Microsoft 365 Defender has become a core piece of the tech giant’s defense against the most dangerous and sophisticated threats.
A Microsoft Ignite session Wednesday titled “Microsoft Security’s roadmap for defending against advanced threats” offered an overview on Microsoft’s current security strategy, as well as tips for improving cybersecurity posture and insights into the company’s own security arm.
A significant portion was dedicated to 365 Defender, launched at last year’s Ignite as a core piece of their extended detection and response (XDR) offering.
A demo for 365 Defender’s threat analytics feature presented, which entered public preview Tuesday. The feature provides analyst reports, which contain step-by-step accounts of vulnerabilities, attacks, campaigns, threat actors, malware and attack surfaces.
Threat analytics enables you to leverage Microsoft’s team of researchers and experts, who are actively tracking real-world groups of bad actors and different types of threats, such as Solorigate.
Microsoft take an actor-centric approach to follow and discover their activity and try to understand who they’re targeting. We develop new detections for that to alert customers to them, and their security teams use these alerts to begin the investigation so they can remediate and ultimately block the attacker from moving forward in their networks
“These built-in connectors along with the existing ones simplify data collection and make it so much easier to take advantage of the full capabilities of the SIEM and XDR,”