Microsoft Defender Threat Intelligence should integrate with different platforms.
Senior Technology Consultant at SoftwareONE
Comes as part of the system and deployment depends on infrastructure complexity
Pros and Cons
- "I rate the tool's stability a ten out of ten."
- "Microsoft Defender Threat Intelligence should integrate with different platforms."
What needs improvement?
What do I think about the stability of the solution?
I rate the tool's stability a ten out of ten.
How was the initial setup?
The tool's deployment depends on the infrastructure's complexity. I do the deployment for my customers.
What other advice do I have?
Microsoft Defender Threat Intelligence is part of the system. I rate it a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System and network security engineer at Central Bank of Nigeria
Assesses machines for vulnerabilities and gives remediations
Pros and Cons
- "Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations."
- "The tool's onboarding of users that use on-premise or hybrid environments needs to be improved."
What is our primary use case?
We use Microsoft Defender Threat Intelligence for security. It alerts us on anomalies.
What is most valuable?
Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations.
What needs improvement?
The tool's onboarding of users that use on-premise or hybrid environments needs to be improved.
For how long have I used the solution?
I have been using the product for six years.
What do I think about the stability of the solution?
I rate the product's stability a nine out of ten.
What do I think about the scalability of the solution?
Microsoft Defender Threat Intelligence is scalable. My company has 7000 users for it.
How was the initial setup?
Microsoft Defender Threat Intelligence's deployment is not straightforward.
What was our ROI?
We have seen ROI with the product's use.
What's my experience with pricing, setup cost, and licensing?
The tool is expensive as a stand-alone solution. However, it is not cheap when you purchase it as a bundle.
What other advice do I have?
I rate Microsoft Defender Threat Intelligence a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Microsoft Defender Threat Intelligence
December 2024
Learn what your peers think about Microsoft Defender Threat Intelligence. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Testing and Production Engineer at a tech services company with 51-200 employees
Offers a scalable solution that can be managed without the need for extensive infrastructure handling
Pros and Cons
- "Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats."
- "One area that can be improved is reducing false positives."
What is our primary use case?
In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance, Cisco TALOS is another example.
We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds.
In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.
What is most valuable?
Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats.
The vast amount of threat data that Microsoft gathers globally is a significant advantage. It's built into their protection mechanisms and helps us stay ahead of emerging threats.
What needs improvement?
One area that can be improved is reducing false positives. They could be more finely tuned. For instance, if we see regular alerts from an IP that isn't malicious, we modify those rules and hunt things to ensure we don't produce more false positives. We do fine-grain the environment. Some procedures could be more refined to reduce these false positives. That's a basic issue I've seen with Microsoft products.
For how long have I used the solution?
In terms of Microsoft, almost all Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, and Defender for Cloud, all of these are within the Microsoft ecosystem. I work in a complete Microsoft environment.
So, starting from Sentinel, all these Defender products come together. We also integrate data from third-party products like firewalls. Essentially, we create a SOC scenario to onboard SOC services based on different products or services.
I typically work on onboarding SOC services for multiple clients, including Cybercon, cloud security personal management, and cloud security assessment, among other things.
What do I think about the scalability of the solution?
Scalability is well-managed in Microsoft Defender Threat Intelligence. It's a built-in service that doesn't require us to handle the underlying infrastructure. When we use it as a service from a public cloud provider, they take care of the infrastructure management.
If we were to configure it ourselves, we'd need to set up servers, ensure high availability, and enhance security with load balancers and firewalls.
However, when using managed services from providers, we don't have to concern ourselves with the underlying infrastructure. So, it's a matter of choice.
If I were to set it up independently, I'd ensure high availability, robust security measures, and efficient load balancing. But if we opt for managed services, there's no need to deal with the infrastructure intricacies. It really depends on our specific needs and preferences.
How are customer service and support?
The customer service and support are a bit hard to reach. It's sometimes really hard to get a hold of them.
How would you rate customer service and support?
Neutral
How was the initial setup?
Setting up the SOC service from scratch requires a great amount of familiarity, experience, and visibility in the cybersecurity space. You need to understand coverage for identity, applications, endpoints, networks, and more.
There's the task of understanding the umbrella and defining the architecture, whether it's multi-tenant or single-tenant, and how it's user-based.
It's complex, especially when onboarding from scratch. So, these kinds of things I do on a regular basis, so I would say making the architecture, defining the coverage thing, tune-up the customer environment, and setting up another 24/7 monitoring service. It's a job which requires a lot of experience and skills.
Given the intricacies and the experience needed, I would rate it as an eight out of ten in terms of complexity.
What about the implementation team?
The deployment duration varies. For Threat Intelligence, it also depends on the platform and the integration data connector you have. If you factor in the entire setup of SOC services, it can take a while. It depends on the number of users, the licenses, and network devices.
If we're talking about just Threat Intelligence, are they integrating only paid sources, or are they using open source or creating their own Threat Intelligence? So, taking all those things into account, it takes a fair amount of time to get everything up and running in terms of SOC services.
What other advice do I have?
The overall product is very good. I've worked with multiple operations using Microsoft's security suite, including Defender. Threat Intelligence is nice. It's flagged numerous security vulnerabilities, even some zero-days. Comparing it to other solutions, it often outperforms.
Overall, I would rate the solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Manager Security Division at Virtual-IT
Beneficial in GRC model but continuous rebranding and licensing changes can be confusing
Pros and Cons
- "You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model."
- "Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing."
What needs improvement?
Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing.
What do I think about the stability of the solution?
Microsoft Defender Threat Intelligence has stability issues. Microsoft is trying to make everyone switch from Windows 10 to Windows 11. They patch twice a month.
What do I think about the scalability of the solution?
The tool's scalability is not an issue. We have around 650 users.
How was the initial setup?
The tool's deployment can be good, but maintenance can be heavy.
What other advice do I have?
You must first define the risk or threat and use the solution to mitigate them. You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model. I rate it a six out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Project Manager at a tech services company with 11-50 employees
Offers endpoint protection from malware
Pros and Cons
- "The product is useful when the end user downloads malware files."
- "Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties."
What is our primary use case?
The solution provides endpoint protection from malware.
What is most valuable?
The product is useful when the end user downloads malware files.
What needs improvement?
Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties.
For how long have I used the solution?
I have been using the product for two years.
What do I think about the stability of the solution?
I rate Microsoft Defender Threat Intelligence's stability a nine out of ten.
How are customer service and support?
My experience with the support team is not good. It takes ages for them to respond.
What other advice do I have?
I rate Microsoft Defender Threat Intelligence a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
The solution is affordable and easy to set up
What needs improvement?
Improvements could be made in updating and transitioning to the cloud, enhancing internet security, and aligning with customer requirements. The stability of the solution could be improved.
For how long have I used the solution?
I have been using the solution for the past ten years.
What do I think about the stability of the solution?
The solution is generally stable. The stability could be improved.
What do I think about the scalability of the solution?
The solution is scalable. We have 350 users.
How was the initial setup?
The initial setup was straightforward. The deployment process involves licensing, deployment services, engaging with the customer to finalize the design, conducting training, tuning, and ultimately handing over to the IT team.
What's my experience with pricing, setup cost, and licensing?
The pricing is cheaper compared to its competitors.
What other advice do I have?
I recommend using the solution and rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Microsoft Defender Threat Intelligence Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Advanced Threat Protection (ATP) Threat Intelligence Platforms Microsoft Security SuitePopular Comparisons
Microsoft Defender for Office 365
Palo Alto Networks VM-Series
Buyer's Guide
Download our free Microsoft Defender Threat Intelligence Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How much do independent test results affect your security purchases?
- Holding Security Vendors Accountable
- What can businesses do to improve their security posture?
- When evaluating Advanced Threat Protection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- Compromise Assessment vs Threat Hunting
- What are the main evaluation criteria for you when choosing the right vendor for brand protection services?
- Why is ATP (Advanced Threat Protection) important for companies?