Microsoft Defender “top of the class” for ransomware detection and blocking.

Microsoft Defender for Endpoint has just received top marks for the latest Advanced Threat Protection Test carried out by AV-Test in Feb 2022.

The report (which tested many of the top products including Microsoft Defender in both the home and commercial space) found that it was best-in-class in terms of its ransomware detection and blocking.

The Advanced Threat Protection tests provide vendors and users with substantial findings as to how securely a product can protect against ransomware in real-life scenarios.

… All the products have to successfully defend against ransomware in 10 real-life scenarios under Windows. The test involves threats such as files containing hidden malware in archives, PowerPoint files with scripts or HTML files with malicious content.

AV-TEST

Top Marks

The tests were carried out amongst 14 of the top anti virus and endpoint protection products in the consumer and commercial space including:

  • Acronis
  • AVG
  • Avast
  • Bitdefender
  • Kaspersky
  • F-Secure
  • McAfee (Trellix)
  • Microsoft
  • Symantec

Whilst Microsoft came out joint top for all the tests in the corporate space, the lowest of the scores were McAfee / Trellix who AV-TEST claim were unable to fully block ransomware attacks in multiple different attack scenarios:

Microsoft Defender AV-TEST ransomware tests 02-22
McAfee AV-TEST ransomware tests 02-22

You can access the full reports from AV-TEST here.

Good news for consumers and corporate

In short this should be good news for corporate customers that use Microsoft Defender (which is built into Windows 10 and Windows 11) as well as consumers.

Consumers in particular are often sold additional third party antivirus and anti ransomware products when they buy a new computer, buy software or through advertising and whilst there may be good reasons to buy additional products, these results should demonstrate just how good Microsoft are at protecting consumers and corporate clients who use their products.

Defender is part of a much bigger family

In the corporate space at least, Microsoft Defender is a an entire multiplatform, multi vendor platform suite of. Integrated services for protecting corporate systems and data from attack, breach, ransomware and theft. Their product suite extends across Identity (Defender for Identity), Cloud, Endpoint, IoT and Office 365 to name just a few.

You can find out more about the Microsoft Defender suite of products for corporate customers here.

Microsoft also annouced last month the release of Microsoft Defender for individuals which provides enterprise grade protection for Microsoft 365 consumers and family users. Microsoft Defender is a cross-device security app that helps individuals and families protect their data and devices, and stay safer online with malware protection, real-time security notifications, and security tips. You can read more here.

Smaller Organisations – Here’s why you should care about Microsoft Defender for Business

Defender for Business

Today (May 3rd 2022) Microsoft formally announced the general availability of the standalone version of Microsoft Defender for Business.

Why should I care?

Well firstly, it’s a myth that smaller organisations are not targeted and attacked. Security continues to be an increasing challenge for small and medium businesses with a more than 300% increase in ransomware attacks alone in the past year alone, leading to increase cost in time and money, whilst pulling you away from doing what matters most – running your business and making money.

300% Increase in ransomware attacks 2021

As an example, the solicitor I was personally using last year for a house purchase was victim of a cyber-attack in September last year and it took them almost 3 months to get back on their feet which cost them loads of business – including mine!

In addition, according to a report commission by Microsoft – over 90% SMB organisations admit to buying “bad” endpoint security (which means it is below par, nor is it integrated into their wider security portfolio).

What is Defender for Business

Microsoft Defender for Business brings enterprise-grade security to smaller and medium sizes businesses (SMBs), including world-class endpoint detection and response capabilities.

Microsoft Defender for Business

Microsoft Defender also continually scores the highest across all industry endpoint protection products. https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests

Why Defender for Business

Microsoft position this as “the solution for the new Hybrid Workforce”. As employees increasingly work across a mix of different devices and locations, Defender for Business delivers end-to-end security and moves beyond traditional end-point anti-virus, with their cloud connected, AI-powered service that is backed by trillions of daily signals, bringing enterprise grade, real time detection of known or trending threats including zero-day attacks and ransomware.

Microsoft Defender for business is part of the wider Microsoft 365 Defender family – a unified pre- and post-breach enterprise defence suite which natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Key Benefits

  1. Reduce your vulnerability with Defender’s risk-based management approach
  2. Help eliminate risks by reducing the surface area of attack
  3. Protect against cyberthreats like ransomware and malware
  4. Detect and investigate advanced persistent attacks
  5. Automatically investigate alerts and helps respond to complex threats

Here’s how it works

If you think of your business as like you might think about your own house, we can use this simple by effective analogy:

  1. Threat and Vulnerability Management is like a proactive police/crime assessment – looking at your doors and windows for potential weaknesses. It’s a risk prevention approach to vulnerability management that reduces threats before they grow into serious problems.
  2. Attack surface reduction works by making sure the windows are locked, and only the right people have keys to the front door. This helps minimise risk by reducing the attack surfaces open across your devices.
  3. Next Generation Protection acts as the lock for your front door. It helps to stop the things you don’t want to enter, from file-based and fileless malware, to spyware.
  4. Endpoint Detection and Response is like a security camera system, helping you see and record an intruder in the building. Defender’s advanced tools then sets off the alarms, allowing you to respond directly to the problem, device, or file.
  5. Auto Investigation and Remediation is like your smart alarm system, calling the authorities and taking the intruder away. Defender for Business automatically investigates alerts and helps remediate complex threats, acting as your personal security analyst, working 24/7 to protect your business.

In short, Microsoft Defender for Business looks across your environment, multiple activities, devices, and users and then aggregates your alerts into a single incident making it easier for you (or your IT Services partner) to manage and respond to threats before they impact your business.

How does it compare to Defender for Enterprise?

Defender for Business provides the same premium protection at endpoint level for SMBs as it does for Enterprise organisations – the only difference is the price point and simplified management. The table below, shows the main differences.

Microsoft Defender Product Comparison (c) Microsoft.

How do I get it?

All these features and more are available as part of Microsoft 365 business premium plan or can be purchased (if you are not a Microsoft 365 subscriber) as a standalone application.

Microsoft Defender for Business Options

Speak to your Microsoft Partner or CSP license provider in the first instance. They can probably also help you quickly get started and set it up..

Defender for Business is already included as part of Microsoft 365 Business Premium – Microsoft’s comprehensive security and productivity solution for businesses with up to 300 employees (or as part of a blended licensing approach). Microsoft Business Premium costs just £16.50 per user per month.

You can (from today) also purchase Defender for Business as a standalone solution for just £2.75 per user, per month and what’s more support for On-Premises and Cloud Hosted Servers for SMB is also coming later this year.