Why You Should Take Advantage of Microsoft 365 Defender, the Microsoft 365 E5 Security Suite

Over the past 2-3 years, cybersecurity leaders and practitioners have faced immense pressure to keep up with the latest tactics, techniques, and procedures (TTPs) adversaries are relying on to gain initial access into your environment and deploy malware.

Complicating matters further, the shift to work-from-home and hybrid workforces have forced many organizations to adopt cloud-based tools for remote business collaboration and to increase productivity.

Although Microsoft Office 365 continues to be the leading cloud-based software provider for business collaboration, many organizations don’t understand the breadth of cybersecurity capabilities they have access to as part of their E5 licensing.

We see that many organizations and even our own customers often fail to take advantage of Microsoft’s 365 E5 security capabilities. In this blog, we’ll explore the benefits of Microsoft 365 E5’s security stack and why you should partner with an MDR for Microsoft provider to make the most of out of your Microsoft investment.

Why Choose Microsoft 365 E5?

While there are countless cybersecurity tools in the market that all promise the same thing – to protect your business against cyber threats – not many deliver on their promises. In fact, it’s likely that your team is often left with too much data, too many alerts that are left uninvestigated, and an increasing number of false positives that you need to wade through. According to the Neustar Cyber Threats and Trends Report, 39% of cybersecurity teams receive alerts from 7+ tools.

In addition, no matter the size or industry of your business, many of your cybersecurity peers are all facing the same three challenges:

• Increasingly sophisticated cyberattacks that are highly complex and significantly more destructive than they have been in the past
• A global shortage of cybersecurity talent
• Greater number, and complexity, of cyber risks leading to threat visibility across the expanding attack surface

This is where Microsoft Office 365 E5 truly shines. Unlike many other cloud-based productivity tools, Microsoft 365 E5 is a cost-effective solution that will easily scale alongside your business. What’s more, the real advantage of the E5 license is that it comes with Microsoft 365 Defender, a suite of built-in security tools that incorporate its security and compliance functionalities right into the operating system so you can consolidate the best-in-class tools in one ecosystem.

Microsoft 365 Defender allows your team to have the same threat prevention, detection, and response capabilities that you would have needed at least four distinct security vendor tools to fulfill. By leveraging Microsoft 365 Defender, your organization can easily experience cost-savings of 50-60% when compared to the cost of engaging a multi-vendor, best-of-breed security tool stack.

So why do so many organizations fail to take advantage of Microsoft’s suite of advanced cybersecurity tools? This is likely due to two reasons:

• Many cybersecurity teams don’t have the in-house expertise and resources to properly operationalize or manage the Microsoft Security stack.
• Organizations with smaller IT/cybersecurity teams simply don’t realize the extent of security capabilities that Microsoft 365 E5 is equipped with.

What are the Security Features of Microsoft 365 Defender?

Microsoft 365 Defender enables your team to initiate response actions to keep malware from spreading, terminate sessions to prevent adversaries from stealing data, and purge malicious files. Your team is also significantly better equipped to deal with the three most used attack vectors used in real-world threat scenarios: phishing, privilege abuse, and malware.

Using Microsoft Defender for Office 365 to Combat Phishing

According to our latest threat report, Disrupting Initial Access, email has been widely used as a delivery vector by cybercriminals. In 2020, email accounted for 66% of all incidents we saw in customer environments and though its use decreased in 2021, we saw a resurgence of email-based malcode in 2022. Therefore, phishing, and other types of business email compromise (BEC) attacks, are a significant threat to your organization.

Microsoft Defender for Office 365 allows your team to prevent BEC attacks via robust filtering capabilities, identify suspicious content and attack patterns through its AI-based threat detections, automatically purge malicious emails and files, and conduct email-focused threat investigations and threat hunting.

Using Microsoft Defender for Identity Against Privilege Abuse

The 2021 Verizon Data Breach Investigations Report (DBIR) stated that some form of privilege abuse was used in 75% of all breaches investigated in the report. Threat actors often rely on credential theft to obtain admin privileges for lateral movement across your environment to exfiltrate data.

Microsoft Defender for Identity leverages Azure Active Directory so your team can govern and protect user identities:

• Identity Governance: You can leverage privilege access management, access reviews, and terms-of-use policies to restrict access to certain resources for the right people. It’s also easier for your employees to request access to certain assets and be configured as approvers for specific resources without needing admin privileges.
• Identity Protection: You can investigate and respond to compromised identities and other types of insider threats by leveraging Azure Active Directory. As a result, your team can configure automated responses against suspicious behaviour, force password resets, temporarily suspend, lock out access, or revoke privileges to critical assets.

Most importantly, Microsoft Defender for Identity allows you to get real-time insights all mapped to the techniques listed in the MITRE ATT&CK framework.

Using Microsoft Defender for Endpoint Against Malware Deployment

In addition to using BEC attacks, threat actors are using a variety of techniques such as drive-by social engineering attacks (e.g., SEO poisoning) to deploy malware and ransomware in their victims’ environment. As noted in the Disrupting Initial Access report, eSentire’s Threat Response Unit (TRU) saw a surge in drive-by cyberattacks, from 7% in 2020 to 34% in 2021 that remained into 2022. It’s clear that cybercriminals are evolving their tactics as necessary to evade email filtering controls and improvements in Phishing and Security Awareness Training (PSAT).

Microsoft Defender for Endpoint allows your team to isolate ransomware, stop data exfiltration, and block hands-on-keyboard attackers by quarantining files, blocking known bad or suspicious hash values, terminating malicious processes, conducting reboots of affected systems, and eradicating cyber threats.

“The Microsoft Defender stack is comprised of an endpoint security solution, an identity solution, an email solution, and a cloud security solution,” says Kurtis Armour, Vice President of Product Management at eSentire. “Together, those capabilities encompass everything you need to be able to stop a threat. From phishing and social engineering to lateral movement and initial code execution, the vectors that are exploited in nearly 100% of attacks are covered by Microsoft Security.”

Why Engage an MDR for Microsoft Provider?

Even though the Microsoft 365 Defender arms your team with a suite of high-quality cybersecurity tools, you still need the right expertise to configure the tools properly and manage them 24/7.

The reality is that many cybersecurity teams are still outnumbered against the onslaught of cyber threats and security alerts they face every day. It’s likely your team is experiencing the same pain points:

• Hiring and training cybersecurity staff is incredibly difficult for most mid-market enterprises.
• Even if you can attract the talent, it’s hard to retain your staff with limited security budgets and compensate them for their expertise.
• You’re probably only staffed 9am-5pm in one time zone but need for 24/7 global coverage.

Herein lies the need for a Managed Detection and Response (MDR) for Microsoft provider. Unlike traditional MSSPs who focus primarily on preventative measures and a birds-eye view of your cybersecurity posture, an MDR provider will get in the trenches with you.

In other words, MDR providers come equipped to take response and remediation actions on your behalf so you can get peace of mind. This is especially beneficial from a Microsoft standpoint since the Defender suite comes equipped with response and remediation capabilities that a team of 24/7 Cyber SOC Analysts can leverage.

Remember, the key difference between response and remediation are the outcomes:

• Fast, effective, and accurate response allows you to contain the threat and minimize dwell time, so it doesn’t spread. As a result, it’s driven by the breadth of your threat investigation capabilities so if your threat investigations are incomplete or superficial at best, your response capabilities will suffer.
• Remediation actions focus on the steps you take to completely eradicate the threat from your environment and get back to normal business operations.

Leverage eSentire MDR for Microsoft to Secure Your Microsoft Investment

Rather than trying to adopt a DIY approach to managing your Microsoft security stack, it’s much more cost-effective to partner with an MDR for Microsoft provider so you can get access to a team of Elite Threat Hunters and 24/7 Cyber SOC Analysts that you can trust.

By engaging an external MDR provider, you can achieve 24/7 visibility across your Microsoft ecosystem, ongoing cybersecurity event monitoring, threat detection and investigation, and complete response capabilities ­– all at a significant cost-savings. When compared to the DIY approach, you can reduce the total cost of ownership for threat detection and response by 50% if you engage eSentire MDR:

Benefits of eSentire MDR for Microsoft include:

• Complete Microsoft Ecosystem Visibility and Optimization: You can centralize visibility and account for risks across your Microsoft cloud ecosystem, and gain expert guidance from our Microsoft team to optimize your cybersecurity controls and overall posture.
• Unparalleled Threat Response and Remediation: Your team can build a responsive security operation by combining cutting edge XDR technology and our security experts to stop and remediate cyber threats across endpoint, email, and identity vectors.
• Maximum ROI on Microsoft Cloud Investments: You can unlock the full potential of the controls and tools that exist within your investments in Microsoft 365 Defender and Microsoft Sentinel. Plus, our cybersecurity experts become a 24/7 extension of your team.
• Highly Certified Expertise: We are an active member of the Microsoft Intelligent Security Association (MISA), a Microsoft Security Solutions Partner, and have managed 100+ successful Microsoft MDR deployments.