Upgrade to Microsoft Defender ATP.
The endpoint security market is crowded with competition. From Kaspersky to AVG, or McAfee and Norton/Symantec products, there is an entire industry built to suit consumer, prosumer and enterprise markets. As we look into enterprise solutions, Carbon Black, CrowdStrike, Sophos and a few other players make a good case for themselves, but Microsoft has been investing heavily in their security (over $1 billion per year) and has taken the lead with their flagship endpoint detection and response (EDR) tool “Microsoft Defender Advanced Threat Protection” (MDATP): the business implementation of Microsoft Defender.
Microsoft Defender ATP Licensing
MDATP premiered two years ago, but the licensing has always been a point of confusion for many businesses. Until just recently, the only way to get MDATP was a pricey bundled SKU (Microsoft 365 E5 $57/user/month, Windows 10 E5 $11/user/month) or an add-on license (Microsoft 365 E5 Security $12/user/month) that required you to have Microsoft 365 E3 or Office 365 E5 licenses. While these bundled SKUs are a great value for businesses that need the included services, those only interested in MDATP found licensing too complex and often too expensive.
Licensing MDATP just got a whole lot easier as the standalone SKU launched in March for CSPs and Enterprise licensing. MDATP standalone is $5.20 per month, per user on up to five devices or per server. The value is impossible to beat for the quality of the tool, the tightly integrated ecosystem and the added value afforded by the intelligence component of the dashboard. Compared to the industry standard, which is often licensed by endpoint, Microsoft has priced the software per user in order to differentiate and bring immense value to their clientele in the increasingly complex world of antivirus (AV) and EDR. In companies that have an increasingly complex, diverse and connected workforce, this is potentially a huge cost savings over competitors. If you were on the fence before, perhaps it's time to take another look at Microsoft Defender ATP.
But Why Choose Enterprise Advanced EDR Tools At All?
The most important thing to understand about modern AV software is that malware has evolved aggressively over the last decade, but the approach to securing against their attacks has advanced much more slowly. As such, most products balance speed, security and other performance metrics in order to sell the perceived value of security while not really securing users’ systems against advanced threats. Common antivirus solutions are efficient at detecting malicious files on disks, for example, but over the years, more sophisticated threat actors have adapted. In order to successfully deploy malware, threat actors have made wider use of “fileless” malware in order to circumvent traditional AV protection. These advanced payloads run directly in memory without ever dropping an executable file on the disk.
Since no malware file touched the hard drive, there was not ever a signature on the disk – which is what traditional AV software is scanning for. As a result, even with up-to-date, consumer-grade AV software, these more sophisticated malware attacks remain completely undetected. This is unforgivable in today’s threat environment, and a problem solved by MDATP's active threat intelligence.
What is more important than a reaction to an attack? On-going intelligence and proactive interception of threats. This is just one area where Microsoft Defender ATP shines by taking an active approach to monitoring systems. Rather than waiting for a threat to appear, the software proactively anticipates attacks by utilizing a wealth of forensic data it has acquired from decades of studying threat actors and their methods. Microsoft Defender ATP engages cloud look-ups to ensure the latest signature updates are considered, in order to anticipate new attacks. The cloud look-up will send suspicious files into secured detonation chambers where they are launched to simulate an attack in the cloud. If analysis identifies a program or file as malicious, the cloud signatures will be updated and made available immediately for all Microsoft Defender ATP clients – pushing them to all endpoints.
In addition to this sandbox methodology, Microsoft Defender ATP will monitor the user, process and system behavior continuously across protected organizations using their cloud-based, proprietary machine learning technology. An often overlooked aspect of Microsoft’s strength in security is that the Windows Security Research Team benefits from being able to collect the intelligence of over one billion consumer endpoint versions of their antivirus engine and deploy it instantly to Microsoft Defender ATP users. And in this sense, Microsoft Defender ATP has truly become much more than just AV software. It is a globally postured, enterprise tested, cloud-based software as a service (SaaS) tool.
Flagship Information Technology researcher, Gartner, exists to produce actionable data to be used by consumers and enterprise. They are among the most respected names in the space. In 2019, they reviewed twenty competitors in the End Point Protection (EPP) space, and created a data quadrant to show how they stack up to one another. Microsoft Defender ATP led the pack in the “Leaders” category with the highest “Ability to Execute” among all the competitors.
A big part of the reason Microsoft Defender ATP scored so high on Gartner’s EPP report is the fact that the software covers so many things and takes such a proactive approach!
Multi-layered protection: Microsoft Defender ATP provides multi-layered protection (built into the endpoint and cloud-powered) from file-based malware, malicious scripts, memory-based attacks, and other advanced threats
Threat Analytics: Contextual threat reports provide SecOps with near real-time visibility on how threats impact their organizations
A new approach to Threat and Vulnerability Management: Real-time discovery, prioritization based-on business context and dynamic threat landscape, and built-in remediation process speed up mitigation of vulnerabilities and misconfiguration
Built-in, cloud-powered protections: Real-time threat detection and protection with built-in advanced capabilities protect against broad-scale and targeted attacks like phishing and malware campaigns
Behavioral detections: Endpoint detection and response (EDR) sensor built into Windows 10 for deeper insights of kernel and memory, and leveraging broad reputation data for files, IPs, URLs, etc., derived from the rich portfolio of Microsoft security services
“Deployment” is as easy as it gets by being built directly into the operating system. There is no agent to deploy, no delays or compatibility issues, and no additional performance overhead or conflicts with other products. No deployment and no on-premises infrastructure directly leads to lower TCO.
Contain the threat: Dramatically reduces the risk by strengthening your defenses when potential threats are detected. Microsoft Defender ATP can automatically apply Conditional access to restrict the endpoint from accessing corporate data until the threat was remediated.
Automated security: From alerts to remediation in minutes – at scale. Microsoft Defender ATP leverages AI to automatically investigate alerts, determine if a threat is active, what course of action to take, and then remediate complex threats in minutes.
Secure Score: Watch your security score rise in the Microsoft Defender Security Center as you implement automated and recommended actions to protect both users and data. Microsoft Defender ATP not only tells you that you have a problem, but Microsoft Defender ATP also recommends how to solve it (and track the execution) with Secure Score. Vulnerability and configuration information provide weighted recommendations and actions to improve endpoint hardening and compare the current posture with the industry and global peers for benchmarking.
Microsoft Threat Experts: Microsoft has your back — with Microsoft’s managed detection and response (MDR) service (called Microsoft Threat Experts), Microsoft supports customers’ incident response and alert analysis. Our automated threat hunting service helps ensure that potential threats don’t go unnoticed. Source: Microsoft
Unified EDR Across All Your Operating Systems, Microsoft Defender ATP Supported Operating Systems
Microsoft Defender ATP is one EDR solution that can cover all your endpoints, supporting the most common operating systems used in business at no additional cost. Native mobile device support for iOS and Android scheduled for release later this year. As per Microsoft's minimum system requirements, Microsoft Defender ATP will run natively on the following platforms:
Supported Windows versions