In this engaging episode of “Late Night Brew,” Robert Buktenica and Jonathan Hazelden delve into the multifaceted world of Microsoft Defender. Jonathan, shares insights on various areas covered by Microsoft Defender, including endpoint protection for different devices, identity management with behavior observation, email collaboration security, and cloud application monitoring. The conversation highlights the suite’s expansive capabilities and the challenge of managing the influx of security notifications. The discussion also explores the integration of automation to address these concerns, offering a glimpse into the future of security management.
TIMESTAMP
00:07 – Introduction
00:44 – The Brew
01:51 – What are the main areas that Defender covers?
05:33 – What can be done to help filter through the noise?
TRANSCRIPT
Introduction
Robert Buktenica: Hello, everyone, and welcome to another episode of the Late Night Brew, where we talk the brews first, then we get around what we’re supposed to after the fact. Joining me, once again, is Jonathan Hazelden. Jon, welcome back.
Jonathan Hazelden: Hey, Buck, thanks for having me again.
Robert: Always. Before we get into a deeper dive on what Microsoft Defender covers, you know the drill. What brew are you having with me today?
The Brew
Jonathan: Today, I have one of my other favorite summer drinks which is a gin and tonic. I hope that you can see it. The gin I’ve got is actually from Sydney, Australia, and more specifically, it’s from Manly, which is a town within Sydney where I used to live, or I lived for five years.
Robert: Oh, nice.
Jonathan: It’s quite cool. My wife got it for me as a special present. It’s very good.
Robert: I love it. I do enjoy a good gin also because of my wife. Actually, we secretly coordinated offscreen, and I too have a gin and tonic, special late night gin is really what we should call this.
My gin is from a distillery in Southern Carolina, Beaufort actually. It’s called Rotten Little Bastard, which is what the distiller was called by it’s mom. They decided to name the distillery after it, which is hilarious.
Jonathan: It’s brilliant.
Robert: It is, and it’s actually really good gin too, so on top of it all. Win-win.
What are the main areas Defender covers?
Robert: Now, Defender, what are the main areas, like we covered, it’s not the old school Defender of the old days. What exactly, what are the main areas that Defender for, or Microsoft Defender covers?
Jonathan: If you think about Microsoft Defender now, it’s a Cloud native suite of products. The different products come under the banner of Microsoft 365 Defender. Underneath that, you have Microsoft Defender for endpoint. As we discussed previously, which is covering all your endpoint devices, Windows, but not just Windows, as well as IOS, Android and other platforms, and Mac as well. Mac OS it covers too. That’s the endpoint protection part.
And then you’ve got Microsoft Defender for identity, which essentially is all about your identity management, but it also integrates with your on-premise active directory to get information and signals from on-prem about potential threats.
Robert: What’s a normal login for that user kind of thing.
Jonathan: Yes, a lot of it is, or one of the critical pieces is around behavior management or behavior observation. If somebody’s regularly logging in from the same location, using the same device, et cetera, it builds up a picture of what a routine might look like for a specific user. Then when things happen outside of that common routine, that could be used as a signal that something’s wrong.
Robert: Right. Hey, this is out of character for him. Like, the host of the Late Night Brew drinking a G&T instead of a beer.
Jonathan: Yeah, exactly.
Robert: What’s going on here?
Jonathan: Something’s not quite right here. That’s your identity piece. You’ve got endpoint, identity, and then you’ve got Microsoft Office 365 Defender, which is basically your email collaboration tools, so your phishing anti, safe attachments, all those kind of tools that you use mainly around email collaboration.
The other product is Microsoft Defender for Cloud apps. It’s all about your applications, and more specifically around Cloud applications. A classic will be Office 365, but then there’s also a host of other Cloud applications, Salesforce, Box, et cetera, all these third-party applications that your users are maybe using. It’s a way to integrate and monitor what’s happening with those Cloud applications.
It integrates really well with Defender for endpoint, because that’s where it gets a lot of the data about what the users are doing that it pulls into Defender for Cloud apps.
Robert: Okay. Just to wrap that up in a neat little bow, it’s not just a built-in Microsoft web apps, it’s potentially most applications that can be added into and integrated with 365 that it connects them that protection to.
Jonathan: Yes, absolutely. I think Microsoft’s catalogue of applications that they support directly with Cloud apps is expanding all the time. I can’t remember what it was last time, it looked like thirty thousand apps, something like that.
Robert: Oh, wow, that’s a lot of apps.
Jonathan: Yeah, it’s a lot, and it’s really, really powerful.
What can be done to help filter through the noise?
Robert: Defender Suite, it covers identity, it covers endpoint, it covers what people are doing in the Cloud, that’s a lot of potential noise. What can be done to help filter through the noise? We all know the problem of, “Oh, we need to get notifications about everything,” right? Because then you’d know there’s a problem, and except you end up with a folder that has ten thousand unread messages because you get a hundred emails a day.
Jonathan: Yes. There’s a couple of things that you can do. All those products are essentially wiling to grow with the Microsoft security suite or the Defender portal, if you want to call it that.
All those signals are all coming into one place within Defender, and what you have now with some of the additional licensing is a lot of automation. Because you get so much information and rather than having a person filter through all of that information, try and pull out, which ones a real threat and which ones aren’t. To help with that, Microsoft, what they call automated investigation and response capabilities. A lot of those signals that come in can actually be analyzed and dealt with, mitigated and solved automatically. That’s the only way to do it. Looking at them all, it’s kind of like a replacement, a potential replacement for a security analyst.
Robert: That’s a dangerous word to go off on, but unfortunately, that is our time today. Jonathan, thank you very much, once again, for joining me especially on this special episode of the late night gin.
If there’s any questions, all of our contact is below. Otherwise, I hope to see you again for the next episode. Cheers, mate, thanks for joining me.
Jonathan: Thanks for having me.
In conclusion, we’ve explored the diverse and powerful realms covered by Microsoft Defender in this Late Night Brew episode. From endpoint protection to identity management, and from email collaboration to cloud application security, Microsoft Defender safeguards your digital landscape with precision and automation. To learn more about our comprehensive suite of solutions and watch other exciting Late Night Brew episodes, visit us at Contact Us and catch up on all the Late Night Brew episodes. Stay secure and stay tuned for our next informative session.
