Welcome to another episode of the Late Night Brew! In this installment, join Robert and Jon as they discuss the Defender portal’s capabilities over a delightful selection of brews. The duo delves into the Defender portal’s role in enhancing security teams’ ability to investigate and respond to attacks, providing a centralized view of signals from various workloads. From incident tracking to customizable reports, discover how Defender offers a comprehensive security solution. Stay tuned for the exciting conclusion to the ultimate Defender series in the upcoming episode!
TIMESTAMP
00:07 – Introduction
00:3 – The Brew
01:32 – What are the capabilities of the Defender portal?
03:56 – What other reporting are you able to get from the portal?
Introduction
Robert Buktenica: Hello, everyone, and welcome to another episode of the Late Night Brew, where we talk to brews first, then we get around what we’re supposed to after the fact. Joining me, once again, in the next episode of this series, Jon, welcome back, my friend.
The Brew
Robert: Today, before we jump into what you can do or see in the Defender portal, you know the drill well enough, what brew are you having with me today?
Jonathan: I bought something slightly different. I’ve got a, it’s called Inch’s, medium cider that’s grown with local apples within forty miles of their mill. Sounds pretty natural, pretty good.
Robert: That’s beauty. You’re elevating the show by a lot. Opposed to me, I have a Grapefruit Radler from Paulaner. It’s lovely, little light two percenter to get going. It’s good though, I quite enjoy it.
Jonathan: Yes, Radlers. I do like a Radler.
Robert: They’re fantastic. It was revolutionary for me when I discovered them, I was like, “Oh, these are a thing? Oh my God.” All right, Sir, on that terrible trip down memory lane,
What are the capabilities of the Defender portal?
Robert: What are the capabilities of the Defender portal?
Jonathan: The Defender portal, essentially, it helps security teams investigate and respond to attacks. It brings signals in from various different workloads into one central area that you can-
Robert: Single pane of glass?
Jonathan: Yes, essentially, from the different aspects of Defender, so the endpoints, the identity, the Cloud apps, the email collaboration, stuff like that. Just also to elaborate a little bit, there’s a multitude of different panes that you can look at. There’s incidents and alerts, and essentially that’s your place to go and review those incidents, review those alerts.
An incident is really a combination of alerts, generally. The difference is an alert is single thing. It’s like a single event, whereas an incident is either like a collection of alerts that impacts one or more devices, or one or more users. It gives you that sort of end-to-end visibility of what they call the attack chain. It gives you like a story of what happened.
Robert: It’s like these two hundred users all got the same phishing email to try to, you know what I mean. They got these two hundred users, all got the same phishing email, you can track what happened, you can view and you can see if it’s continuing, if it’s being handled, all of that.
Jonathan: Yes, that’s exactly it. And what it does is it will give you that, they call it it’s like a story. Say a user or users receive the phishing email, but then maybe that one, a user or multiple users clicked on that, and that took to me to a website, and then they downloaded a virus, and then the virus ran on their machine, and you literally see each of those steps within the incident.
What other reporting are you able to get from the portal?
Robert: Very nice. Now, on that, and seeing the story, one thing organizations are always concerned about or want to know is, what kind of reporting. You’ve already talked about the stories and that, what other reporting are you able to get from the portal?
Jonathan: It’s kind of general. Admins can start by looking at general security reports, and then they can branch out into more specific reports about certain aspects of Defender, so endpoints, email collaboration, identity. There is a bit of customization that you can do, but there’s quite a few recommended reports.
Another thing which is not necessarily a report, but the homepage itself gives you a really nice view of what they call like common cards, so security teams can look at those cards and kind of get a very quick overview of what’s going on in the organization. A card might be their secure score or it might be devices that are not compliant, or it might be users that are high risk. You can customize that as well.
As much as it’s not a report, it kind of does give you some–
Robert: Visibility?
Jonathan: Visibility, yes. It’s essentially updated all the time, so it’s a really good place to look.
Robert: That’s awesome. Well, that is unfortunately our time as well for today. If you want to know more, as always, please feel free to reach out, informations’ below. We are approaching the end of the series, I think we have one episode left after this, if I’m not mistaken. Please stay tuned and catch the exciting conclusion to the ultimate Defender series.
Jon, as always, thank you very much and have a great rest of your day, mate. Cheers.
Jonathan: No problem, cheers, Buck.
Explore the full potential of Microsoft Defender for Endpoint with our comprehensive guide – “The Ultimate Guide to Microsoft Defender for Endpoint.” Gain valuable insights into maximising your security capabilities. For any questions or further assistance, contact us, your trusted cybersecurity partner. Elevate your defense strategy today!
