Another Gartner Quadrant another winning result – as yet again, Microsoft continues it’s move up the quadrant – this year storming ahead of their competition in the Endpoint protection category with Defender for Endpoint.
Microsoft Defender for Endpoint is designed to protect every endpoint platform an organisation may use including Windows, Linux, macOS, Android, and iOS. Earlier this year, Microsoft introduced Microsoft Defender for Business which was positioned to provide smaller businesses with a streamlined way to protect their organisations with enterprise-grade security at a price point that is attractive to businesses of this size.
In this latest Gartner Magic Quadrant review which was published last week, Microsoft have been positioned in the most top right position.
Why Microsoft Defender
For years, third-party endpoint protection and antivirus vendors have positioned there products as “needed” to protect Windows, as the past 5 years has shown, Microsoft is now probably the biggest the secuity company you didnt know existed with virtually every product catagory they have (from endpoint, to CASB) being gatner magic quadrant leaders.
Further more, as organisations look to consolidate tools, reduce admin overhead and “do more with less”, more organisations are looking at leveraging their investment in Microsoft 365 E5 by taking advantage of the extensive set of security tools included within their subscription. It’s not just about cost either – there is no compromise as Microsoft continues to make enormous investments (to the tune of four billion per annum) to ensure that they have the best security and compliance propositions in the market with products that continue to develop to meet customer expectations and the every growing threat landscape.
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Microsoft Defender for Endpoint is available in two plans, Defender for Endpoint Plan 1 and Plan 2. A new Microsoft Defender Vulnerability Management add-on is also available for Defender for Endpoint Plan 2 users.
The Microsoft Defender for Endpoint (DFE) features 6 key components (which vary depending on the licensing you have).
Core Defender Vulnerability Management | Built-in core vulnerability management capabilities use a modern risk-based approach to the discovery, assessment, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. |
Attack Surface Reduction | Provides first line of defence in the stack, by ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. This also includes network protection and web protection, which regulate access to malicious IP addresses, domains, and URLs. |
Next Generation Protection | Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats. |
Endpoint Detection and Response (EDR) | This detects, investigates, and responds to advanced threats that may have made it past the first two security pillars. Advanced hunting provides a query-based threat-hunting tool that lets you proactively find breaches and create custom detections. |
Automated Investigation and Remediation | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. |
Microsoft Secure Score for Devices | Defender for Endpoint includes Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of the organisation |
Microsoft Threat Experts | Microsoft Defender for Endpoint’s new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centres (SOCs) to identify and respond to threats quickly and accurately. |
Integration across the wider Microsoft Stack
Defender for Endpoint naturally integrates extensively with various other Microsoft solutions, including:
- Microsoft Defender for Cloud
- Microsoft Sentinel
- Microsoft Intune
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity
- Microsoft Defender for Office
Defender for Endpoint – Business v Plan 1 vs Plan
Defender for Endpoint is now available in three plans:
- Defender for Business
- Defender for Endpoint Plan 1
- Defender for Endpoint Plan 2 (formerly known as Defender for Endpoint).
Feature | Defender for Business | Defender for Endpoint Plan 1 | Defender for Endpoint Plan 2 |
Centralised Management | ✔️ | ✔️ | ✔️ |
Simplified Client Configuration | ✔️ | ||
Microsoft Defender Vulnerability Management | ✔️ | ✔️ | |
Attack Surface Reduction | ✔️ | ✔️ | ✔️ |
Next Generation Protection | ✔️ | ✔️ | ✔️ |
Endpoint detection and response | ✔️ | ✔️ | |
Automated investigation and response | ✔️ | ✔️ | |
Threat Hunting | ✔️ | ||
Threat Analytics | ✔️ | ✔️ | |
Cross Platform (Windows, Mac, iOS, Android, Linux) | ✔️ | ✔️ | ✔️ |
Microsoft Threat Experts | ✔️ | ||
3rd Party Partner APIs | ✔️ | ✔️ | ✔️ |