Microsoft Sentinel is a (cloud-based) SIEM. It collects data from as wide a range of sources as possible and analyzes it to provide real-time insights and alerts that would be impossible to do manually.
QUOTMICROSOFT SAFETY SCANNER FULL
SIEM: Security Information and Event ManagementĪ SIEM is a single centralized system that allows full visibility into your entire environment. Defender for Endpoint is one of many products that fall under the Defender umbrella. It leverages artificial intelligence (AI) and automation to analyze data and workflows to automatically stop attacks, and quarantine and/or remediate affected assets. This includes infrastructure, endpoint, email, applications, and identities. XDR: eXtended detection and responseĪn all-encompassing security solution that covers resources of all types, across your environment. It is specifically built for protecting endpoints. Microsoft Defender for Endpoints is an EDR. EDR has logging and auditing features that enable security administrators to understand what is happening on an endpoint now, and in the past. This is the modern baseline of device protection and typically relies on installed agents that protect devices on an individual basis. EDR: Endpoint Detection and ResponseĪdvanced protection, specifically focused on the endpoint.
QUOTMICROSOFT SAFETY SCANNER WINDOWS
It is becoming more common to use both terms, or even just use anti-malware exclusively.Īn example of this is Microsoft Defender Antivirus, which (since at least Windows 10) is built into Windows. The old name was simply ‘antivirus’ software.
It scans files based on known signatures and stops them from executing. Antivirus/Anti-malwareĪntivirus/anti-malware is a pre-attack security layer. I am focusing on the Microsoft products here for the sake of specificity and (if you can believe it) in a genuine attempt to keep the word count down. Note that these terms are generic many companies provide EDR, XDR, and SIEM products and services. I’m going to sidebar here to define some of these terms, just in case anyone is unclear on what they are and why they are being thrown around. According to many presenters, the interconnectedness and the (anonymous? we hope?) mass sharing of telemetry data and logs of all the things and actions is an essential part of the modern threat detection process.ĭefining Terms: Antivirus, EDR, XDR and SIEM Or, at the very least, one thing has to collate all of that data for threat assessment. Side note: This was a common theme at #XFD7.įor security to work at maximum effectiveness, everything has to talk to everything else. I anticipate a lot more about this unified approach to security from Microsoft in the future. Individually, the story goes, all these things will improve an organizations’ security posture, but so much more information can be gleaned when all these products talk together. Microsoft’s proposal was this: Intune and AD for policy and IAM, Defender for EDR (endpoint) protection, and Defender for Cloud for your cloud infrastructure protection, with their feisty cloud-based SIEM Sentinel providing visibility and threat protection. The products Microsoft highlighted at XFD7 have names that are probably familiar to people the big pitch was how they all should work together. SIEM+XDR, or: Plumbing and Scanning the Interconnectedness of All Things I also wrote a little more about XFD7 here. More details, including recordings of the sessions, are available at /event/xfd7/ as well as through searching the event’s twitter hashtag, #XFD7. This article was inspired by a Microsoft presentation I attended as a part of Gestalt IT’s Security Field Day 7 event. The technology is compelling, but questions about manageability (and cost) remain. They highlighted the importance of interconnectedness as a security practice as part of their “SIEM+XDM” security vision. Microsoft presented their modern security vision this past week at Gestalt IT’s Security Field Day 7.
0 kommentar(er)
