Threat Intelligence is a modern antivirus XDR solution that we use to protect the environment, identities, data, and endpoints from attacks.
Partner / Consultant at Procomix
A solution with a variety of applications bolstered by strong features and functionality
Pros and Cons
- "I value how Threat Intelligence integrates with the different platforms in Microsoft."
- "I would like to see more AI features and capabilities."
What is our primary use case?
How has it helped my organization?
It was an excellent tool for its covered area and protected data, applications and controlled user access remotely.
What is most valuable?
I value how Threat Intelligence integrates with the different platforms in Microsoft.
What needs improvement?
I would like to see more AI features and capabilities.
Buyer's Guide
Microsoft Defender Threat Intelligence
November 2024
Learn what your peers think about Microsoft Defender Threat Intelligence. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
For how long have I used the solution?
I've been providing the solution to customers for a little over two years.
What do I think about the stability of the solution?
I rate Microsoft Defender Threat Intelligence's stability a ten out of ten.
What do I think about the scalability of the solution?
I rate Microsoft Defender Threat Intelligence's scalability a ten out of ten. We have about 50 customers using the solution.
How are customer service and support?
The technical support for Threat Intelligence is very good.
Which solution did I use previously and why did I switch?
We have previously tried Trend Micro Palo Alto CrowdStrike and several others. We chose Microsoft Defender Threat Intelligence because it has more features and functionalities, is more effective with attacks, and integrates better with different platforms, especially Sentinel, which helped us build a SOC. Threat Intelligence has better reactivity, too, so this solution was what we needed. The other solutions were a bit more complicated and had limitations.
Another interesting thing was how the solution had other data applications, not only endpoints but also identity and so on.
How was the initial setup?
The initial setup is not complicated at all. Threat Intelligence is something engineers can develop and deploy properly. However, the initial setup's difficulty depends on the experience the engineers have with the cases that they need to deploy for, and this is where the skills come into play.
The time taken to deploy the solution depends really on the scenarios. And besides this company, we deployed the solution for small projects, which took less than ten days. There is also integration with Sentinel and third-party tools, so the time to deploy Threat Intelligence depends on what's needed. The deployment, when compared to other solutions, Is not complicated and does not take much time.
What's my experience with pricing, setup cost, and licensing?
The solution can be licensed, but most users would already have it in their Office 365 license. They just need to use it. The solution is very cost-effective and not expensive compared to what other vendors provide. Since the solution is part of a bigger bundle, customers would not have to pay extra.
What other advice do I have?
I rate Microsoft Defender Threat Intelligence a ten out of ten. People planning to implement this solution can confidently choose it. I wouldn't hesitate a minute to renew my license because it's very cost-effective and rich in functionalities. It has more features than other vendors' applications.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Testing and Production Engineer at a tech services company with 51-200 employees
Offers a scalable solution that can be managed without the need for extensive infrastructure handling
Pros and Cons
- "Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats."
- "One area that can be improved is reducing false positives."
What is our primary use case?
In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance, Cisco TALOS is another example.
We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds.
In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.
What is most valuable?
Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats.
The vast amount of threat data that Microsoft gathers globally is a significant advantage. It's built into their protection mechanisms and helps us stay ahead of emerging threats.
What needs improvement?
One area that can be improved is reducing false positives. They could be more finely tuned. For instance, if we see regular alerts from an IP that isn't malicious, we modify those rules and hunt things to ensure we don't produce more false positives. We do fine-grain the environment. Some procedures could be more refined to reduce these false positives. That's a basic issue I've seen with Microsoft products.
For how long have I used the solution?
In terms of Microsoft, almost all Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, and Defender for Cloud, all of these are within the Microsoft ecosystem. I work in a complete Microsoft environment.
So, starting from Sentinel, all these Defender products come together. We also integrate data from third-party products like firewalls. Essentially, we create a SOC scenario to onboard SOC services based on different products or services.
I typically work on onboarding SOC services for multiple clients, including Cybercon, cloud security personal management, and cloud security assessment, among other things.
What do I think about the scalability of the solution?
Scalability is well-managed in Microsoft Defender Threat Intelligence. It's a built-in service that doesn't require us to handle the underlying infrastructure. When we use it as a service from a public cloud provider, they take care of the infrastructure management.
If we were to configure it ourselves, we'd need to set up servers, ensure high availability, and enhance security with load balancers and firewalls.
However, when using managed services from providers, we don't have to concern ourselves with the underlying infrastructure. So, it's a matter of choice.
If I were to set it up independently, I'd ensure high availability, robust security measures, and efficient load balancing. But if we opt for managed services, there's no need to deal with the infrastructure intricacies. It really depends on our specific needs and preferences.
How are customer service and support?
The customer service and support are a bit hard to reach. It's sometimes really hard to get a hold of them.
How would you rate customer service and support?
Neutral
How was the initial setup?
Setting up the SOC service from scratch requires a great amount of familiarity, experience, and visibility in the cybersecurity space. You need to understand coverage for identity, applications, endpoints, networks, and more.
There's the task of understanding the umbrella and defining the architecture, whether it's multi-tenant or single-tenant, and how it's user-based.
It's complex, especially when onboarding from scratch. So, these kinds of things I do on a regular basis, so I would say making the architecture, defining the coverage thing, tune-up the customer environment, and setting up another 24/7 monitoring service. It's a job which requires a lot of experience and skills.
Given the intricacies and the experience needed, I would rate it as an eight out of ten in terms of complexity.
What about the implementation team?
The deployment duration varies. For Threat Intelligence, it also depends on the platform and the integration data connector you have. If you factor in the entire setup of SOC services, it can take a while. It depends on the number of users, the licenses, and network devices.
If we're talking about just Threat Intelligence, are they integrating only paid sources, or are they using open source or creating their own Threat Intelligence? So, taking all those things into account, it takes a fair amount of time to get everything up and running in terms of SOC services.
What other advice do I have?
The overall product is very good. I've worked with multiple operations using Microsoft's security suite, including Defender. Threat Intelligence is nice. It's flagged numerous security vulnerabilities, even some zero-days. Comparing it to other solutions, it often outperforms.
Overall, I would rate the solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Microsoft Defender Threat Intelligence
November 2024
Learn what your peers think about Microsoft Defender Threat Intelligence. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Manager Security Division at Virtual-IT
Beneficial in GRC model but continuous rebranding and licensing changes can be confusing
Pros and Cons
- "You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model."
- "Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing."
What needs improvement?
Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing.
What do I think about the stability of the solution?
Microsoft Defender Threat Intelligence has stability issues. Microsoft is trying to make everyone switch from Windows 10 to Windows 11. They patch twice a month.
What do I think about the scalability of the solution?
The tool's scalability is not an issue. We have around 650 users.
How was the initial setup?
The tool's deployment can be good, but maintenance can be heavy.
What other advice do I have?
You must first define the risk or threat and use the solution to mitigate them. You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model. I rate it a six out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Technology Consultant at SoftwareONE
Comes as part of the system and deployment depends on infrastructure complexity
Pros and Cons
- "I rate the tool's stability a ten out of ten."
- "Microsoft Defender Threat Intelligence should integrate with different platforms."
What needs improvement?
Microsoft Defender Threat Intelligence should integrate with different platforms.
What do I think about the stability of the solution?
I rate the tool's stability a ten out of ten.
How was the initial setup?
The tool's deployment depends on the infrastructure's complexity. I do the deployment for my customers.
What other advice do I have?
Microsoft Defender Threat Intelligence is part of the system. I rate it a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
The solution is affordable and easy to set up
What needs improvement?
Improvements could be made in updating and transitioning to the cloud, enhancing internet security, and aligning with customer requirements. The stability of the solution could be improved.
For how long have I used the solution?
I have been using the solution for the past ten years.
What do I think about the stability of the solution?
The solution is generally stable. The stability could be improved.
What do I think about the scalability of the solution?
The solution is scalable. We have 350 users.
How was the initial setup?
The initial setup was straightforward. The deployment process involves licensing, deployment services, engaging with the customer to finalize the design, conducting training, tuning, and ultimately handing over to the IT team.
What's my experience with pricing, setup cost, and licensing?
The pricing is cheaper compared to its competitors.
What other advice do I have?
I recommend using the solution and rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Project Manager at a tech services company with 11-50 employees
Offers endpoint protection from malware
Pros and Cons
- "The product is useful when the end user downloads malware files."
- "Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties."
What is our primary use case?
The solution provides endpoint protection from malware.
What is most valuable?
The product is useful when the end user downloads malware files.
What needs improvement?
Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties.
For how long have I used the solution?
I have been using the product for two years.
What do I think about the stability of the solution?
I rate Microsoft Defender Threat Intelligence's stability a nine out of ten.
How are customer service and support?
My experience with the support team is not good. It takes ages for them to respond.
What other advice do I have?
I rate Microsoft Defender Threat Intelligence a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Microsoft Defender Threat Intelligence Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Advanced Threat Protection (ATP) Threat Intelligence Platforms Microsoft Security SuitePopular Comparisons
Microsoft Defender for Office 365
Palo Alto Networks VM-Series
Buyer's Guide
Download our free Microsoft Defender Threat Intelligence Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How much do independent test results affect your security purchases?
- Holding Security Vendors Accountable
- What can businesses do to improve their security posture?
- When evaluating Advanced Threat Protection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- Compromise Assessment vs Threat Hunting
- What are the main evaluation criteria for you when choosing the right vendor for brand protection services?
- Why is ATP (Advanced Threat Protection) important for companies?