Microsoft Defender for Endpoint
Microsoft Defender for Endpoint (MSDE) is a platform designed to help enterprise networks protect endpoints, by preventing, detecting, investigating, and responding to advanced threats.
There are seven pillars to Microsoft Defender for Endpoint (MSDE):
- Threat & vulnerability management – Threat and vulnerability management is a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. It uses sensors on devices to avoid the need for agents or scans and prioritizes vulnerabilities.
- Attack surface reduction – Attack surface reduction reduces the places where your organization is vulnerable to cyberthreats and attacks. You can ensure that only allowed apps can run and prevent apps from accessing dangerous locations.
- Next Generation protection – Microsoft Defender Antivirus is the next-generation protection component of MSDE. Next-generation protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your enterprise organization.
- Endpoint detection and response – MSDE endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts, gain visibility into the full scope of a breach, and take response actions to remediate threats.
- Automated investigation & remediation – The automated investigation feature uses various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces the volume of alerts that must be investigated individually.
- Microsoft Threat Experts – Microsoft Threat Experts is a managed threat hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
- Management & APIs – Besides providing a comprehensive and robust endpoint protection solution in its own right, Microsoft Defender for Endpoint provides APIs to integrate with other solutions.