As we outlined in part 1, remote working has resulted in users at home operating without the luxury of enterprise-grade security solutions, leaving them exposed to additional threats.  In the last 2-years, adversaries have focused their efforts on the opportunity these newly exposed devices present, increasing their targeting of vulnerable software and launching phishing attacks that cannot be blocked as easily and efficiently as they were in a pre-pandemic world.

Additionally, traditional antivirus solutions will not protect or respond to modern threats. For example, if an IP address is recently associated with phishing attacks or for hosting malware payloads, my antivirus software is not aware, and I have no way of filtering a connection to that IP address.  And to be frank, quite often the threat is so new, I may not even know about the IP address at all, so this type of threat extends beyond remote working.

Keeping abreast of IP addresses associated with threats is not something we can be expected to do ourselves, we rely on technology and technical solutions to provide us with subscription lists or solutions that can help us leverage the data, to help protect our customers. Modern security solutions such as those available in the Microsoft security stack, now leverage technology including Machine Learning, Artificial Intelligence and Automation to help us detect and respond promptly and at scale.

Therefore, modern endpoint security is not just critical, it must be the new standard for endpoint security.

Microsoft Defender: What's in the Box?

Let's look at the key capabilities and understand why they set the new standard for endpoint security.

Threat and Vulnerability Management(TVM) provides us with real-time vulnerability information across out endpoint estate along with the ability to block vulnerable apps, until they are patched, significantly reducing the attack surfaces associated with applications.

Additionally, TVM provides us with step-by-step instructions on how to deploy security configuration using Microsoft Endpoint Manager (Intune), Active Directory Group Policy and 3rdparty MDM solutions.

The TVM dashboard is populated via Microsoft's leading Threat Intelligence including Zero Day threats, and highlights the key weaknesses based on value of the asset so that you can prioritise your resources, focusing on the most critical issues first. For example, often overlooked Attack Surface Reduction rules will be high if not top of the list in a new deployment.Attack Surface Reduction rulesshould be applied to all Windows workloads including servers, without exception; concerningly I often find partners I speak to are not even aware of ASR rules and customers' devices are exposed to some of the most common attack vectors of the Windows operating system.

Next Generation Protection uses human and Machine Learning analysis of big data to monitor endpoints for behavioural anomalies, including processes and files, providing near real-time detection of and response to threats. If unusual behaviour is detected, for example a PowerShell command is executed or attempts to set unusual file or registry permissions are detected, Next Generation Protection can create an alert, triggering automated responses, including full remediation and self-healing.

Excerpt - Microsoft Digital Defence Report 2022

Tom Burt Corporate Vice President, Customer Security & Trust"The trillions of signals we analyse from our worldwide ecosystem of products and services reveal the ferocity, scope, and scale of digital threats across the globe"

Source here.

Automated Investigation and Remediation(AIR) leverages complex algorithms to inspect alerts and incidents, taking immediate action where necessary including full remediation of an attack with no human intervention.

AIR therefore significantly reduces the volume of alerts, allowing security operations to focus on sophisticated threats and higher value initiatives. The platform includes simulated attacks to highlight AIR and test your endpoint security posture. This GitHubrepository also includes over 40 simulated attacks.

Did you know? You can use Defender for Endpoint with a 3rd party endpoint antivirus solution and obtain capability including Endpoint Detection and Response! (EDR). EDR can detect and respond to modern threats that are beyond the capability of standard antivirus solutions, providing customers with a significant uplift in protection and reduction in risk.

Endpoint Detection and Response(EDR) provides near real-time detection of advanced attacks, providing detailed and broad visibility into the scope of the attack, helping security analysts prioritise, contain, and respond to attacks methodically.

EDR alerts will show patterns of attack techniques across multiple assets, resulting in a shorter response time, significantly reducing the ability for an attacker to reach their intended target.

Alerts in Defender for Business will also details the tactics and techniques used in the attack, aligned with theMITRE ATT&CK Framework, providing invaluable information that can be used to help defend against and prevent further attacks.

Licencing

Defender for Business can be purchased stand-alone. It's also included in Microsoft 365 Business Premium.

The stand-alone edition allows businesses to protect users of Exchange Online or other basic SKUs and Microsoft 365 bundles including Business Basic and Business Standard.  There really is no excuse for a breach exploiting weaknesses in endpoints anymore, we can and must do more to protect these critical assets.

And if you needed more reasons, Dicker Data is currently running a few promotions to bring your cost down as well! Explore offers here, including:

For you:

  • Take 16.7% off NCE monthly Microsoft 365 licencing

For your customers:

  • Over 2,500* Qantas Business Rewards with new purchases of Microsoft 365 Business Premium!

Keen to learn more about Microsoft Defender for Business?

If you would like to see a killer demonstration of Defender for Business, please contact us viamicrosoft.presales@dickerdata.com.auand we will be in touch to arrange a meeting.

Attachments

Disclaimer

Dicker Data Limited published this content on 21 December 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 21 December 2022 04:36:28 UTC.