The SoC can really save alot of time when you have endpoint telemetry, office activity and cloud app info available.Īdd that info on the device and look at DNS requests and netconnection to see if the device went to the malicous siteĪnd then automate a sign-in revoke as well as enforce a password reset, and the email users manager. how it integrates with the other products in the suite.
strength: the query language, its awesome how you work with the data in it. tags are decent, but wish it worked a bit more like SentinelOne on that part. Microsoft: weakness: its still rather new, so there is a few quality of life things missing.
my colleagues however rate it about acceptable, but a bit stiff/meh Same with cortex, dont really have enough experience to judge it. I have limited experience with this, dont think i can in good faith review it. its horrendous to work with, and the results are dubious at best, it reeks of "we have always done it like that, no reason to change with the times" strength: absolutely nothing. strength: the way their exclusions work, with grouping and inheritance of whitelist/blacklist, thats awesome! props for that! the way their query/visibilty works is very limited and you cant really do advanced stuff. so you end up with thousands of alerts that you cant reasonably deal with. Weakness: i think this is simply too sensitive, it reacts on basic stuff, and its hard to adapt the detections for this. a few have mentioned that you should look at it as a element in a suite of products and configurations. Sure, if you look at Defender for endpoint as a single product, it doesnt really stand out, i would estimate that its a little bit behind the competitors.īut when look at the whole suite you get with the E5 license its a different story. When talking about microsoft defender its only the paid version, not that free thing you get when you install win10/11 and have previously worked in a SoC as an analyst(responder) work for one of the larger MSSP's in europe, if on the largest, and im building security setups for medium to larger customers.
where my daily job entails EDR/EPP and what ever security suite you can think of really. I see alot of questionable advice/opinions about defender and other products.
0 kommentar(er)
