Microsoft Defender Threat Intelligence Reviews

We've used it in many different scenarios, including enterprise and SMB - all kinds of different situations.

It really depends on how people want to receive their threat intel. Most people want to keep it in Microsoft using the Defender console. Some people just ask to fill in Sentinel and integrate it with Azure Sentinel. Some people want those events going into their SIM. We've had all of the above use cases.

One of the most valuable aspects is that Defender is a native Microsoft solution. 

You own your own data. With CrowdStrike and Rapid7, and other products, your log data leaves your tenant, it goes into their system, and they produce the analysis on their technology. Therefore, although you're running the agent instead of giving them the signals, you're really giving up a lot of your data for their own personal gain. Defender's biggest competitive advantage is that your data stays within your tenant, and you own it.

It naturally keeps getting better and better. They have a very transparent roadmap for the product. We don't have any concerns or complaints. Defender exceeds expectations, especially for someone who's flipping from CrowdStrike or Falcon XR. This is night and day.

We are using Microsoft Defender ATP specifically as an email security solution, as well as for our critical servers as a web security solution. We have almost eleven hundred users utilizing it for email security.

One of the best features is that it provides a certain level of customization, allowing us to set our spam confidence levels. It also captures phishing and scam emails and protects the environment at a tenant level. 

The customization, spam confidence level, and email security are robust. The solution can quarantine certain emails using Threat Intelligence and allows users to release emails from quarantine themselves. 

If a new phishing attack is detected, users can report it, enabling the solution to analyze and take corrective actions.

The primary use case for Microsoft Defender Threat Intelligence is to serve as a standard antivirus and firewall within the organization. Additionally, there's a focus on email security by leveraging cloud-based solutions like Mimecast. This setup is crucial for safeguarding against malicious threats originating from external sources.

The platform's most valuable features are sandboxing and USTX-based functionality. Sandboxing allows for comprehensive analysis of suspicious files and code behavior in a controlled environment rather than solely relying on threat blocklists. It thoroughly examines files, unpacks them, and observes code behavior. If anything suspicious is detected, the system automatically quarantines it in a sandbox to assess its actions, limiting potential damage and enabling effective fraud detection.

Microsoft Defender Threat Intelligence is used by a lot of companies to cover areas like endpoint protection, cloud workloads, and Microsoft Office 365, making it a full-blown product.

The most valuable feature of the solution is that the tool offers not just one but all of its features or tools to the companies where it is used.

The solution blocks incoming threats on the local PC or any cloud-based threats. The solution allows us to have information in advance about any upcoming threats. It may be detected on one user but could spread across multiple users.

The solution could be more stable and precise because, at times, the threats detected are not legitimate.

I use the solution in my company since, overall, it is a good tool. You get good insights and details with the product. With the tool, you have good visibility over the underlying vulnerabilities in your environment, so you can act within the time for its remediation and align your vulnerability patching based on criticality and exposure.

The most valuable feature of the solution stems from the insight it provides.

From a threat intelligence perspective, we use Microsoft Defender in conjunction with Azure and the cloud for our cloud-based customers. It helps us defend against various types of malicious code, whether it's through email inbounds or uploaded through USB sticks. It offers a wide range of capabilities.

Microsoft Defender is delivered in different components. One of them is the Microsoft community, where they share information about discovered malicious code, and remediation is promptly provided. This collaborative approach ensures that threats found in one country can be quickly addressed in other countries.

The global review and remediation of malicious code is probably the most valuable feature.

The solution is used for threat intelligence. The tool enables us to detect potential breaches and react to them proactively. Alerts are sent to our SOC team. Our SOC team investigates whether it's a positive or a negative alert. Depending on the result, a playbook is started.

The product runs so smoothly in the back end that we don't experience a hands-on. There is no performance degradation. It does what it is supposed to do. It detects what it is supposed to detect. We are happy with the tool. We didn't have an active incident for the last couple of years. The tool can proactively detect potential incidents.