Microsoft Defender Threat Intelligence Reviews

The solution is one suite covering everything from email protection to threat intelligence and vulnerability scanning. Microsoft keeps adding more features to the tool, and through one interface, you can see the whole attack path, the assets involved, and the users involved. It's a very good product if you're using mainly Microsoft products. Most of our machines are Microsoft Windows and Microsoft Windows servers.

I would like to see more frequent updates, which is always better for security because of daily threats.

Since it's cloud-based, the tool is mostly available. If an on-premises solution goes down, it only affects a few people, but if a cloud solution is down, it affects most customers. So, Microsoft is investing a lot in the stability and resilience of the solution. Microsoft Defender Threat Intelligence is a very stable solution.

Microsoft Defender Threat Intelligence is a scalable solution. You just keep installing agents on the extra new machines in your network, and it automatically starts working. Around 100 users are using the solution in our organization.

We have a support structure not directly with Microsoft but with one local vendor who has partnered with Microsoft. Their knowledge base, information, and training are all very good.

I have previously worked with Sophos.

The solution's initial setup is straightforward.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a six or seven out of ten.

Since the solution is more linked with Microsoft products, it gives you notifications of vulnerabilities, threats, or attacks happening currently. It flags them, and you can break them down to learn which asset or process started it. You can configure the product to report the same situation or similar alerts as false positives and not flag them. They are part of the business application

You can apply these rules to all the machines in the network because you would have similar users on other machines doing the same thing. If you see a threat or suspicious action, you can configure the tool to block the whole thing and apply the same rule on all the machines.

Microsoft is the market leader, and it's already innovating, adding more features, and integrating everything with its other products. The solution provides value for money. Microsoft had a different version for small licenses and introduced a new licensing structure so that small companies could have additional features at less cost. Otherwise, they would have to buy a really expensive license for big organizations.

Microsoft brought additional features into a small license for small and medium businesses. Microsoft keeps adding value to its products.

With Microsoft Defender Threat Intelligence, you have one product and one console to see everything. You don't have to buy multiple products to look at different security aspects. Microsoft keeps adding features to the product that are more than enough to monitor your entire suite.

Users have to learn the product and get free training and certification. It's always better to have training provided by the vendor. Very few market leaders invest in providing training.

Overall, I rate the solution a nine out of ten.

We use Microsoft Defender Threat Intelligence for security. It alerts us on anomalies. 

Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations. 

The tool's onboarding of users that use on-premise or hybrid environments needs to be improved. 

I have been using the product for six years. 

I rate the product's stability a nine out of ten. 

Microsoft Defender Threat Intelligence is scalable. My company has 7000 users for it. 

Microsoft Defender Threat Intelligence's deployment is not straightforward. 

We have seen ROI with the product's use. 

The tool is expensive as a stand-alone solution. However, it is not cheap when you purchase it as a bundle. 

I rate Microsoft Defender Threat Intelligence a nine out of ten. 

In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance,  Cisco TALOS is another example. 

We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds. 

In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.

Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats. 

The vast amount of threat data that Microsoft gathers globally is a significant advantage. It's built into their protection mechanisms and helps us stay ahead of emerging threats.

One area that can be improved is reducing false positives. They could be more finely tuned. For instance, if we see regular alerts from an IP that isn't malicious, we modify those rules and hunt things to ensure we don't produce more false positives. We do fine-grain the environment. Some procedures could be more refined to reduce these false positives. That's a basic issue I've seen with Microsoft products.

In terms of Microsoft, almost all Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, and Defender for Cloud, all of these are within the Microsoft ecosystem. I work in a complete Microsoft environment. 

So, starting from Sentinel, all these Defender products come together. We also integrate data from third-party products like firewalls. Essentially, we create a SOC scenario to onboard SOC services based on different products or services. 

I typically work on onboarding SOC services for multiple clients, including Cybercon, cloud security personal management, and cloud security assessment, among other things.

Scalability is well-managed in Microsoft Defender Threat Intelligence. It's a built-in service that doesn't require us to handle the underlying infrastructure. When we use it as a service from a public cloud provider, they take care of the infrastructure management. 

If we were to configure it ourselves, we'd need to set up servers, ensure high availability, and enhance security with load balancers and firewalls. 

However, when using managed services from providers, we don't have to concern ourselves with the underlying infrastructure. So, it's a matter of choice. 

If I were to set it up independently, I'd ensure high availability, robust security measures, and efficient load balancing. But if we opt for managed services, there's no need to deal with the infrastructure intricacies. It really depends on our specific needs and preferences.

The customer service and support are a bit hard to reach. It's sometimes really hard to get a hold of them.

Neutral

Setting up the SOC service from scratch requires a great amount of familiarity, experience, and visibility in the cybersecurity space. You need to understand coverage for identity, applications, endpoints, networks, and more. 

There's the task of understanding the umbrella and defining the architecture, whether it's multi-tenant or single-tenant, and how it's user-based. 

It's complex, especially when onboarding from scratch. So, these kinds of things I do on a regular basis, so I would say making the architecture, defining the coverage thing, tune-up the customer environment, and setting up another 24/7 monitoring service. It's a job which requires a lot of experience and skills.

Given the intricacies and the experience needed, I would rate it as an eight out of ten in terms of complexity.

The deployment duration varies. For Threat Intelligence, it also depends on the platform and the integration data connector you have. If you factor in the entire setup of SOC services, it can take a while. It depends on the number of users, the licenses, and network devices. 

If we're talking about just Threat Intelligence, are they integrating only paid sources, or are they using open source or creating their own Threat Intelligence?  So, taking all those things into account, it takes a fair amount of time to get everything up and running in terms of SOC services.  

The overall product is very good. I've worked with multiple operations using Microsoft's security suite, including Defender. Threat Intelligence is nice. It's flagged numerous security vulnerabilities, even some zero-days. Comparing it to other solutions, it often outperforms. 

Overall, I would rate the solution a nine out of ten.

Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing. 

Microsoft Defender Threat Intelligence has stability issues. Microsoft is trying to make everyone switch from Windows 10 to Windows 11. They patch twice a month. 

The tool's scalability is not an issue. We have around 650 users. 

The tool's deployment can be good, but maintenance can be heavy. 

You must first define the risk or threat and use the solution to mitigate them. You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model. I rate it a six out of ten. 

Improvements could be made in updating and transitioning to the cloud, enhancing internet security, and aligning with customer requirements. The stability of the solution could be improved.

I have been using the solution for the past ten years.

The solution is generally stable. The stability could be improved.

The solution is scalable. We have 350 users.

The initial setup was straightforward. The deployment process involves licensing, deployment services, engaging with the customer to finalize the design, conducting training, tuning, and ultimately handing over to the IT team.

The pricing is cheaper compared to its competitors.

I recommend using the solution and rate it an eight out of ten.

The solution provides endpoint protection from malware. 

The product is useful when the end user downloads malware files. 

Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties.

I have been using the product for two years. 

I rate Microsoft Defender Threat Intelligence's stability a nine out of ten. 

My experience with the support team is not good. It takes ages for them to respond. 

I rate Microsoft Defender Threat Intelligence a seven out of ten.