SlideShare ist ein Scribd-Unternehmen logo

7 Experts on Implementing Microsoft 365 Defender

Mighty Guides, Inc.
Mighty Guides, Inc.

https://mightyguides.com/bluevoyant-7-experts-on-implementing-microsoft-365-defender/

Technologie
1 von 26
Downloaden Sie, um offline zu lesen
2 INTRODUCTION Securing complex IT environments is difficult. With office solutions, email, collaboration, file sharing, and other applications residing on premises or spanning multiple cloud environments, an IT environment’s attack surface can be as frustrating to defend as it is attractive to attack. Microsoft has invested heavily in its security offerings so that they now provide among the best protection available today. Microsoft 365 Defender is a suite of integrated tools for protecting endpoints, Office 365 applications, identities, and cloud applications. People with existing Microsoft E5 licenses may not even know that all these tools are already available to them as part of their license. The challenge is how best to deploy and configure these tools for maximum benefit. With the generous support of BlueVoyant, we set out to learn how by asking seven security experts the following question: Given your experience with Microsoft 365 Defender, what advice can you offer for transitioning to and optimizing these tools? The experts point out that Microsoft makes it easy to deploy these tools, although properly configuring them to optimize operation and manage costs requires skill and effort. This ebook provides basic, practical approaches to implementing Microsoft 365 Defender and suggestions for managing the tools so that they meet changing security requirements. © 2021 Mighty Guides, Inc. I 9920 Moorings Drive I Jacksonville, Florida 32257 I 516-840-0244 I www.mightyguides.com Mighty Guides make you stronger. These authoritative and diverse guides provide a full view of a topic. They help you explore, compare, and contrast a variety of viewpoints so that you can determine what will work best for you. Reading a Mighty Guide is kind of like having your own team of experts. Each heartfelt and sincere piece of advice in this guide sits right next to the contributor’s name, biography, and links so that you can learn more about their work. This background information gives you the proper context for each expert’s independent perspective. Credible advice from top experts helps you make strong decisions. Strong decisions make you mighty. David Rogelberg Editor Mighty Guides, Inc. 2
3 New approaches to cybersecurity are needed more than ever! The pandemic has led to exponential growth in remote employees, expanding the attack surface for companies big and small. Security teams struggle to cobble together solutions consisting of technologies from multiple vendors, many of which were only designed to operate in legacy environments. Integration complexities, a lack of security resources, and unrelenting attacks from cyber criminals have made securing the organization a seemingly unattainable goal. So what is the solution to eliminating this pain while also providing the security your company needs in a cloud-first world? We believe a cloud-native, fully integrated security solution is what makes the most sense. To bring our vision to life, we partnered with Microsoft to build consulting, implementation, and managed security services around their SIEM and XDR tools that deliver the outcomes needed by companies operating in today’s dangerous, highly interconnected world. This Mighty Guide, one of three in a series, was written to help you better understand how specific Microsoft security tools are being used by companies today and help you benefit from the lessons they have learned. Enjoy the book! Milan Patel Global Head of Managed Security Services BlueVoyant BlueVoyant is an expert-driven cybersecurity services company whose mission is to proactively defend organizations of all sizes against today’s constant, sophisticated attackers and advanced threats. Led by CEO - Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real- time datasets with industry-leading analytics and technologies. Founded in 2017 by Fortune 500 executives and former Government cyber officials and headquartered in New York City, BlueVoyant has offices in Maryland, Tel Aviv, San Francisco, London, and Latin America. FOREWORD
OSCAR MONGE Rabobank, Security Solutions Architect, pg. 15 MEET OUR EXPERTS TOM DUGAS Tom Dugas, Assistant Vice President and Chief Information Security Officer, pg. 23 SAJED NASEEM New Jersey Courts, CISO, pg. 21 JAMES P. COURTNEY II J&M Human Capital and Cybersecurity Consultants, LLC, CEO/CISO, pg. 6 REBECCA WYNN Global CISO & Chief Privacy Officer, pg. 18 MAARTEN LEYMAN delaware BeLux, Senior Security Consultant, pg. 12 LAWK SALIH Independent Community Bankers of America, Vice President, Technology Systems and Services, pg. 9
6 “A big advantage of Microsoft 365 Defender is its breadth of integrated security functions combined with the fact that you do not need to enable everything in the suite at once.” More Integrated Data Delivers a Bigger Security Picture Microsoft 365 Defender (formerly Microsoft Threat Protection) is a suite made up of four security tools: • Microsoft Defender for Endpoint (endpoint and cloud behavioral analytics, device risk scoring, threat intelligence, and automated investigation and remediation) • Microsoft Defender for Office 365 (security for email and collaboration tools) • Microsoft Defender for Identity • Microsoft Cloud App Security Many of the Microsoft 365 Defender security tools work across platforms to cover non-Windows environments, although Microsoft product integrations make the tools easier to implement in a purely Microsoft environment. These security applications are well suited to on-premises infrastructures and hybrid infrastructures with cloud-based resources and applications. A big advantage of Microsoft 365 Defender is its breadth of integrated security functions combined with the fact that you do not need to enable everything in James P. Courtney II is a Certified Chief Information Security Officer with two decades of diversified experience in cybersecurity. He focuses on FAIR risk management; information systems security; database security; policy; and governance based on NIST, GDRP, FISMA, and FedRAMP as well as maintaining a high standard for setting benchmarks that promote growth and a mature system security plan to achieve strategic goals. James P. Courtney II, J&M Human Capital and Cybersecurity Consultants, LLC, CEO/CISO
the suite at once. This flexibility gives you the opportunity to consider your current security needs while thinking about where you want to be in the next three to five years. Activating more security functions in the Microsoft 365 Defender suite involves turning on the licenses for those features—no additional deployment necessary. This design is a big advantage over piecemeal security solutions that require rolling out agents on all your systems for each new tool. With Microsoft 365 Defender, you add security capabilities by turning on features that then tap into the data flow already being monitored and analyzed. Some aspects of Microsoft 365 Defender may be challenging for those new to the product. For instance, the tools use machine learning to analyze activity data, but they look at more than typical endpoint detection and response features. If the security team is not used to the way Microsoft 365 Defender receives and delivers information for analysis and how it integrates that information into its automation features, the learning curve could be significant because with these tools, analysts will see information that they may not be used to seeing. As a result, you may need to develop new policies and procedures on how your team analyzes and responds to data. For instance, if your team has been conducting risk assessment in a certain way as part of incident evaluation to support decisions about escalation, having more information could affect those risk scores. Now, you must adjust that risk-scoring process because you have access to more data than you had before. In contrast, from a security perspective, more data is always better. If I’m getting a view of my email, my endpoints, my identity, my apps and my overall infrastructure, and I can see more information or more events and better correlate them than I could before, I can react more quickly to an incident. 7 If I’m getting a view of my email, my endpoints, my identity, my apps, my overall infrastructure, . . . I can react more quickly to an incident.
8 Having the ability and bandwidth to process all the data coming in centrally is an important success factor. A more integrated view of what is happening in the environment also helps you increase efficiency across the board—for your security teams; for your security operations center investment; even for your networking teams, which will have information to more easily spot failings in the network. If you do not have the resources to use the additional data that the integrated tools of Microsoft 365 Defender provides, consider working with a managed security services provider to either gain that support or help you make that transition. Key Points 1 2 Activating more security functions in Microsoft 365 Defender involves turning on the licenses for those features—no additional deployment necessary. This is a big advantage over piecemeal security solutions that require rolling out agents on all your systems for each new tool. Microsoft 365 Defender looks at more data than typical endpoint detection and response tools, which may require developing new policies and procedures on how you score risk when evaluating alerts and incidents. 8 James P. Courtney II, J&M Human Capital and Cybersecurity Consultants, LLC, CEO/CISO
9 “A big advantage of Microsoft Defender is the amount of visibility it provides. When an alert comes in, you want to be able to get to your logs right away to see what’s going on.” Consolidation and Visibility Add Real Value For us, implementing the Microsoft 365 Defender suite was part of a consolidation strategy. Consolidation was, in turn, part of our digital transformation strategies. We wanted to improve security, save money, and reduce management overhead. It was not just about consolidating vendors: It meant consolidating and centralizing all the logs generated from the endpoints and infrastructure so that we could go to one dashboard for all of our security monitoring, detection, and remediation. When coronavirus disease 2019 (COVID-19) hit, suddenly everyone was taking laptops home. While our devices had the endpoint protection, we could not put any kind of protection on the employee's home routers or those similar on corporate infrastructure. For example, in the corporate environment we have access to a 24/7 security operations center known as SOC to monitor unauthorized activities on the network. We wanted to monitor the exposure level of the traffic and risk level and set alerts as necessary. Additionally, we wanted to set controls over what was and was not authorized at the endpoint. Cloud app and endpoint security tools in Microsoft 365 Defender enabled us to do that with much detailed analysis into discovered apps, total throughput, bandwidth-intensive apps, and remediation policies to protect our employees. Lawk Salih is Vice President of Technology Systems and Services for Independent Community Bankers of America (ICBA). In his role, Lawk leads cloud migration efforts, the cybersecurity program, infrastructure, and customer service support in alignment with the ICBA’s strategic goals. He has more than twenty years of experience in IT, including fifteen years with nonprofit organizations and trade associations. Lawk Salih, Independent Community Bankers of America, Vice President, Technology Systems and Services
A big advantage of Microsoft Defender is the amount of visibility it provides. When an alert comes in, you want to be able to get to your logs right away to see what’s going on. This is what the dashboard does. It is simple to follow and it enables you to hunt for threats and navigate around IP addresses involved in an incident; where applicable, the incident also includes the remediation steps for your security analysts. It’s best to use Microsoft 365 Defender with the latest version of the Windows operating system on your endpoints, especially your virtual machines. Some of the remediation capabilities are only available with the latest operating systems. Some functions, such as auto-remediation, do not work on older Windows versions. In addition to Microsoft Defender, we use Microsoft Intune for our mobile device management on all endpoints. Whether on a laptop or a smartphone, Intune assists us to set compliance policies and profiles to defend against security threats. Intune can also be used as a deployment configuration tool to push apps to your employees in an automated fashion. While we continue to work remotely, this feature has been instrumental to our system administrators. Of course, always test your configurations with a few machines in your environment before rolling it out across the organization. Do all your learning at the proof-of-concept stage to avoid service disruptions and to better manage your deployments. Some challenges are associated with Microsoft 365 Defender that may be more significant for smaller organizations. One is cost. There is a lot of value in these integrated tools, but the cost may be different from what you expect. Start with those baseline configurations, and scale up the licenses to meet your needs. Another is learning the system. Microsoft makes a lot of good information available on the tools it provides, but you need to own this process to understand how best to configure them for your environment. 10 A key success factor in any security deployment is monitoring the dashboards. You can never monitor enough.
11 Key Points 1 2 Always test your configurations on a few machines in your environment before rolling them out across the organization. Do all your learning at the proof-of-concept stage to avoid service disruptions and to better manage your deployments. Microsoft has made their security tools simple to learn, deploy, and adopt. However, organizations that do not have the internal skills may find it beneficial to outsource to an MSSP to achieve the greatest value possible. Lawk Salih, Independent Community Bankers of America, Vice President, Technology Systems and Services A key success factor in any security deployment is monitoring the dashboards. You can never monitor enough. You must continuously monitor and train the ML/AI if the alerts it generates are good alerts versus false positives. This is the only way the system will improve and stay tuned to your environment. Many organizations outsource their security monitoring and detection controls to managed security service providers (MSSP). Some organizations may need help with the 24/7 monitoring and tuning necessary to keep the system optimized. Or, they may need expertise in configuration or building playbook remediation processes. Microsoft has made their security tools very simple to learn, deploy, and adopt. However, some organizations may not have this skill set internally; therefore, it may be beneficial for them to outsource to an MSSP to achieve the greatest value possible. I always recommend building knowledge internally to be effective at using the security tools.
12 “When implementing these security tools, I suggest beginning with those that are easiest to implement.” When Deploying Microsoft 365 Defender, Start with the Easiest Tools in the Suite Microsoft 365 Defender is a set of products that includes Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Cloud App Security. When implementing these security tools, I suggest beginning with those that are easiest to implement. The easiest of all is Microsoft Defender for Office 365. Microsoft Defender for Office 365 uses features such as Safe Attachments, Safe Links, and anti-phishing policies to protect user emails and files shared through SharePoint, OneDrive, and Microsoft Teams. For example, when Safe Links is enabled, Microsoft Defender for Office 365 scans links in emails, files, and email attachments. If it detects a malicious link, it prevents anyone from opening it. If someone tries it, Defender for Office 365 displays a message that the link is unsafe and stops them. Microsoft Defender for Office 365 also has an attack simulator that enables you to target your organization with a phishing campaign using a fake link to trick users into giving up their passwords. It’s a great tool for creating user awareness, and it gives you insight into how users in the organization respond Maarten Leyman is a Senior Security Consultant with experience in the full Microsoft 365 security suite and Azure security. In 2013, he started his career at delaware BeLux, where he performs security assessments and conducts workshops at customer sites to identify security risks. He also helps fine-tune IT architecture and implementations to increase overall security at customer locations and mitigate possible threats. Maarten Leyman, delaware BeLux, Senior Security Consultant
to phishing attacks. In the past, you needed separate tools to run attack simulations. Those tools are now built into Microsoft 365 Defender. Microsoft Defender for Office 365 is the easiest tool to start with because as an IT administrator, you can enable it with just a few clicks. It also has no disruptive impact on users. The only thing they might notice is that the tool rewrites URLs in emails and documents. The next-easiest tool is Microsoft Defender for Identity, which simply involves installing a sensor on each domain controller. This sensor monitors user activities and sends that data to the cloud, where the tool looks for unusual behavioral patterns. Microsoft Defender for Identity also correlates security activity through all the domain controllers, which you can see in a portal. Microsoft Defender for Endpoint provides more comprehensive protection of your entire environment. It is an endpoint detect and response (EDR), threat and vulnerability management, and attack surface reduction solution with auto investigation and remediation capabilities. Its implementation is a bit more complex. It has strong integration capabilities with the other Microsoft 365 Defender features. Some examples are: • Integration with Cloud App Security for detection and control of shadow IT. • Integration with Microsoft Defender for Identity to track, correlate, and map user behaviors involving multiple machines, making it easier to understand an alert that is occurring in the environment. • Integration with Endpoint Manager to easily reduce the attack surface and vulnerabilities on the devices. 13 The Microsoft 365 security center consolidates data from all the tools into one view, which makes it much easier to detect a problem and take correct actions.
When implementing these tools, begin with a pilot involving a small group of users, such as a security team, to make sure that everything works as it should. Then, expand to a workgroup of real users. If everything goes well, you can scale more widely across the organization. In addition, use the Microsoft 365 security center. Microsoft 365 Defender solutions have their own portals, which can become confusing when you are using multiple tools. The Microsoft 365 security center consolidates data from all the tools into one view, which makes it much easier to detect a problem and take corrective actions. You should also evaluate the knowledge and expertise of your security team. When using these tools together, it can take time to set them up and configure them properly. They also require continuous monitoring and refinement. Every organization is different, but many will benefit from having a managed security services provider (MSSP) involved in deploying, monitoring, and optimizing the tools. MSSPs can speed time to value through customized deployment templates, and they have expertise in interpreting all the information coming out of the tools. 14 Maarten Leyman, delaware BeLux, Senior Security Consultant Key Points 1 2 With Microsoft Defender for Identity enabled, you can track, correlate, and map individual behaviors involving multiple machines, making it easier to understand an event that is occurring in the environment. Consider having an MSSP involved in deploying, monitoring, and optimizing Microsoft 365 Defender. MSSPs can speed time to value through customized deployment templates, and they have expertise in interpreting all the information coming out of the tools.
15 “Microsoft 365 Defender is a suite of individually licensed products, and you have choices about which parts of the suite to implement.” Engage with Experts Who Can Help Optimize Your Deployment Whenever you adopt any new technology in an organization, you should first go through the product documentation and become familiar with all the features available to you. The organization needs to understand the benefits and constraints of each license type—and not just the money. It’s about aligning the features you require with your organization’s needs in a way that gets you the best return on your investment. That approach is important for successful adoption of the technology within the organization. Whether you work with in-house subject matter experts or external consultants, matching the technology to your requirements should be done by someone who can act as an evangelist within the organization. This person does not have to be someone who thinks that a particular product is the best on the market. Rather, this person should be someone who can review and understand the documentation, understand how to apply the technology to meet the organization’s goals, and help roll out the technology in an optimized manner. Microsoft 365 Defender is a suite of individually licensed products, and you have choices about which parts of the suite to implement. At the end of Oscar Monge is a seasoned information security professional with more than seventeen years of experience. He is a Security Solutions Architect at Rabobank, where he helps shape security monitoring direction and technology integration. Oscar is passionate about technology and its alignment to IT business needs. Oscar Monge, Rabobank, Security Solutions Architect
the day, product selection must align to the needs of the business, which means aligning to the organization’s risk appetite, mid- and long-term security strategies, and technical capabilities. Microsoft makes it easy to enable and start using the products in Microsoft 365 Defender. The bigger challenge is effectively using the Microsoft 365 Defender controls to operate the business in a more secure fashion. You must be able to consume the data and use automation features effectively. Just turning on an automation does not mean it will magically perform the way you want. Someone who understands the technology must observe its function to determine if it is doing what the organization expects or if it must be tuned. Microsoft makes it easy to communicate with its experts, who can provide insights into problems you may encounter with the product. It’s a good idea to use that communication channel. One of the great advantages of Microsoft 365 Defender is that it so easily integrates with other Microsoft products. This is an important feature because from a security standpoint, you typically have only one point of view of an incident. The level of integration built into these products enables you to evaluate a single event from different points of view. In the past, Microsoft had separate dashboards for each security solution. Now, it has consolidated those dashboards into a single admin center. Multiple data sources in one portal make it easier to gain a complete picture of an observed activity. Analysts can see the 16 The level of integration built into these products enables you to evaluate a single event from different points of view.
17 whole kill chain of an incident more quickly, and then take decisive action. When implementing Microsoft 365 Defender, I suggest: • Implementing all out-of-the-box controls and automations that are pertinent to your organization; • Monitoring the performance of those automations to make sure that you are getting the automated responses you need and can step in when more information and fine-tuning is required; and • Using product and data integrations as much as possible. Also, consider using outside expertise to help accelerate and optimize your implementation. 17 Key Points 1 2 You need to understand the benefits and constraints of different license types so that you can align the features you require with your organization’s needs in a way that gets you the best return on your investment. Microsoft makes it easy to enable and start using the products in Microsoft 365 Defender. The bigger challenge is effectively using the tool’s controls to operate the business in a more secure fashion. Oscar Monge, Rabobank, Security Solutions Architect
18 “The Microsoft 365 Defender tools provide a holistic view of what is happening in the environment.” Intelligent Security Tools Do Not Replace Knowledgeable Security Administrators When deciding where to begin with Microsoft 365 Defender, the primary objective is to reduce risk as quickly and efficiently as possible. There are a couple of ways to look at that. One is to identify what the greatest impact of an attack would be, and then protect against that risk first. The other is to look at where your greatest exposure is and protect that first. Most organizations think in terms of reducing exposure first, and the best place to start is with users. The quickest way to reduce user exposure with the Microsoft 365 Defender tools is to begin with Microsoft Defender for Office 365. This tool protects Microsoft Outlook email, OneDrive, SharePoint, and Microsoft Teams—the places where most users are exposed daily. Implementing this tool is easy, and its cost is based on the number of Office 365 licenses you have. As you prepare to roll out these tools, first review the documentation. Microsoft does a good job of providing online videos and documentation about how to use the products. The documents support not only security and compliance professionals but also administrators. Another important Dr. Rebecca Wynn received the 2017 Cybersecurity Professional of the Year– Cybersecurity Excellence Award, was Chief Privacy Officer of SC Magazine, is a Global Privacy and Security by Design International Council member, and was 2018 Women in Technology Business Role Model of the Year. She is lauded as a “gifted polymath and game- changer who is ten steps ahead in developing and enforcing cybersecurity and privacy best practices and policies.” Rebecca Wynn, Global CISO & Chief Privacy Officer
step is to take a thorough IT asset inventory. You need to understand the types of systems you have, where they are, and the networking devices in use—all elements that affect your use of the security tools. Finally, talk to the core stakeholders in the organization’s IT systems. The success or failure of your implementation depends on their support. The Microsoft 365 Defender tools provide a holistic view of what is happening in the environment. One challenge organizations have is choosing the right person to be the security system administrator. That person needs to monitor the dashboards, take actions when appropriate, and fine-tune the tools. This person must have security analytical skills. The tools are excellent, and they use machine learning to reveal issues that require action. It’s easy to forget that even if you need few staff members looking at those dashboards because the tool is now correlating everything for you, you still have to have people who know how to do the work of answering difficult questions, taking critical actions, and optimizing the tools. An important part of tool optimization is being mindful of the data you collect. The tools in Microsoft 365 Defender can consume enormous amounts of data, and that can have costs and create analytical noise. Do you care about every time in a workday a computer went to sleep and the user pressed the spacebar to wake it back up? That’s not a mindful event. Why is a user in a different geolocation suddenly getting locked out of his or her system? That’s an interesting anomaly. For some companies, it makes sense to have a managed security services provider (MSSP) help monitor and administer these tools. Microsoft’s tools are changing, and you no longer need an army of people staring at screens and 19 An important part of tool optimization is being mindful of the data you collect.
20 correlating every event. When you think about system administration needs, the important consideration is not the number of events you are dealing with but the number of actual items producing alerts of critical, high, or medium risk. Microsoft 365 Defender is driving greater security process efficiency. For many companies, the best model is not necessarily a fully managed security operations center (SOC) but a hybrid model in which the MSSP comes in periodically to work with the team for greater effectiveness and efficiency. One advantage of a managed SOC is that the MSSP can typically source talent more quickly than your in-house security team and, if that talent isn’t quite working for you, quickly make changes. 20 Key Points 1 2 It’s easy to forget that even if you need fewer staff members looking at those dashboards because a tool is now correlating everything for you, you still need people who know how to do the work of answering difficult questions, taking critical actions, and optimizing the tools. When you think about system administration needs, the important consideration is not the number of events you are dealing with but the number of items producing alerts of critical, high, or medium risk. Rebecca Wynn, Global CISO & Chief Privacy Officer
21 21 “If an alert comes in through our security information and event management tool, we can look at it, isolate the machine, and check it out with just a few clicks.” Microsoft 365 Defender Delivers Fast Answers If You Know How to Interpret the Data Microsoft 365 Defender is a product that is made up of several tools, all included in a Microsoft 365 E5 license. The suite has significant functionality in terms of being able to install sensors and use indicators of compromise. It also has a networking interface so that if somebody is attacked by a particular virus, you can easily search the entire organization for all other occurrences of that virus. You can also access threat intelligence information to see the global extent of a particular attack you are experiencing. When a machine is compromised, Microsoft 365 Defender enables you to use automation to isolate that machine quickly and prevent anyone from signing in to it. In fact, Microsoft 365 Defender allows a lot of customization in terms of the functions and actions you can automate. One tool in the Microsoft 365 Defender suite is Microsoft Cloud App Security, a cloud-based cloud access security broker that monitors all user activities with cloud-based apps. The tool looks at IP addresses associated with user activity and can alert you if things are happening in the network that should not be. For example, if somebody is signed in to a computer in New York City, and then signs in again an hour later in San Jose, the system will flag that as something that should not be happening. Sajed (Saj) Naseem is Chief Information Security Officer (CISO) of New Jersey Courts, where he focuses on cybersecurity readiness and performance, information governance, and network security. Sajed has more than twenty years of experience and holds master’s degrees from St. John’s University and Columbia University, where he is an adjunct professor. Sajed Naseem, New Jersey Courts, CISO
22 An important and powerful feature of Microsoft 365 Defender is its ability to track activity in great detail. You see detailed activity and timelines for anyone working in the environment. This information is also searchable, so if you query the system about who clicked a particular link, that search will encompass the entire organization and provide a detailed track of that activity. It does this quickly, which speeds alert analysis and enables you to get fast answers to questions. If an alert comes in through our security information and event management tool, we can look at it, isolate the machine, and check it out with just a few clicks. When installing Microsoft 365 Defender on endpoints, it’s important that all your server operating systems be up-to-date. Microsoft 365 Defender will not run on older Windows Server and Windows operating systems. For some organizations, particularly if you have a large environment with decentralized IT groups, this can be a time- consuming task. Another important point to keep in mind is that Microsoft 365 Defender is different from traditional antivirus and other siloed security solutions. Microsoft 365 Defender integrates many different security functions. To use it effectively, your security team needs a deeper, more holistic understanding of what is going on in your environment so that they better interpret the alerts and information the system provides. It is important that team members have training in these areas; depending on the depth of expertise in the organization, you may need to consider working with a security service provider to get the most out of Microsoft 365 Defender. 22 Key Points 1 2 Microsoft 365 Defender provides highly searchable information. If you query the system about who clicked a particular link, it will search the entire organization and provide a detailed track of that activity. It does this quickly, which speeds alert analysis and enables you to get fast answers to questions. It is important that the security team be trained to understand what the system is telling them. Depending on the depth of expertise in the organization, you may need to consider working with a security service provider to get the most out of Microsoft 365 Defender. Sajed Naseem, New Jersey Courts, CISO
23 23 “One big advantage for us in using Microsoft Defender for Office 365 is that it seamlessly plugged into our existing environment.” Rapidly Reduce Email-Based Attacks When the Chief Information Officer brought me in to create the first-ever Information Security Office at Duquesne University, we discovered that we were getting inundated with email attacks related to phishing, spear phishing, spoofing, and various scams. We actually had hundreds of compromised accounts every year, largely because each year we had new students and new faculty who did not know what to expect. They were unfamiliar with each other and people on campus. Exploits typically began with email attacks on new students. Stolen student credentials would then be used to attack faculty and staff. To find a solution, we created a proof of concept with top vendors. We chose Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection), which is part of the Microsoft 365 Defender suite. Implementing that tool reduced the number of compromised accounts on campus by 95 percent. Note that when deploying this or any security solution, it’s important to talk to peers and partners who have done this before and can suggest lessons they learned from their experiences. Tom Dugas is Assistant Vice President and Chief Information Security Officer (CISO) of Duquesne University, where his responsibilities include cybersecurity, identity and access management, and data governance. In 2019, Tom was recognized as CISO of the Year by the Pittsburgh Technology Council. Tom is an alumnus of Robert Morris University, the 2009 EDUCAUSE Leading Change/Frye Leadership Institute, and the 2006 EDUCAUSE Institute Leadership Program. Tom Dugas, Tom Dugas, Assistant Vice President and Chief Information Security Officer
24 Two essential features are added when you implement Microsoft Defender for Office 365. One is Safe Links, which rewrites familiar links in your emails so that they become long Safe Links addresses. This behavior enables the tool to check links for malicious activity and detonate them in a sandbox to make sure there is no malware. The tool also checks against a safe sender list to make sure that emails are sent from a reputable site. The second feature is Safe Attachments, which inspects all attachments sent into your community to determine whether they contain malware. The Microsoft 365 Defender product line does a great job inspecting attachments and files to make sure that they are safe to use. It is important that you have the ability to decipher logs and respond to issues quickly. You still need an incident response plan; you need to understand how to respond to the particular malicious activities that surface; and, most importantly, you need a way to communicate that risk to the environment in case something is happening. As you become more comfortable with the suite, you can tune it up or down to optimize it for the level of risk your organization can tolerate. One big advantage for us in using Microsoft Defender for Office 365 is that it seamlessly plugged into our existing environment. That really reduced the time we needed to get it up and running. We were surprised at how quickly it became productive in our environment and how much time it saved us because we were no longer chasing down so many email attacks. 24 It is important that you have the ability to decipher logs and respond to issues quickly. You still need an incident response plan.
25 Another nice thing about the Microsoft Defender for Office 365 is that it works across the entire Office 365 stack. Whether you are in OneDrive, Microsoft Outlook, Microsoft Teams, or another tool, it all seamlessly fits together in that product stack. Although we do not have all the other products within the Microsoft family yet, I know it will be easy to layer them in when we are ready. 25 25 Key Points 1 2 Microsoft Defender for Office 365 uses Safe Links to check links in email and documents for malicious activity. It uses Safe Attachments to inspect attachments to make sure they are safe. Even with Microsoft Defender for Office 365 implemented, you need to understand how to respond to the particular malicious activities that surface, and—most importantly— you need a way to communicate that risk to the environment in case something is happening. Tom Dugas, Tom Dugas, Assistant Vice President and Chief Information Security Officer
7 Experts on Implementing Microsoft 365 Defender

Empfohlen

Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security OverviewRobert Crane
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Microsoft 365 business presentation
Microsoft 365 business presentationMicrosoft 365 business presentation
Microsoft 365 business presentationGordon Pong
 
Introducing Microsoft 365 for Business
Introducing Microsoft 365 for BusinessIntroducing Microsoft 365 for Business
Introducing Microsoft 365 for BusinessDavid J Rosenthal
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for BusinessRobert Crane
 

Empfohlen

Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security OverviewRobert Crane
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Microsoft 365 business presentation
Microsoft 365 business presentationMicrosoft 365 business presentation
Microsoft 365 business presentationGordon Pong
 
Introducing Microsoft 365 for Business
Introducing Microsoft 365 for BusinessIntroducing Microsoft 365 for Business
Introducing Microsoft 365 for BusinessDavid J Rosenthal
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for BusinessRobert Crane
 
Microsoft Office 365
Microsoft Office 365Microsoft Office 365
Microsoft Office 365Novosco
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Radhakrishnan Govindan
 
Pitching Microsoft 365
Pitching Microsoft 365Pitching Microsoft 365
Pitching Microsoft 365Robert Crane
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Introduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseIntroduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseRobert Crane
 
Microsoft 365
Microsoft 365Microsoft 365
Microsoft 365Jeannette Browning
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
 
Introduction to Microsoft 365 Business
Introduction to Microsoft 365 BusinessIntroduction to Microsoft 365 Business
Introduction to Microsoft 365 BusinessRobert Crane
 
Microsoft Purview
Microsoft PurviewMicrosoft Purview
Microsoft PurviewMohammed Chaaraoui
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Radhakrishnan Govindan
 
Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Ravikumar Sathyamurthy
 
M365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skusM365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skusSpencerLuke2
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxceyhan1
 
Windows intune
Windows intuneWindows intune
Windows intuneIron Cove Solutions
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for EndpointMighty Guides, Inc.
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprisessuserd58af7
 

Weitere ähnliche Inhalte

Was ist angesagt?

Microsoft Office 365
Microsoft Office 365Microsoft Office 365
Microsoft Office 365Novosco
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Radhakrishnan Govindan
 
Pitching Microsoft 365
Pitching Microsoft 365Pitching Microsoft 365
Pitching Microsoft 365Robert Crane
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Introduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseIntroduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseRobert Crane
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
 
Introduction to Microsoft 365 Business
Introduction to Microsoft 365 BusinessIntroduction to Microsoft 365 Business
Introduction to Microsoft 365 BusinessRobert Crane
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Radhakrishnan Govindan
 
M365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skusM365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skusSpencerLuke2
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxceyhan1
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 

Was ist angesagt? (20)

Microsoft Office 365
Microsoft Office 365Microsoft Office 365
Microsoft Office 365
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
 
Pitching Microsoft 365
Pitching Microsoft 365Pitching Microsoft 365
Pitching Microsoft 365
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)
 
Introduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseIntroduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 Enterprise
 
Microsoft 365
Microsoft 365Microsoft 365
Microsoft 365
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
 
Introduction to Microsoft 365 Business
Introduction to Microsoft 365 BusinessIntroduction to Microsoft 365 Business
Introduction to Microsoft 365 Business
 
Microsoft Purview
Microsoft PurviewMicrosoft Purview
Microsoft Purview
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
 
Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365
 
M365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skusM365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skus
 
Azure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptxAzure Virtual Desktop Overview.pptx
Azure Virtual Desktop Overview.pptx
 
Windows intune
Windows intuneWindows intune
Windows intune
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft Defender
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 

Ähnlich wie 7 Experts on Implementing Microsoft 365 Defender

7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for EndpointMighty Guides, Inc.
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprisessuserd58af7
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure SentinelMighty Guides, Inc.
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdfJose R
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesMighty Guides, Inc.
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs GlobalDevLabs Global
 
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptxPresentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptxGundegmaaOtgon
 
Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityMighty Guides, Inc.
 
netskope-casb-for-microsoft-365.pdf
netskope-casb-for-microsoft-365.pdfnetskope-casb-for-microsoft-365.pdf
netskope-casb-for-microsoft-365.pdftest888649
 
netskope-casb-for-microsoft-365.pdf
netskope-casb-for-microsoft-365.pdfnetskope-casb-for-microsoft-365.pdf
netskope-casb-for-microsoft-365.pdftest888649
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Microsoft 365 | Modern workplace
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplaceSiddick Elaheebocus
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewDavid J Rosenthal
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementWilliam McBorrough
 
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdf
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdfCrucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdf
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdfseoteameits
 

Ähnlich wie 7 Experts on Implementing Microsoft 365 Defender (20)

7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprise
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global
 
go secure cloud.pdf
go secure cloud.pdfgo secure cloud.pdf
go secure cloud.pdf
 
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptxPresentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
 
Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to Security
 
netskope-casb-for-microsoft-365.pdf
netskope-casb-for-microsoft-365.pdfnetskope-casb-for-microsoft-365.pdf
netskope-casb-for-microsoft-365.pdf
 
netskope-casb-for-microsoft-365.pdf
netskope-casb-for-microsoft-365.pdfnetskope-casb-for-microsoft-365.pdf
netskope-casb-for-microsoft-365.pdf
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Microsoft 365 | Modern workplace
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplace
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdf
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdfCrucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdf
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdf
 

Mehr von Mighty Guides, Inc.

8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery8 Experts on Flawless App Delivery
8 Experts on Flawless App DeliveryMighty Guides, Inc.
 
7 Experts on How to Deliver a Secure, Productive Remote Employee Experience
7 Experts on How to Deliver a Secure, Productive Remote Employee Experience 7 Experts on How to Deliver a Secure, Productive Remote Employee Experience
7 Experts on How to Deliver a Secure, Productive Remote Employee Experience Mighty Guides, Inc.
 
Sharktower: Will AI change the way you manage change?
Sharktower: Will AI change the way you manage change?Sharktower: Will AI change the way you manage change?
Sharktower: Will AI change the way you manage change?Mighty Guides, Inc.
 
Workfront: 7 Experts on Flawless Campaign Execution
Workfront: 7 Experts on Flawless Campaign ExecutionWorkfront: 7 Experts on Flawless Campaign Execution
Workfront: 7 Experts on Flawless Campaign ExecutionMighty Guides, Inc.
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Workfront - 9 Experts on How to Align IT's Work to Company Strategy
Workfront - 9 Experts on How to Align IT's Work to Company StrategyWorkfront - 9 Experts on How to Align IT's Work to Company Strategy
Workfront - 9 Experts on How to Align IT's Work to Company StrategyMighty Guides, Inc.
 
Citrix: 7 Experts on Transforming Employee Experience
Citrix: 7 Experts on Transforming Employee ExperienceCitrix: 7 Experts on Transforming Employee Experience
Citrix: 7 Experts on Transforming Employee ExperienceMighty Guides, Inc.
 
7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)Mighty Guides, Inc.
 
15 Experts on Reimagining Field Marketing
15 Experts on Reimagining Field Marketing15 Experts on Reimagining Field Marketing
15 Experts on Reimagining Field MarketingMighty Guides, Inc.
 
Kyriba: 7 Experts on Activating Liquidity
Kyriba: 7 Experts on Activating LiquidityKyriba: 7 Experts on Activating Liquidity
Kyriba: 7 Experts on Activating LiquidityMighty Guides, Inc.
 
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating ProvidersBlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating ProvidersMighty Guides, Inc.
 
11 Experts on Using the Content Lifecycle to Maximize Content ROI
11 Experts on Using the Content Lifecycle to Maximize Content ROI 11 Experts on Using the Content Lifecycle to Maximize Content ROI
11 Experts on Using the Content Lifecycle to Maximize Content ROI Mighty Guides, Inc.
 
Defining Marketing Success- 28 Experts Tell You How
Defining Marketing Success- 28 Experts Tell You HowDefining Marketing Success- 28 Experts Tell You How
Defining Marketing Success- 28 Experts Tell You HowMighty Guides, Inc.
 
7 Experts on Using the Content Lifecycle to Maximize Content ROI
7 Experts on Using the Content Lifecycle to Maximize Content ROI7 Experts on Using the Content Lifecycle to Maximize Content ROI
7 Experts on Using the Content Lifecycle to Maximize Content ROIMighty Guides, Inc.
 
Iron Mountain: 8 Experts on Workplace Transformation
Iron Mountain: 8 Experts on Workplace TransformationIron Mountain: 8 Experts on Workplace Transformation
Iron Mountain: 8 Experts on Workplace TransformationMighty Guides, Inc.
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesMighty Guides, Inc.
 
Resetting Your Security Thinking for the Public Cloud
Resetting Your Security Thinking for the Public CloudResetting Your Security Thinking for the Public Cloud
Resetting Your Security Thinking for the Public CloudMighty Guides, Inc.
 
Ntiva: 8 Experts on Outsourcing IT for Strategic Advantage
Ntiva: 8 Experts on Outsourcing IT for Strategic AdvantageNtiva: 8 Experts on Outsourcing IT for Strategic Advantage
Ntiva: 8 Experts on Outsourcing IT for Strategic AdvantageMighty Guides, Inc.
 
Iron Mountain: The Essential Guide To Understanding Digital Transformation
Iron Mountain: The Essential Guide To Understanding Digital TransformationIron Mountain: The Essential Guide To Understanding Digital Transformation
Iron Mountain: The Essential Guide To Understanding Digital TransformationMighty Guides, Inc.
 
Kyriba: Taking Treasury From Reactive to Proactive- Quotes from the Experts
Kyriba: Taking Treasury From Reactive to Proactive- Quotes from the ExpertsKyriba: Taking Treasury From Reactive to Proactive- Quotes from the Experts
Kyriba: Taking Treasury From Reactive to Proactive- Quotes from the ExpertsMighty Guides, Inc.
 

Mehr von Mighty Guides, Inc. (20)

8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery
 
7 Experts on How to Deliver a Secure, Productive Remote Employee Experience
7 Experts on How to Deliver a Secure, Productive Remote Employee Experience 7 Experts on How to Deliver a Secure, Productive Remote Employee Experience
7 Experts on How to Deliver a Secure, Productive Remote Employee Experience
 
Sharktower: Will AI change the way you manage change?
Sharktower: Will AI change the way you manage change?Sharktower: Will AI change the way you manage change?
Sharktower: Will AI change the way you manage change?
 
Workfront: 7 Experts on Flawless Campaign Execution
Workfront: 7 Experts on Flawless Campaign ExecutionWorkfront: 7 Experts on Flawless Campaign Execution
Workfront: 7 Experts on Flawless Campaign Execution
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Workfront - 9 Experts on How to Align IT's Work to Company Strategy
Workfront - 9 Experts on How to Align IT's Work to Company StrategyWorkfront - 9 Experts on How to Align IT's Work to Company Strategy
Workfront - 9 Experts on How to Align IT's Work to Company Strategy
 
Citrix: 7 Experts on Transforming Employee Experience
Citrix: 7 Experts on Transforming Employee ExperienceCitrix: 7 Experts on Transforming Employee Experience
Citrix: 7 Experts on Transforming Employee Experience
 
7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)7 Experts on Transforming Customer Experience with Data Insights (1)
7 Experts on Transforming Customer Experience with Data Insights (1)
 
15 Experts on Reimagining Field Marketing
15 Experts on Reimagining Field Marketing15 Experts on Reimagining Field Marketing
15 Experts on Reimagining Field Marketing
 
Kyriba: 7 Experts on Activating Liquidity
Kyriba: 7 Experts on Activating LiquidityKyriba: 7 Experts on Activating Liquidity
Kyriba: 7 Experts on Activating Liquidity
 
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating ProvidersBlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
 
11 Experts on Using the Content Lifecycle to Maximize Content ROI
11 Experts on Using the Content Lifecycle to Maximize Content ROI 11 Experts on Using the Content Lifecycle to Maximize Content ROI
11 Experts on Using the Content Lifecycle to Maximize Content ROI
 
Defining Marketing Success- 28 Experts Tell You How
Defining Marketing Success- 28 Experts Tell You HowDefining Marketing Success- 28 Experts Tell You How
Defining Marketing Success- 28 Experts Tell You How
 
7 Experts on Using the Content Lifecycle to Maximize Content ROI
7 Experts on Using the Content Lifecycle to Maximize Content ROI7 Experts on Using the Content Lifecycle to Maximize Content ROI
7 Experts on Using the Content Lifecycle to Maximize Content ROI
 
Iron Mountain: 8 Experts on Workplace Transformation
Iron Mountain: 8 Experts on Workplace TransformationIron Mountain: 8 Experts on Workplace Transformation
Iron Mountain: 8 Experts on Workplace Transformation
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container Vulnerabilities
 
Resetting Your Security Thinking for the Public Cloud
Resetting Your Security Thinking for the Public CloudResetting Your Security Thinking for the Public Cloud
Resetting Your Security Thinking for the Public Cloud
 
Ntiva: 8 Experts on Outsourcing IT for Strategic Advantage
Ntiva: 8 Experts on Outsourcing IT for Strategic AdvantageNtiva: 8 Experts on Outsourcing IT for Strategic Advantage
Ntiva: 8 Experts on Outsourcing IT for Strategic Advantage
 
Iron Mountain: The Essential Guide To Understanding Digital Transformation
Iron Mountain: The Essential Guide To Understanding Digital TransformationIron Mountain: The Essential Guide To Understanding Digital Transformation
Iron Mountain: The Essential Guide To Understanding Digital Transformation
 
Kyriba: Taking Treasury From Reactive to Proactive- Quotes from the Experts
Kyriba: Taking Treasury From Reactive to Proactive- Quotes from the ExpertsKyriba: Taking Treasury From Reactive to Proactive- Quotes from the Experts
Kyriba: Taking Treasury From Reactive to Proactive- Quotes from the Experts
 

Kürzlich hochgeladen

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

7 Experts on Implementing Microsoft 365 Defender

  • 1.
  • 2. 2 INTRODUCTION Securing complex IT environments is difficult. With office solutions, email, collaboration, file sharing, and other applications residing on premises or spanning multiple cloud environments, an IT environment’s attack surface can be as frustrating to defend as it is attractive to attack. Microsoft has invested heavily in its security offerings so that they now provide among the best protection available today. Microsoft 365 Defender is a suite of integrated tools for protecting endpoints, Office 365 applications, identities, and cloud applications. People with existing Microsoft E5 licenses may not even know that all these tools are already available to them as part of their license. The challenge is how best to deploy and configure these tools for maximum benefit. With the generous support of BlueVoyant, we set out to learn how by asking seven security experts the following question: Given your experience with Microsoft 365 Defender, what advice can you offer for transitioning to and optimizing these tools? The experts point out that Microsoft makes it easy to deploy these tools, although properly configuring them to optimize operation and manage costs requires skill and effort. This ebook provides basic, practical approaches to implementing Microsoft 365 Defender and suggestions for managing the tools so that they meet changing security requirements. © 2021 Mighty Guides, Inc. I 9920 Moorings Drive I Jacksonville, Florida 32257 I 516-840-0244 I www.mightyguides.com Mighty Guides make you stronger. These authoritative and diverse guides provide a full view of a topic. They help you explore, compare, and contrast a variety of viewpoints so that you can determine what will work best for you. Reading a Mighty Guide is kind of like having your own team of experts. Each heartfelt and sincere piece of advice in this guide sits right next to the contributor’s name, biography, and links so that you can learn more about their work. This background information gives you the proper context for each expert’s independent perspective. Credible advice from top experts helps you make strong decisions. Strong decisions make you mighty. David Rogelberg Editor Mighty Guides, Inc. 2
  • 3. 3 New approaches to cybersecurity are needed more than ever! The pandemic has led to exponential growth in remote employees, expanding the attack surface for companies big and small. Security teams struggle to cobble together solutions consisting of technologies from multiple vendors, many of which were only designed to operate in legacy environments. Integration complexities, a lack of security resources, and unrelenting attacks from cyber criminals have made securing the organization a seemingly unattainable goal. So what is the solution to eliminating this pain while also providing the security your company needs in a cloud-first world? We believe a cloud-native, fully integrated security solution is what makes the most sense. To bring our vision to life, we partnered with Microsoft to build consulting, implementation, and managed security services around their SIEM and XDR tools that deliver the outcomes needed by companies operating in today’s dangerous, highly interconnected world. This Mighty Guide, one of three in a series, was written to help you better understand how specific Microsoft security tools are being used by companies today and help you benefit from the lessons they have learned. Enjoy the book! Milan Patel Global Head of Managed Security Services BlueVoyant BlueVoyant is an expert-driven cybersecurity services company whose mission is to proactively defend organizations of all sizes against today’s constant, sophisticated attackers and advanced threats. Led by CEO - Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real- time datasets with industry-leading analytics and technologies. Founded in 2017 by Fortune 500 executives and former Government cyber officials and headquartered in New York City, BlueVoyant has offices in Maryland, Tel Aviv, San Francisco, London, and Latin America. FOREWORD
  • 4.
  • 5. OSCAR MONGE Rabobank, Security Solutions Architect, pg. 15 MEET OUR EXPERTS TOM DUGAS Tom Dugas, Assistant Vice President and Chief Information Security Officer, pg. 23 SAJED NASEEM New Jersey Courts, CISO, pg. 21 JAMES P. COURTNEY II J&M Human Capital and Cybersecurity Consultants, LLC, CEO/CISO, pg. 6 REBECCA WYNN Global CISO & Chief Privacy Officer, pg. 18 MAARTEN LEYMAN delaware BeLux, Senior Security Consultant, pg. 12 LAWK SALIH Independent Community Bankers of America, Vice President, Technology Systems and Services, pg. 9
  • 6. 6 “A big advantage of Microsoft 365 Defender is its breadth of integrated security functions combined with the fact that you do not need to enable everything in the suite at once.” More Integrated Data Delivers a Bigger Security Picture Microsoft 365 Defender (formerly Microsoft Threat Protection) is a suite made up of four security tools: • Microsoft Defender for Endpoint (endpoint and cloud behavioral analytics, device risk scoring, threat intelligence, and automated investigation and remediation) • Microsoft Defender for Office 365 (security for email and collaboration tools) • Microsoft Defender for Identity • Microsoft Cloud App Security Many of the Microsoft 365 Defender security tools work across platforms to cover non-Windows environments, although Microsoft product integrations make the tools easier to implement in a purely Microsoft environment. These security applications are well suited to on-premises infrastructures and hybrid infrastructures with cloud-based resources and applications. A big advantage of Microsoft 365 Defender is its breadth of integrated security functions combined with the fact that you do not need to enable everything in James P. Courtney II is a Certified Chief Information Security Officer with two decades of diversified experience in cybersecurity. He focuses on FAIR risk management; information systems security; database security; policy; and governance based on NIST, GDRP, FISMA, and FedRAMP as well as maintaining a high standard for setting benchmarks that promote growth and a mature system security plan to achieve strategic goals. James P. Courtney II, J&M Human Capital and Cybersecurity Consultants, LLC, CEO/CISO
  • 7. the suite at once. This flexibility gives you the opportunity to consider your current security needs while thinking about where you want to be in the next three to five years. Activating more security functions in the Microsoft 365 Defender suite involves turning on the licenses for those features—no additional deployment necessary. This design is a big advantage over piecemeal security solutions that require rolling out agents on all your systems for each new tool. With Microsoft 365 Defender, you add security capabilities by turning on features that then tap into the data flow already being monitored and analyzed. Some aspects of Microsoft 365 Defender may be challenging for those new to the product. For instance, the tools use machine learning to analyze activity data, but they look at more than typical endpoint detection and response features. If the security team is not used to the way Microsoft 365 Defender receives and delivers information for analysis and how it integrates that information into its automation features, the learning curve could be significant because with these tools, analysts will see information that they may not be used to seeing. As a result, you may need to develop new policies and procedures on how your team analyzes and responds to data. For instance, if your team has been conducting risk assessment in a certain way as part of incident evaluation to support decisions about escalation, having more information could affect those risk scores. Now, you must adjust that risk-scoring process because you have access to more data than you had before. In contrast, from a security perspective, more data is always better. If I’m getting a view of my email, my endpoints, my identity, my apps and my overall infrastructure, and I can see more information or more events and better correlate them than I could before, I can react more quickly to an incident. 7 If I’m getting a view of my email, my endpoints, my identity, my apps, my overall infrastructure, . . . I can react more quickly to an incident.
  • 8. 8 Having the ability and bandwidth to process all the data coming in centrally is an important success factor. A more integrated view of what is happening in the environment also helps you increase efficiency across the board—for your security teams; for your security operations center investment; even for your networking teams, which will have information to more easily spot failings in the network. If you do not have the resources to use the additional data that the integrated tools of Microsoft 365 Defender provides, consider working with a managed security services provider to either gain that support or help you make that transition. Key Points 1 2 Activating more security functions in Microsoft 365 Defender involves turning on the licenses for those features—no additional deployment necessary. This is a big advantage over piecemeal security solutions that require rolling out agents on all your systems for each new tool. Microsoft 365 Defender looks at more data than typical endpoint detection and response tools, which may require developing new policies and procedures on how you score risk when evaluating alerts and incidents. 8 James P. Courtney II, J&M Human Capital and Cybersecurity Consultants, LLC, CEO/CISO
  • 9. 9 “A big advantage of Microsoft Defender is the amount of visibility it provides. When an alert comes in, you want to be able to get to your logs right away to see what’s going on.” Consolidation and Visibility Add Real Value For us, implementing the Microsoft 365 Defender suite was part of a consolidation strategy. Consolidation was, in turn, part of our digital transformation strategies. We wanted to improve security, save money, and reduce management overhead. It was not just about consolidating vendors: It meant consolidating and centralizing all the logs generated from the endpoints and infrastructure so that we could go to one dashboard for all of our security monitoring, detection, and remediation. When coronavirus disease 2019 (COVID-19) hit, suddenly everyone was taking laptops home. While our devices had the endpoint protection, we could not put any kind of protection on the employee's home routers or those similar on corporate infrastructure. For example, in the corporate environment we have access to a 24/7 security operations center known as SOC to monitor unauthorized activities on the network. We wanted to monitor the exposure level of the traffic and risk level and set alerts as necessary. Additionally, we wanted to set controls over what was and was not authorized at the endpoint. Cloud app and endpoint security tools in Microsoft 365 Defender enabled us to do that with much detailed analysis into discovered apps, total throughput, bandwidth-intensive apps, and remediation policies to protect our employees. Lawk Salih is Vice President of Technology Systems and Services for Independent Community Bankers of America (ICBA). In his role, Lawk leads cloud migration efforts, the cybersecurity program, infrastructure, and customer service support in alignment with the ICBA’s strategic goals. He has more than twenty years of experience in IT, including fifteen years with nonprofit organizations and trade associations. Lawk Salih, Independent Community Bankers of America, Vice President, Technology Systems and Services
  • 10. A big advantage of Microsoft Defender is the amount of visibility it provides. When an alert comes in, you want to be able to get to your logs right away to see what’s going on. This is what the dashboard does. It is simple to follow and it enables you to hunt for threats and navigate around IP addresses involved in an incident; where applicable, the incident also includes the remediation steps for your security analysts. It’s best to use Microsoft 365 Defender with the latest version of the Windows operating system on your endpoints, especially your virtual machines. Some of the remediation capabilities are only available with the latest operating systems. Some functions, such as auto-remediation, do not work on older Windows versions. In addition to Microsoft Defender, we use Microsoft Intune for our mobile device management on all endpoints. Whether on a laptop or a smartphone, Intune assists us to set compliance policies and profiles to defend against security threats. Intune can also be used as a deployment configuration tool to push apps to your employees in an automated fashion. While we continue to work remotely, this feature has been instrumental to our system administrators. Of course, always test your configurations with a few machines in your environment before rolling it out across the organization. Do all your learning at the proof-of-concept stage to avoid service disruptions and to better manage your deployments. Some challenges are associated with Microsoft 365 Defender that may be more significant for smaller organizations. One is cost. There is a lot of value in these integrated tools, but the cost may be different from what you expect. Start with those baseline configurations, and scale up the licenses to meet your needs. Another is learning the system. Microsoft makes a lot of good information available on the tools it provides, but you need to own this process to understand how best to configure them for your environment. 10 A key success factor in any security deployment is monitoring the dashboards. You can never monitor enough.
  • 11. 11 Key Points 1 2 Always test your configurations on a few machines in your environment before rolling them out across the organization. Do all your learning at the proof-of-concept stage to avoid service disruptions and to better manage your deployments. Microsoft has made their security tools simple to learn, deploy, and adopt. However, organizations that do not have the internal skills may find it beneficial to outsource to an MSSP to achieve the greatest value possible. Lawk Salih, Independent Community Bankers of America, Vice President, Technology Systems and Services A key success factor in any security deployment is monitoring the dashboards. You can never monitor enough. You must continuously monitor and train the ML/AI if the alerts it generates are good alerts versus false positives. This is the only way the system will improve and stay tuned to your environment. Many organizations outsource their security monitoring and detection controls to managed security service providers (MSSP). Some organizations may need help with the 24/7 monitoring and tuning necessary to keep the system optimized. Or, they may need expertise in configuration or building playbook remediation processes. Microsoft has made their security tools very simple to learn, deploy, and adopt. However, some organizations may not have this skill set internally; therefore, it may be beneficial for them to outsource to an MSSP to achieve the greatest value possible. I always recommend building knowledge internally to be effective at using the security tools.
  • 12. 12 “When implementing these security tools, I suggest beginning with those that are easiest to implement.” When Deploying Microsoft 365 Defender, Start with the Easiest Tools in the Suite Microsoft 365 Defender is a set of products that includes Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Cloud App Security. When implementing these security tools, I suggest beginning with those that are easiest to implement. The easiest of all is Microsoft Defender for Office 365. Microsoft Defender for Office 365 uses features such as Safe Attachments, Safe Links, and anti-phishing policies to protect user emails and files shared through SharePoint, OneDrive, and Microsoft Teams. For example, when Safe Links is enabled, Microsoft Defender for Office 365 scans links in emails, files, and email attachments. If it detects a malicious link, it prevents anyone from opening it. If someone tries it, Defender for Office 365 displays a message that the link is unsafe and stops them. Microsoft Defender for Office 365 also has an attack simulator that enables you to target your organization with a phishing campaign using a fake link to trick users into giving up their passwords. It’s a great tool for creating user awareness, and it gives you insight into how users in the organization respond Maarten Leyman is a Senior Security Consultant with experience in the full Microsoft 365 security suite and Azure security. In 2013, he started his career at delaware BeLux, where he performs security assessments and conducts workshops at customer sites to identify security risks. He also helps fine-tune IT architecture and implementations to increase overall security at customer locations and mitigate possible threats. Maarten Leyman, delaware BeLux, Senior Security Consultant
  • 13. to phishing attacks. In the past, you needed separate tools to run attack simulations. Those tools are now built into Microsoft 365 Defender. Microsoft Defender for Office 365 is the easiest tool to start with because as an IT administrator, you can enable it with just a few clicks. It also has no disruptive impact on users. The only thing they might notice is that the tool rewrites URLs in emails and documents. The next-easiest tool is Microsoft Defender for Identity, which simply involves installing a sensor on each domain controller. This sensor monitors user activities and sends that data to the cloud, where the tool looks for unusual behavioral patterns. Microsoft Defender for Identity also correlates security activity through all the domain controllers, which you can see in a portal. Microsoft Defender for Endpoint provides more comprehensive protection of your entire environment. It is an endpoint detect and response (EDR), threat and vulnerability management, and attack surface reduction solution with auto investigation and remediation capabilities. Its implementation is a bit more complex. It has strong integration capabilities with the other Microsoft 365 Defender features. Some examples are: • Integration with Cloud App Security for detection and control of shadow IT. • Integration with Microsoft Defender for Identity to track, correlate, and map user behaviors involving multiple machines, making it easier to understand an alert that is occurring in the environment. • Integration with Endpoint Manager to easily reduce the attack surface and vulnerabilities on the devices. 13 The Microsoft 365 security center consolidates data from all the tools into one view, which makes it much easier to detect a problem and take correct actions.
  • 14. When implementing these tools, begin with a pilot involving a small group of users, such as a security team, to make sure that everything works as it should. Then, expand to a workgroup of real users. If everything goes well, you can scale more widely across the organization. In addition, use the Microsoft 365 security center. Microsoft 365 Defender solutions have their own portals, which can become confusing when you are using multiple tools. The Microsoft 365 security center consolidates data from all the tools into one view, which makes it much easier to detect a problem and take corrective actions. You should also evaluate the knowledge and expertise of your security team. When using these tools together, it can take time to set them up and configure them properly. They also require continuous monitoring and refinement. Every organization is different, but many will benefit from having a managed security services provider (MSSP) involved in deploying, monitoring, and optimizing the tools. MSSPs can speed time to value through customized deployment templates, and they have expertise in interpreting all the information coming out of the tools. 14 Maarten Leyman, delaware BeLux, Senior Security Consultant Key Points 1 2 With Microsoft Defender for Identity enabled, you can track, correlate, and map individual behaviors involving multiple machines, making it easier to understand an event that is occurring in the environment. Consider having an MSSP involved in deploying, monitoring, and optimizing Microsoft 365 Defender. MSSPs can speed time to value through customized deployment templates, and they have expertise in interpreting all the information coming out of the tools.
  • 15. 15 “Microsoft 365 Defender is a suite of individually licensed products, and you have choices about which parts of the suite to implement.” Engage with Experts Who Can Help Optimize Your Deployment Whenever you adopt any new technology in an organization, you should first go through the product documentation and become familiar with all the features available to you. The organization needs to understand the benefits and constraints of each license type—and not just the money. It’s about aligning the features you require with your organization’s needs in a way that gets you the best return on your investment. That approach is important for successful adoption of the technology within the organization. Whether you work with in-house subject matter experts or external consultants, matching the technology to your requirements should be done by someone who can act as an evangelist within the organization. This person does not have to be someone who thinks that a particular product is the best on the market. Rather, this person should be someone who can review and understand the documentation, understand how to apply the technology to meet the organization’s goals, and help roll out the technology in an optimized manner. Microsoft 365 Defender is a suite of individually licensed products, and you have choices about which parts of the suite to implement. At the end of Oscar Monge is a seasoned information security professional with more than seventeen years of experience. He is a Security Solutions Architect at Rabobank, where he helps shape security monitoring direction and technology integration. Oscar is passionate about technology and its alignment to IT business needs. Oscar Monge, Rabobank, Security Solutions Architect
  • 16. the day, product selection must align to the needs of the business, which means aligning to the organization’s risk appetite, mid- and long-term security strategies, and technical capabilities. Microsoft makes it easy to enable and start using the products in Microsoft 365 Defender. The bigger challenge is effectively using the Microsoft 365 Defender controls to operate the business in a more secure fashion. You must be able to consume the data and use automation features effectively. Just turning on an automation does not mean it will magically perform the way you want. Someone who understands the technology must observe its function to determine if it is doing what the organization expects or if it must be tuned. Microsoft makes it easy to communicate with its experts, who can provide insights into problems you may encounter with the product. It’s a good idea to use that communication channel. One of the great advantages of Microsoft 365 Defender is that it so easily integrates with other Microsoft products. This is an important feature because from a security standpoint, you typically have only one point of view of an incident. The level of integration built into these products enables you to evaluate a single event from different points of view. In the past, Microsoft had separate dashboards for each security solution. Now, it has consolidated those dashboards into a single admin center. Multiple data sources in one portal make it easier to gain a complete picture of an observed activity. Analysts can see the 16 The level of integration built into these products enables you to evaluate a single event from different points of view.
  • 17. 17 whole kill chain of an incident more quickly, and then take decisive action. When implementing Microsoft 365 Defender, I suggest: • Implementing all out-of-the-box controls and automations that are pertinent to your organization; • Monitoring the performance of those automations to make sure that you are getting the automated responses you need and can step in when more information and fine-tuning is required; and • Using product and data integrations as much as possible. Also, consider using outside expertise to help accelerate and optimize your implementation. 17 Key Points 1 2 You need to understand the benefits and constraints of different license types so that you can align the features you require with your organization’s needs in a way that gets you the best return on your investment. Microsoft makes it easy to enable and start using the products in Microsoft 365 Defender. The bigger challenge is effectively using the tool’s controls to operate the business in a more secure fashion. Oscar Monge, Rabobank, Security Solutions Architect
  • 18. 18 “The Microsoft 365 Defender tools provide a holistic view of what is happening in the environment.” Intelligent Security Tools Do Not Replace Knowledgeable Security Administrators When deciding where to begin with Microsoft 365 Defender, the primary objective is to reduce risk as quickly and efficiently as possible. There are a couple of ways to look at that. One is to identify what the greatest impact of an attack would be, and then protect against that risk first. The other is to look at where your greatest exposure is and protect that first. Most organizations think in terms of reducing exposure first, and the best place to start is with users. The quickest way to reduce user exposure with the Microsoft 365 Defender tools is to begin with Microsoft Defender for Office 365. This tool protects Microsoft Outlook email, OneDrive, SharePoint, and Microsoft Teams—the places where most users are exposed daily. Implementing this tool is easy, and its cost is based on the number of Office 365 licenses you have. As you prepare to roll out these tools, first review the documentation. Microsoft does a good job of providing online videos and documentation about how to use the products. The documents support not only security and compliance professionals but also administrators. Another important Dr. Rebecca Wynn received the 2017 Cybersecurity Professional of the Year– Cybersecurity Excellence Award, was Chief Privacy Officer of SC Magazine, is a Global Privacy and Security by Design International Council member, and was 2018 Women in Technology Business Role Model of the Year. She is lauded as a “gifted polymath and game- changer who is ten steps ahead in developing and enforcing cybersecurity and privacy best practices and policies.” Rebecca Wynn, Global CISO & Chief Privacy Officer
  • 19. step is to take a thorough IT asset inventory. You need to understand the types of systems you have, where they are, and the networking devices in use—all elements that affect your use of the security tools. Finally, talk to the core stakeholders in the organization’s IT systems. The success or failure of your implementation depends on their support. The Microsoft 365 Defender tools provide a holistic view of what is happening in the environment. One challenge organizations have is choosing the right person to be the security system administrator. That person needs to monitor the dashboards, take actions when appropriate, and fine-tune the tools. This person must have security analytical skills. The tools are excellent, and they use machine learning to reveal issues that require action. It’s easy to forget that even if you need few staff members looking at those dashboards because the tool is now correlating everything for you, you still have to have people who know how to do the work of answering difficult questions, taking critical actions, and optimizing the tools. An important part of tool optimization is being mindful of the data you collect. The tools in Microsoft 365 Defender can consume enormous amounts of data, and that can have costs and create analytical noise. Do you care about every time in a workday a computer went to sleep and the user pressed the spacebar to wake it back up? That’s not a mindful event. Why is a user in a different geolocation suddenly getting locked out of his or her system? That’s an interesting anomaly. For some companies, it makes sense to have a managed security services provider (MSSP) help monitor and administer these tools. Microsoft’s tools are changing, and you no longer need an army of people staring at screens and 19 An important part of tool optimization is being mindful of the data you collect.
  • 20. 20 correlating every event. When you think about system administration needs, the important consideration is not the number of events you are dealing with but the number of actual items producing alerts of critical, high, or medium risk. Microsoft 365 Defender is driving greater security process efficiency. For many companies, the best model is not necessarily a fully managed security operations center (SOC) but a hybrid model in which the MSSP comes in periodically to work with the team for greater effectiveness and efficiency. One advantage of a managed SOC is that the MSSP can typically source talent more quickly than your in-house security team and, if that talent isn’t quite working for you, quickly make changes. 20 Key Points 1 2 It’s easy to forget that even if you need fewer staff members looking at those dashboards because a tool is now correlating everything for you, you still need people who know how to do the work of answering difficult questions, taking critical actions, and optimizing the tools. When you think about system administration needs, the important consideration is not the number of events you are dealing with but the number of items producing alerts of critical, high, or medium risk. Rebecca Wynn, Global CISO & Chief Privacy Officer
  • 21. 21 21 “If an alert comes in through our security information and event management tool, we can look at it, isolate the machine, and check it out with just a few clicks.” Microsoft 365 Defender Delivers Fast Answers If You Know How to Interpret the Data Microsoft 365 Defender is a product that is made up of several tools, all included in a Microsoft 365 E5 license. The suite has significant functionality in terms of being able to install sensors and use indicators of compromise. It also has a networking interface so that if somebody is attacked by a particular virus, you can easily search the entire organization for all other occurrences of that virus. You can also access threat intelligence information to see the global extent of a particular attack you are experiencing. When a machine is compromised, Microsoft 365 Defender enables you to use automation to isolate that machine quickly and prevent anyone from signing in to it. In fact, Microsoft 365 Defender allows a lot of customization in terms of the functions and actions you can automate. One tool in the Microsoft 365 Defender suite is Microsoft Cloud App Security, a cloud-based cloud access security broker that monitors all user activities with cloud-based apps. The tool looks at IP addresses associated with user activity and can alert you if things are happening in the network that should not be. For example, if somebody is signed in to a computer in New York City, and then signs in again an hour later in San Jose, the system will flag that as something that should not be happening. Sajed (Saj) Naseem is Chief Information Security Officer (CISO) of New Jersey Courts, where he focuses on cybersecurity readiness and performance, information governance, and network security. Sajed has more than twenty years of experience and holds master’s degrees from St. John’s University and Columbia University, where he is an adjunct professor. Sajed Naseem, New Jersey Courts, CISO
  • 22. 22 An important and powerful feature of Microsoft 365 Defender is its ability to track activity in great detail. You see detailed activity and timelines for anyone working in the environment. This information is also searchable, so if you query the system about who clicked a particular link, that search will encompass the entire organization and provide a detailed track of that activity. It does this quickly, which speeds alert analysis and enables you to get fast answers to questions. If an alert comes in through our security information and event management tool, we can look at it, isolate the machine, and check it out with just a few clicks. When installing Microsoft 365 Defender on endpoints, it’s important that all your server operating systems be up-to-date. Microsoft 365 Defender will not run on older Windows Server and Windows operating systems. For some organizations, particularly if you have a large environment with decentralized IT groups, this can be a time- consuming task. Another important point to keep in mind is that Microsoft 365 Defender is different from traditional antivirus and other siloed security solutions. Microsoft 365 Defender integrates many different security functions. To use it effectively, your security team needs a deeper, more holistic understanding of what is going on in your environment so that they better interpret the alerts and information the system provides. It is important that team members have training in these areas; depending on the depth of expertise in the organization, you may need to consider working with a security service provider to get the most out of Microsoft 365 Defender. 22 Key Points 1 2 Microsoft 365 Defender provides highly searchable information. If you query the system about who clicked a particular link, it will search the entire organization and provide a detailed track of that activity. It does this quickly, which speeds alert analysis and enables you to get fast answers to questions. It is important that the security team be trained to understand what the system is telling them. Depending on the depth of expertise in the organization, you may need to consider working with a security service provider to get the most out of Microsoft 365 Defender. Sajed Naseem, New Jersey Courts, CISO
  • 23. 23 23 “One big advantage for us in using Microsoft Defender for Office 365 is that it seamlessly plugged into our existing environment.” Rapidly Reduce Email-Based Attacks When the Chief Information Officer brought me in to create the first-ever Information Security Office at Duquesne University, we discovered that we were getting inundated with email attacks related to phishing, spear phishing, spoofing, and various scams. We actually had hundreds of compromised accounts every year, largely because each year we had new students and new faculty who did not know what to expect. They were unfamiliar with each other and people on campus. Exploits typically began with email attacks on new students. Stolen student credentials would then be used to attack faculty and staff. To find a solution, we created a proof of concept with top vendors. We chose Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection), which is part of the Microsoft 365 Defender suite. Implementing that tool reduced the number of compromised accounts on campus by 95 percent. Note that when deploying this or any security solution, it’s important to talk to peers and partners who have done this before and can suggest lessons they learned from their experiences. Tom Dugas is Assistant Vice President and Chief Information Security Officer (CISO) of Duquesne University, where his responsibilities include cybersecurity, identity and access management, and data governance. In 2019, Tom was recognized as CISO of the Year by the Pittsburgh Technology Council. Tom is an alumnus of Robert Morris University, the 2009 EDUCAUSE Leading Change/Frye Leadership Institute, and the 2006 EDUCAUSE Institute Leadership Program. Tom Dugas, Tom Dugas, Assistant Vice President and Chief Information Security Officer
  • 24. 24 Two essential features are added when you implement Microsoft Defender for Office 365. One is Safe Links, which rewrites familiar links in your emails so that they become long Safe Links addresses. This behavior enables the tool to check links for malicious activity and detonate them in a sandbox to make sure there is no malware. The tool also checks against a safe sender list to make sure that emails are sent from a reputable site. The second feature is Safe Attachments, which inspects all attachments sent into your community to determine whether they contain malware. The Microsoft 365 Defender product line does a great job inspecting attachments and files to make sure that they are safe to use. It is important that you have the ability to decipher logs and respond to issues quickly. You still need an incident response plan; you need to understand how to respond to the particular malicious activities that surface; and, most importantly, you need a way to communicate that risk to the environment in case something is happening. As you become more comfortable with the suite, you can tune it up or down to optimize it for the level of risk your organization can tolerate. One big advantage for us in using Microsoft Defender for Office 365 is that it seamlessly plugged into our existing environment. That really reduced the time we needed to get it up and running. We were surprised at how quickly it became productive in our environment and how much time it saved us because we were no longer chasing down so many email attacks. 24 It is important that you have the ability to decipher logs and respond to issues quickly. You still need an incident response plan.
  • 25. 25 Another nice thing about the Microsoft Defender for Office 365 is that it works across the entire Office 365 stack. Whether you are in OneDrive, Microsoft Outlook, Microsoft Teams, or another tool, it all seamlessly fits together in that product stack. Although we do not have all the other products within the Microsoft family yet, I know it will be easy to layer them in when we are ready. 25 25 Key Points 1 2 Microsoft Defender for Office 365 uses Safe Links to check links in email and documents for malicious activity. It uses Safe Attachments to inspect attachments to make sure they are safe. Even with Microsoft Defender for Office 365 implemented, you need to understand how to respond to the particular malicious activities that surface, and—most importantly— you need a way to communicate that risk to the environment in case something is happening. Tom Dugas, Tom Dugas, Assistant Vice President and Chief Information Security Officer