Defending your organization against threats and attacks by cybercriminals requires a multifaceted approach that includes comprehensive planning, robust cybersecurity defense solutions, and active incident response when an attack starts
Critical Insight's Managed Detection and Response (MDR) provides expert-led services covering these three core pillars of a cybersecurity defense strategy.
Endpoint protection is one of five essential components with the 24x7 Threat Detection and Investigation component of our MDR. Protecting endpoint devices is vital as these are the primary interface between IT systems, users, and the bad actors on the Internet. They are not the only items that need protecting, but they are the focus of this article. Read on for an overview of the tools Critical Insight's cybersecurity professionals use when protecting endpoints.
Critical Insight’s General Approach to EDR
Endpoint Detection and Response (EDR) solutions contain the tools and techniques to protect endpoints. Generally, when we work with a client, our first goal is to use the existing tools they have invested in and ensure they deliver the maximum protection for endpoint devices.
For clients who do not have an EDR solution in place or have one that's inadequate to defend against current threats, the Critical Insight team has a strong recommendation — Microsoft Defender for Endpoint.
Why Microsoft Defender for Endpoint?
Our cybersecurity professionals have decades of experience using all of the endpoint protection solutions available for Enterprises. This experience has repeatedly shown that Defender is the most challenging endpoint protection solution to bypass or evade. Not just for cybercriminals but also for our testers trying to break into client systems during agreed penetration tests. Incidentally, penetration testing is part of the Critical Insight Application and Penetration Testing service within the broader Strategic Program Development offering (the unseen bottom half of the Defense Services Wheel image above).
In addition to the difficulty in bypassing Defender, another plus point in its favor is its deep integration into Microsoft Windows at the operating system level. This integration enables Defender to produce more detailed telemetry for our cybersecurity experts and monitoring tools to analyze. The data delivers faster alerts on suspicious behavior and allows emerging attacks to be detected and stopped before they can spread and cause harm.
Defender for Endpoint is part of a family of tools from Microsoft. This allows us to extend the industry-leading Defender protection beyond endpoints to other IT infrastructure components as required. The current family of Defender products includes:
- Microsoft Defender for Endpoint - for Windows PCs, Macs, Linux, Android (via InTune management suite), iOS (via InTune management suite).
- Microsoft Defender for Office 365 - protection for Exchange Online and Enterprise O365 P1 & P2 plans.
- Microsoft Defender for Identity - for hybrid cloud deployments to protect authentication details from external and internal threats.
- Microsoft Defender for Cloud apps - a cloud service broker that works across cloud providers to monitor data transfers and other typical cyberattack metrics.
The Defender family of products combined with the widespread deployment of Microsoft-based infrastructure solutions in our clients makes delivering a joined-up cyber defense posture and integrated security easier — from the back-end servers to each endpoint. Note that these additional Defender products are not a core part of the Critical Insight EDR solution but are available to deploy if required.
In addition to the market share enjoyed by Defender within the Microsoft Enterprise ecosystem, it also scores highly in Gartner's Magic Quadrant for EDR. In the latest EDR Quadrant, it is the highest-ranked on Ability to Execute and second for Completeness of Vision.
Thinking about EDR in a Broader MDR Landscape
EDR protection is a crucial part of all cybersecurity protection strategies. But equally important is that it integrates and works with other layers and cybersecurity solutions. This is generally true for all aspects of a cybersecurity strategy — integration is critical to avoid gaps that cybercriminals can exploit.
Critical Insight's Defender for Endpoint based EDR integrates seamlessly with the broader Critical Insight MDR platform to provide information and alerts to our security analysts. Any suspicious activity on endpoints is flagged and used in our core threat hunting and investigation activities. Plus, the isolation capabilities built into Microsoft Defender for Endpoint are integrated with Critical Insight's Rapid Quarantine (CIRQ) solution to enable quarantining based on suspicious endpoint behavior at the same security level as other suspicious behaviors that