Microsoft Defender for Endpoint makes its mark at Microsoft Ignite 2022 with three announcements at this year’s event:
- Save 50% on Microsoft Defender for Endpoint
- Partnership with Corelight and integrating Windows with open-source project, Zeek, to deliver deep packet inspection
- Detect and remediate command and control attacks at the network layer
Save 50% on Microsoft Defender for Endpoint
The evolving threat landscape has pushed many organizations to rethink their current security approach. To help organizations adapt to these new dynamics, while considering recent macroeconomic pressures, we’re excited to announce a limited-time offer to save 50% on Microsoft Defender for Endpoint P1 and P2 licenses .
Microsoft Defender for Endpoint is a leading endpoint protection solution that goes beyond legacy antivirus, securing organizations with intelligent detection and response capabilities to rapidly stop threats. It enables organizations to save time and resources with automation – managing incidents, prioritizing alerts, and remediating threats automatically, while minimizing complexity across multi-platform environments by streamlining security processes with a unified experience for Windows, Linux, Mac, iOS, and Android devices.
For many organizations looking for a comprehensive security strategy, Defender for Endpoint is often the first step towards end-to-end protection with Microsoft 365 Defender – Microsoft’s Extended Detection and Response (XDR) solution. It provides integrated threat protection across endpoints, email, documents, identities, and cloud apps – helping stop breaches throughout the entire organization.
Defender for Endpoint expands capabilities at the network layer
Over the past few years, organizations have been experiencing an uptick in network-based attacks targeted at the endpoint. While many endpoint solutions do a great job at neutralizing these threats, it is difficult for security teams to gather insights that help better identify nefarious network communications occurring on the device in the early stages of an attack. By enhancing our endpoint security defenses to deliver even more protection at the network layer, organizations can be quicker at detecting and remediating these threats.
Open source partnership delivers deep packet inspection support
Organizations can improve their investigation efforts and reduce the time it takes to mitigate network-based threats by having better visibility into the endpoint activity happening at the network layer.
We are pleased to announce that Microsoft Defender for Endpoint has enhanced the way it addresses these attacks with deep packet inspection support through our newest open source integration with Zeek. This feature provides organizations with greater visibility into network signals across all Defender for Endpoint devices, giving security teams richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities.
Thanks to our partnership with Corelight, a leader in open source Network Detection and Response (NDR), and Microsoft’s commitment to support open source projects, we have integrated Windows and Zeek to help organizations better detect network-based attacks and enhance threat and vulnerability investigation. The new integration will help organizations improve their overall endpoint posture and we are excited to have realized these capabilities with successful partnerships in the open source community.
Detecting and remediating command and control attacks at the network layer
To quickly detect and clean up botnet infections, SecOps teams need security tools with strong detection capabilities that generate more precise alerts to accurately define and remediate areas of compromise known to have connected with malicious IPs.
We are excited to announce the recent release of Network Protection command and control (C2) detection and remediation capabilities in Microsoft Defender for Endpoint. With these new capabilities, SecOps teams can detect network C2 attacks earlier in the attack chain, minimize the spread by rapidly blocking any further attack propagation, and reduce the time it takes to mitigate by easily removing malicious binaries.
This capability works by inspecting network packets and examining them for any types of C2 malware configuration patterns. The Network Protection (NP) agent in Defender for Endpoint determines the true nature of the connection by mapping the outbound connection’s IP address, port, hostname, and other NP connection values, with the Microsoft Cloud. If our AI and scoring engines powered by the cloud deem the connection malicious, actions are taken to block the connection and malware binaries are rolled back on the endpoint to the previous clean state.
After detection, an alert will surface under “Incidents and alerts” in the Microsoft 365 Defender portal where the SecOps team can observe the alert name, the severity-level of the detection, device status, and other details. Security teams can see more details on the alert with a full timeline and attack flow relative to their environment.
More at Microsoft Ignite 2022
Make the most out of Microsoft Ignite and learn more about today’s announcements or join a live product roundtable with our product teams.
- Watch the Microsoft Ignite session “What’s new in SIEM and XDR: Attack disruption and SOC empowerment” for more announcements across SIEM + XDR.
- Interested in helping our teams design the future of our products? Join one of the roundtable discussions during Microsoft Ignite with our product teams!
- Learn more about XDR innovations in this blog
- Start a trial of Microsoft Defender for Endpoint