able to arm them with the answers to the basic investigative questions we ask ourselves with every alert.
To find these answers, there are a few specific capabilities of Defender for Endpoint we use that allow us to pull this information into each alert 😛 TAGEND
Advanced hunting database. Prevalence information. Detailed process logging. AV acts.
This way, our analysts don’t need to worry about fiddling with the tool but instead focus on analyzing the rich data it provides.
Check out a real-life example of how Expel analysts use Defender for Endpoint to triage an alerting on behalf of the members of a customer.
Champion for Endpoint helps reduce our alert-to-fix time
The decision support–or additional context about an alert–that Defender for Endpoint enables us to generate is powerful because it allows us to become specialists at analysis rather than specialists of a specific technology.
Defender for Endpoint furnishes a platform that allows our analysts to quickly and accurately answer important questions during an investigation.
Most importantly, though, having these capabilities emulated in the API allowed us to build on top of the Defender for Endpoint platform to be more efficient in providing high-quality detection and response.
And that’s a win-win for both Expel and our customers.
To learn more about the Microsoft Intelligent Security Association( MISA ), visit our website, where you can learn about the MISA program, product integratings and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.
To learn more about Microsoft Security answers, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post What we been fucking loving Microsoft Defender for Endpoint appeared first on Microsoft Security .
Read more: microsoft.com