Forum Discussion
HeikeRitter
Microsoft
MicrosoftNinja Cat Giveaway: Episode 4 | Defender Experts for Hunting Overview
For this episode , your opportunity to win a plush ninja cat is the following -
Reply to this thread with:
- How would YOU explain/describe Defender Experts for Hunting to someone?
- Also in yo...
- How would YOU explain/describe Defender Experts for Hunting to someone?
Defender Experts for Hunting is a managed threat hunting service that proactively looks for threat 24/7/365 across endpoints, Office 365, cloud applications, and identity using M365 Defender data to prioritize significant threat and help with daily SecOps work.
The following capabilities included in this managed threat hunting service:
1> DEN (Defender experts notifications) - Notifications show up as incidents in Microsoft 365 Defender, helping to improve security operations' incident response with specific information about the scope, method of entry, and remediation instructions.
2> EOD (Experts on Demand) - Click the 'Ask Defender Experts' button in M365 Defender portal to ask for help on specific incident, nation state actor, or attack vector
3> Reports - An interactive report summarizing what was hunted and found
4> Threat Hunting and Analytics -Defender Experts for Hunting look deeper to expose advanced threats and identify the scope and impact of malicious activity associated with human adversaries or hands-on-keyboard attacks.
what is Threat hunting?
Threat hunting is the proactive process of identifying and investigating potential security threats or malicious activity on a network, computer, or device. It involves analyzing system and network logs, observing user behavior patterns, and identifying anomalies and suspicious activity that indicate the presence of a threat. The aim of threat hunting is to detect security incidents before they cause harm, and to take steps to prevent them from happening again in the future.
1. Defender Experts for Hunting
Defender Experts for Hunting is a managed service offering by Microsoft that is specifically aimed at conducting proactive hunts 24/7/365 across endpoints, identity, email, and cloud apps using Microsoft 365 Defender telemetry in order to prioritize significant threats and improve your overall defensive posture and SOC response.
This is achieve in through the following:
a. Threat Hunting and analysis
b. Defender Expert Notifications
c. Experts on Demand
d. Hunter-trained Artificial Intelligence (AI)
e. Reports
2. Threat Hunting defined:
Almost 10 years ago, in 2014, Microsoft Enterprise Cloud Red Teaming released a white paper on it's core philosophy of 'Assume Breach'. This philosophical shift in mindset resides at the foundation of what Threat Hunting is about. Threat Hunting is a proactive, intentional effort to enhance an organizations defensive posture. This is accomplished by developing a hypothesis for a hunt and interrogating the operational environment to confirm the presence or absence (validate) a hypothesis. As the threat landscape continues to evolve, proactive hunts can also be tailored to validate the absence of a known actively exploited threat vector. Threat Hunting is a proactive measure used within the overall strategy of a Defense-In-Depth approach. Like active security in the physical world focused on key terrain, the same should take place in our digital world. Especially with cloud computing where identity is the new perimeter.
I'm really enjoying the content, thank you!
Defender Experts for Hunting is a managed service offering by Microsoft that is specifically aimed at conducting proactive hunts 24/7/365 across endpoints, identity, email, and cloud apps using Microsoft 365 Defender telemetry in order to prioritize significant threats and improve your overall defensive posture and SOC response.
This is achieve in through the following:
a. Threat Hunting and analysis
b. Defender Expert Notifications
c. Experts on Demand
d. Hunter-trained Artificial Intelligence (AI)
e. Reports
2. Threat Hunting defined:
Almost 10 years ago, in 2014, Microsoft Enterprise Cloud Red Teaming released a white paper on it's core philosophy of 'Assume Breach'. This philosophical shift in mindset resides at the foundation of what Threat Hunting is about. Threat Hunting is a proactive, intentional effort to enhance an organizations defensive posture. This is accomplished by developing a hypothesis for a hunt and interrogating the operational environment to confirm the presence or absence (validate) a hypothesis. As the threat landscape continues to evolve, proactive hunts can also be tailored to validate the absence of a known actively exploited threat vector. Threat Hunting is a proactive measure used within the overall strategy of a Defense-In-Depth approach. Like active security in the physical world focused on key terrain, the same should take place in our digital world. Especially with cloud computing where identity is the new perimeter.
I'm really enjoying the content, thank you!