Microsoft Defender for Endpoint

Overview

Businesses are increasingly falling victim to attacks and threats ranging from ransomware to sophisticated malware. One of the peculiarities that distinguishes “attackers” today is that they can move quickly and invisibly once they have entered the corporate network.

A purely perimeter defense, however complex and advanced it may be, and traditional approaches for Endpoint security (Antivirus) are not and cannot be considered sufficient for the protection of one’s own machine park and data.

Also, with a view to comply with current legislation on compliance and security, it is necessary to adopt solutions that are dynamic and adaptive and that are able to compensate for the weaknesses of the systems in place.

Solution

These are the foundations on which the solution is based:

  • Agent-less, integrated into the operating system: the client-end-point behavioral sensors are incorporated in Windows 10 and have the aim of collecting and processing the “behavior” of the operating system, sending this data to a Microsoft Defender for Endpoint private and isolated (tenant) cloud instance.
  • Information on threats: By exploiting “big data”, “machine learning” and exclusive Microsoft information, the behavioral data collected is used to identify the tools, techniques and procedures used in the “attacks”, in order to generate the Recommended “responses” for dealing with threats;
  • In order to support systems administrators and to meet the regulatory and DPO needs, the solution provides a centralized management console (Microsoft Defender for Endpoint portal) in the Microsoft cloud environment that allows you to monitor the status of the corporate devices covered and, therefore, to react promptly if necessary.                                                                                                                          For example, you can:
    • View the “warnings” / “alarms” generated by the endpoints;
    • Observe other information about observed indicators, such as files and IP addresses;
  • Microsoft Defender for Endpoint integrates directly with different Microsoft solutions, including:
  • Observe other information about observed indicators, such as files and IP addreFor example, you can:
    • Azure Defender
    • Azure Sentinel
    • Microsoft Intune
    • Microsoft Cloud App Security
    • Microsoft Defender for Identity

Requirements

  • Windows 10 Enterprise E5
  • Windows 10 Education A5
  • Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
  • Microsoft 365 A5 (M365 A5)
  • Microsoft 365 E5 Security
  • Microsoft 365 A5 Security
  • Microsoft Defender for Endpoint

Benefits

  • Reduction of exposure to vulnerabilities and consequently of the attack surface;
  • Continuous monitoring of the Endpoints