Microsoft Defender unifies all extended detection and response (XDR) technologies under the Microsoft Defender brand.
Read on to learn about the rebranding and new capabilities!
As attacker strategies and tactics become more advanced and malicious, organizations must stay on top of security. No longer does protecting individual areas such as email or endpoints keep your environment secure. Extended detection and response (XDR) is a new approach that is designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers.
Microsoft Defender used to be the name of anti-virus software – but is now the brand name for Microsoft’s security suite. Microsoft Defender is a comprehensive collection of XDR technologies that prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and Cloud platforms. Leverage Microsoft Defender to keep your organization safe and save time through automation and AI. Microsoft Defender is delivered in two ways, Microsoft 365 Defender for end-user environments and Azure Defender for Cloud and hybrid infrastructure.
The following branding changes were made to unify the Microsoft Defender technologies:
- Microsoft 365 Defender (previously Microsoft Threat Protection)
- Stops attacks with automated, cross-domain security, and built-in AI. Able to stop attacks before they happen, detect and automate across domains, and hunt across all your data.
- Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
- Uses Endpoint behavioral sensors, Cloud security analytics, and threat intelligence to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
- Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
- Cloud-based email filtering service that helps protect against unknown malware and viruses. With deep reporting and URL trace capabilities, it gives administrators key insights into the kind of attacks happening in their organization.
- Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
- Helps protect on-premises identities and correlate signals with Microsoft 365. Helps eliminate on-premises vulnerabilities with Cloud intelligence.
Microsoft 365 Defender
Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, Cloud apps, email, and documents. Using artificial intelligence, Microsoft 365 Defender will consolidate alerts and remediate the alerts so your IT can focus on more important business problems and tasks that better leverage their expertise and time. Prioritization and efficiency allow organizations to focus on and resolve real threats, not false signals, in a timely manner. The following graphic shows the dashboard your IT department would see:
Azure Defender delivers XDR capabilities to protect multi-Cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more. This is accessed from within the Azure Security Center and allows an IT department to easily see which resources are protected and which need protection. Azure Defender streamlines security with artificial intelligence (AI) and automation, enabling your organization to save time when standing up against threats like remote desktop protocol (RDP) brute-force attacks and SQL injections. Additionally, Microsoft’s acquisition of CyberX complements the existing Azure IoT security capabilities – which are integrated with Azure Defender for IoT. The following graphic is a look into Azure Defender in the Security Center:
The following branding changes were made to unify the Azure Defender technologies:
- Azure Defender for Servers (previously Azure Security Center Standard Edition)
- Adds threat detection and advanced defenses for your Windows and Linux machines.
- Azure Defender for IoT (previously Azure Security Center for IoT)
- Helps protect all your IoT/OT devices and gives comprehensive visibility into risk. Can automate asset discovery, provides vulnerability management, shows IoT/OT-aware behavioral analytics, and integrates with Azure Sentinel and other third-party solutions.
- Azure Defender for SQL (previously Advanced Threat Protection for SQL)
- Azure Defender SQL database servers and Azure Defender SQL servers on machines are the two plans that help secure your databases and their data wherever they are located. Threat intelligence provides enriched security alerts to be triggered when there are potential SQL injection attacks, anomalous database access, and query patterns, or suspicious database activity.
The XDR capabilities of Microsoft Defender from both Azure Defender and Microsoft 365 Defender provide deep insights and prioritized alerts – but in order to gain visibility across your entire environment, we recommend connecting Microsoft Defender with Azure Sentinel. This allows data from other solutions such as firewalls or exiting tools to be included and visible. The integration of Azure Sentinel and Microsoft Defender provides end-to-end visibility and prioritized insights across all your enterprise assets. Let your security team understand comprehensively what is going on in your environment and prioritize time and resources more efficiently.
Microsoft Defender Licensing
- Microsoft 365 Defender
- Requires one of the following licenses: Microsoft 365 E5/E5 Security, Windows 10 Enterprise E5, EMS E5, Office 365 E5, Microsoft Defender for Endpoint or Identity or Office 365 (Plan 2), or Microsoft Cloud App Security
- Microsoft Defender for Endpoint
- Requires one of the following licensing offers: Windows 10 Enterprise E5, Microsoft 365 E5 which includes Windows 10 Enterprise E5, or Microsoft 365 E5 Security
- Microsoft Defender for Office 365
- Defender for Office 365 Plan 2 is included in Office 365 E5, and Microsoft 365 E5. Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium.
- Microsoft Defender for Identity
- Defender for Identity is available as part of Enterprise Mobility + Security 5 suite (EMS E5), and as a standalone license.
- Azure Defender
Give us a call today so our experts can help your organization best utilize Azure Defender or start looking at the power of Azure in your environment.
How Interlink Can Help
The experts at Interlink are able to guide you through the entire process of utilizing Microsoft Defender and licensing. We work with you to identify specific organizational needs and see what the best solution is for your environment. Microsoft Defender brings powerful capabilities, and the addition of Azure Sentinel gives extensive visibility.
Contact Interlink today to get started!
For more information on Defender, check out this blog from our partner at Peters & Associates.
Interested in learning more? View our similar blog: Interlink’s Energize Identity Security Workshop | Uncover Risks and Improve your Security Posture.