sb-nz logo
Story image

Microsoft brings endpoint & Azure security under Microsoft Defender

28 Sep 2020

The Microsoft security platform formerly known as Microsoft Threat Protection has a new name and new capabilities, announced at Microsoft Ignite last week.

The new name, Microsoft Defender, brings Microsoft 365 Defender and Azure Defender under the same umbrella.

Microsoft 365 Defender

Microsoft Threat Protection is now known as Microsoft 365 Defender, an extended detection and response (XDR) solution for end user environments.

Microsoft 365 Defender comprises several components including Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection). This aims to protect Windows, macOS, Android and iOS mobile devices from threats.

Microsoft Defender for Office 365 is the new name for what was formerly known as Office 365 Advanced Threat Protection. The solution, now in public preview, enables security teams to use priority account tagging protection for the most targeted and visible people in an organisation.

Further, Microsoft 365 also integrates Application Guard with Office, and connects it to the Safe Documents service. The public preview enables Microsoft 365 E5 customers to edit, print, and save changes to Office documents from outside their organisation, securely.

Application Guard works by opening documents in a secure, virtual container with its own instance of Windows 10 in a separate copy of the kernel. If the untrusted file is malicious, the attack is contained while user data and identity remain untouched. When a user wants to trust a document to save on the network or start collaborating in real time, Safe Documents will first check the document against known risks and threat profiles before allowing it to open.

Microsoft 365 has also added integration with the Windows platform Antimalware Scan Interface (AMSI) to scan Excel 4.0 macros, helping to further defeat obfuscation and evasion that an attacker may employ.

Azure Defender

Azure Defender replaces Azure Security Center’s cloud and workload protection for Azure and virtual machines, databases, containers, and IoT devices. While Azure Security Center remains as a central dashboard, Defender will become the default experiences later in September.

Azure Defender includes SQL database and virtual machine protection, enhanced container protection – specifically Kubernetes, and Azure Defender for IoT to protect IoT in operational technology networks.

Further, Defender can now integrate with the Azure Sentinel SIEM platform for deeper visibility and insights into an enterprise’s security. Azure Sentinel aggregates and analyzes data from Microsoft Defender and other Microsoft and third-party systems to provide an end-to-end view of an attack, prioritise critical threats and respond via automation playbooks. Defenders can connect any data with built-in connectors.

Microsoft Defender for Identity is the new name for Azure Advanced Threat Protection. It provides threat protection for people’s identities.

Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More
Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More
Story image
Report: Power utilities increasingly at risk of devastating cyber-attacks
“Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control.”More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More