Introducing the Grand Finale of Late Night Brew’s Ultimate Defender Series! Join Robert and Jon as they bid farewell to this captivating series with a special touch – ditching the traditional beer for unique cocktails. In this concluding episode, they delve into the Defender portal, exploring operational actions and discussing how organizations can leverage automation within the Defender Suite to streamline security processes, reduce noise, and ultimately enhance efficiency. It’s a toast to the power of automation and a strategic approach to cybersecurity.
TIMESTAMP
00:07 – Introduction
00:40 – The Brew
01:47 – What can you do on the Defender portal?
04:26 – What other reporting are you able to get from the portal?
Introduction
Robert Buktenica: Hello, everyone, and welcome to the final episode of Late Night Brew, ultimate Defender series, which of course, we’ll get to after where we talk about the most important thing. Joining me, once again, as always, to round out this wonderful series, Jon, welcome back, Sir.
Jonathan Hazelden: Hey, Buck, thanks for having me again.
Robert: Of course, I am excited as much as it saddens me that this is our final episode of the series. I’ve been loving these sessions.
The Brew
Robert: Now, what brew are you having with me for this final episode? I hope it’s something special.
Jonathan: Lucky, you asked. Yes, it is something special. I have my favorite cocktail of all times, which is an old-fashioned. It’s made with Woodford Reserve bourbon which is, from my experience, I found is one of the best.
Robert: Very nice, I love me and old-fashioned, so I can appreciate that. I too, we may have coordinated beforehand, I have a mixed drink, a Negroni, actually. It’s a small distillery in South Carolina, Rotten Little Bastard, which is what his mother used to call him so that’s why he decided to name his distillery after that. I love.
Jonathan: I love it.
Robert: I’m pretty sure, someone will correct me if I’m wrong, that this is the first time I’ve not had a beer on a Late Night Brew. We’re doing Late Night still tonight.
Jonathan: Sounds good to me.
What can you do on the Defender portal?
Robert: We are still talking about and going into the Defender portal. With this one, we’re focusing on, of course, most important thing, what operational actions, what can you do in the portal, what changes can you affect?
Jonathan: When you look at the Defender portal, it integrates all the Defender products, they’re in that suite, in one single pane. You’ve got Defender for endpoint, the cloud apps, the identities, Defender for 365 which is your email and collaboration. You’re able to configure and utilize those kind of almost like individually from an administrative point of view.
Where it brings it all together, you’ve got things like the alerts and the incidents and threat analytics. That’s really where you want to start looking at your threats or your alerts. That’s the place to start and that will amalgamate all of them. Whether the signal has come from an endpoint or it’s come from identity, or it’s come from an email, they’ll just be all in one single place.
The alerts are like aggregated into an incident, and that gives you the whole timeline of what’s happened, whether it’s an email or a device, or the users that are involved, or it’s multiple devices that have been affected by one alert, it’s aggregated into an incident. That’s where you can see what’s going on and then start taking action like assigning it, changing the status, managing the device, whether you want to take the device offline. There’s multiple actions that you can take.
Robert: That nice single pane of glass for viewing. Combining all of the alerts and such into an incident for that single one, it makes me kind of chuckle like, “Look, you can see here, this is where the person clicked the link and here’s where it spread.”
Jonathan: That’s the beauty of it. You get overwhelmed, you can get overwhelmed. Organizations get overwhelmed by the amount of signals that are coming in from all those different products. It’s kind of looking through the noise to try and determine which ones are the ones you really need to focus on.
How can an organization benefit from this?
Robert: Right, which is a really good leading, keep leading for your next questions, right? How can organizations benefit from this, are they going to get time back, how is it going to help build their efficiencies?
Jonathan: The Defender Suite is a huge, it’s a huge product set. There’s a lot to know. Investing in training, initially, is always a good thing. Depending on your level of experience, maybe you work in a soc, or maybe you’re not a security analyst but you’re an infrastructure analyst but you’ve got to deal with the security side of it.
I think investing in training is key, initially, but then the big thing after that, is automation, because of all these signals that are coming in from all over the place, and there’s lots of them. Utilizing the automation the Defender can provide, is definitely the best way that organizations can get time back.
Essentially, almost have themselves a security analyst which is just using Defender and using the automation.
Robert: Right, because that is the– That last piece, if I’m remembering my Defender correctly, that’s the automated incident response portion of the portal?
Jonathan: Yes, absolutely. That can take an alert or an incident from when it’s created all the way through to resolution. You can still go in and see what it’s done. You can see timeline, you can see what was impacted, and it could take you all the way from seeing your alert that’s created as new alert or new incident all the way to showing the status is resolved.
They can’t do it for every single alert and every single incident, and every single kind of attack, but it can do it for a lot of them, so massively reduce that noise and that time it takes to do this manually.
Robert: Automation, I’m a huge fan of it. That’s one of the most beautiful things about the Cloud. There’s plenty of areas where– at least, when I talk to my customers, and I really highlight the benefit of, “Hey, take a look, if you set this up in this way and have this action, you can basically from start to finish, resolve an issue and you won’t even know about it because you’ve told it to take handle.” You know, take care of it for you, it’s awesome.
Jonathan: I agree, I was just going to say, yes, so then you can focus your time on things which are worthy of your time.
Robert: Strategic.
Jonathan: Yes, because some of the alerts and incidents you get will be repetitive and it will be the same thing over and over. Rather than trying to resolve it manually, why not push that to automation, and then focus on maybe the more complex tasks.
Robert: Right. On that awesome automated note, that wasn’t very automated, that is unfortunately our time and it wraps up this series. If you have any other questions, if you want to deep dive into any of these topics that we talked about, please reach out to us, our contact info is below. We really hope to hear from you.
I hope you’ve enjoyed this series, and I’m looking forward to more. Jon, until our next episode, mate, with your next topic, cheers, Sir.
Jonathan: Yes.
Robert: Congratulations on a successful series.
Jonathan: Thanks for having me, I’ve loved it.
Ready to fortify your cybersecurity strategy? Dive deeper into the world of Microsoft Defender for Endpoint with our comprehensive ebook, “The Complete Guide to Microsoft Defender for Endpoint.” Equip yourself with invaluable insights and strategies to enhance your organization’s defense against cyber threats. Plus, if you have any specific questions or need personalized guidance, don’t hesitate to contact us.
