Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Ninja Cat Giveaway: Episode 4 | Defender Experts for Hunting Overview

Microsoft

For this episode , your opportunity to win a plush ninja cat is the following -

Reply to this thread with:

- How would YOU explain/describe Defender Experts for Hunting to someone?

- Also in your own words: what is Threat hunting? 

 

This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.

24 Replies
Defender Experts are cybersecurity professionals looking proactively for exploits/bad actors inside the organizations
Threat Hunting is a proactive process looking for signals of attacks that are not visible for first responders (e.g. SOC Analysts)

- How would YOU explain/describe Defender Experts for Hunting to someone?

 

Microsoft Defender Experts for Hunting is a service that helps you find and respond to threats. It’s like having a team of experts who will look for anything suspicious on your computer, email, and other apps. If they find anything, they’ll let you know right away and tell you what to do about it. It’s like having your own personal security team!

 

- Also in your own words: what is Threat hunting?

 

Threat hunting is like a game of hide and seek, but with cyber attacks. It’s when computer security experts actively look for and root out cyber threats that have secretly penetrated their computer network.

- How would YOU explain/describe Defender Experts for Hunting to someone?

Defender Experts for Hunting is a service that provides proactive threat hunting across your Microsoft 365 environment. It leverages the advanced hunting data from Microsoft 365 Defender to detect and investigate threats that may evade traditional security solutions. Defender Experts for Hunting is staffed by Microsoft security experts who have deep knowledge and experience in threat hunting and analysis. They will deliver contextual alerts and remediation instructions to help you quickly respond to any malicious activity they find.

- Also in your own words: what is Threat hunting?

Threat hunting is an exciting and challenging cybersecurity function that uses proactive practices and intelligent technology to identify and reduce malicious activities in an organization’s systems. It assumes that attackers have already compromised the organization’s systems at their core level. Threat hunting is an active IT security exercise that digs deep to find malicious actors in your environment who have escaped your first endpoint security defense. Threat hunting is an art and a science that requires many skills and experience to be effective.

@Heike Ritterfor some reason todays event (Live event: Microsoft 365 Defender Virtual Ninja Training 304) in Teams never started for me.  Hopeful it was either copied to my calendar incorrectly or it will be made available for review.  Thanks

Defender Experts for Hunting is a service provided by Microsoft professionals to support internal SOC team in order to proactively look for any threats inside their organization, based on internal factors gathered by Defender as well as the external ones.

Threat hunting is a proactive action taken by SOC team to look for any threats that may be not discovered by any automated cybersecurity services.
Defender Experts are people who help search for and respond to threats in the organization. You could say it's a kind of external SOC.
Threat Hunting is the proactive process of searching and identifying threats and risky/unusual behavior within an organization perimeter.

Hi Heike,

Thank you for the show! Our organization just enabled Defender Experts for Hunting recently, so it is a good time for me to join the show and get a vision of this service.

How would YOU explain/describe Defender Experts for Hunting to someone?
- It is a proactive threat hunting service in Microsoft to hunt across multiple services in Microsoft 365 like identity, applications, endpoints, etc. It helps security analysts or operators to search for unknown threats or undetected threats in the tenant. You will be assigned a dedicated MS security experts to help you with the threats detection, investigation, analysis and response etc.

what is Threat hunting?
- Comparing the traditional cybersecurity alerts, threat hunting is a proactive approach to look for unknown and hidden threats.

@Heike Ritter 

 

  1. Defender Experts for Hunting is a service provided by Microsoft Defender for Endpoint that allows organizations to proactively identify and respond to advanced threats that may have bypassed traditional security measures. The service is staffed by Microsoft security experts who use advanced analytics and threat intelligence to hunt for suspicious activity and potential threats in an organization's environment. The goal of Defender Experts for Hunting is to help organizations identify and contain threats before they can cause significant harm.

  2. Threat hunting is the proactive process of searching for and identifying potential threats in an organization's environment that may have gone undetected by traditional security measures. Threat hunting involves analyzing system logs, network traffic, and other data sources to identify suspicious activity that may indicate the presence of a threat. The goal of threat hunting is to catch threats early in the attack chain and prevent them from causing significant harm. Threat hunting can be conducted manually by security analysts or through the use of automated tools that use machine learning and artificial intelligence to identify potential threats.

1. Defender Experts for Hunting
Defender Experts for Hunting is a managed service offering by Microsoft that is specifically aimed at conducting proactive hunts 24/7/365 across endpoints, identity, email, and cloud apps using Microsoft 365 Defender telemetry in order to prioritize significant threats and improve your overall defensive posture and SOC response.

This is achieve in through the following:
a. Threat Hunting and analysis
b. Defender Expert Notifications
c. Experts on Demand
d. Hunter-trained Artificial Intelligence (AI)
e. Reports

2. Threat Hunting defined:
Almost 10 years ago, in 2014, Microsoft Enterprise Cloud Red Teaming released a white paper on it's core philosophy of 'Assume Breach'. This philosophical shift in mindset resides at the foundation of what Threat Hunting is about. Threat Hunting is a proactive, intentional effort to enhance an organizations defensive posture. This is accomplished by developing a hypothesis for a hunt and interrogating the operational environment to confirm the presence or absence (validate) a hypothesis. As the threat landscape continues to evolve, proactive hunts can also be tailored to validate the absence of a known actively exploited threat vector. Threat Hunting is a proactive measure used within the overall strategy of a Defense-In-Depth approach. Like active security in the physical world focused on key terrain, the same should take place in our digital world. Especially with cloud computing where identity is the new perimeter.

I'm really enjoying the content, thank you!
I am sorry you could not join - the recording is now available here: https://youtu.be/4i60ISNaEik
Thank you for answering these questions too!! Would love to hear more how Defender Experts for Hunting helps your organization after you had some time with this service.
As you already won a cat, and we only give one cat per person, I really appreciate your additional contribution :)
Hi Luke, almost! Defender Experts for Hunting is not just for Defender for Endpoint - it's for all our Defender products in Microsoft 365 Defender. Originally we had Microsoft Threat Experts as part of the Defender for Endpoint product, but over the time the service expanded and also enhanced its capabilities.
I agree with Erik, I like hunting and remediation to keep the environment Secure by Design.
How would YOU explain/describe Defender Experts for Hunting to someone?
Defender Experts for Hunting is a proactive threat hunting service for Microsoft 365 applications, Endpoints, Identities to get the security Alerts and remediation solutions. Get a good overview with security reports to keep you in Control and when you have questions you can ask Defender Experts for answers. The right SecOps people can be notified when alerts are triggered.

Also in your own words: what is Threat hunting?
Threat hunting is proactively searching for cyber threats in your environment. Cyber threat hunting digs deep to find malicious actors and to do your Security remediation based on best Practices like CVE's, mitre att&ck, solutions.

best response confirmed by Nitasha_Thakur (Microsoft)
Solution
How would YOU explain/describe Defender Experts for Hunting to someone?

Defender Experts for Hunting is a managed threat hunting service that proactively looks for threat 24/7/365 across endpoints, Office 365, cloud applications, and identity using M365 Defender data to prioritize significant threat and help with daily SecOps work.

The following capabilities included in this managed threat hunting service:
1> DEN (Defender experts notifications) - Notifications show up as incidents in Microsoft 365 Defender, helping to improve security operations' incident response with specific information about the scope, method of entry, and remediation instructions.
2> EOD (Experts on Demand) - Click the 'Ask Defender Experts' button in M365 Defender portal to ask for help on specific incident, nation state actor, or attack vector
3> Reports - An interactive report summarizing what was hunted and found
4> Threat Hunting and Analytics -Defender Experts for Hunting look deeper to expose advanced threats and identify the scope and impact of malicious activity associated with human adversaries or hands-on-keyboard attacks.


what is Threat hunting?
Threat hunting is the proactive process of identifying and investigating potential security threats or malicious activity on a network, computer, or device. It involves analyzing system and network logs, observing user behavior patterns, and identifying anomalies and suspicious activity that indicate the presence of a threat. The aim of threat hunting is to detect security incidents before they cause harm, and to take steps to prevent them from happening again in the future.
1) It is a service that allows you to facilitate the detection of an attack because it gives context to alarms that may initially seem unrelated.

2) Threat hunting means a set of techniques and procedures that allow both to intervene proactively and to discover attacks in progress against one's own systems from cyber attacks.
- How would YOU explain/describe Defender Experts for Hunting to someone?

Defender Experts for Hunting is a managed threat hunting service that proactively hunts for threats across endpoints, email, identity, and cloud apps.

Threat hunting?

Threat hunting is a proactive approach to identifying previously unknown, or ongoing non-remediated threats,

@Heike Ritter 

 

- How would YOU explain/describe Defender Experts for Hunting to someone?

 

Defender Experts for Hunting is Microsofts managed threat hunting service that runs 24/7 x 365 and proactively searches through the telemetry from your tenant (endpoints, emails, identity and cloud apps) to find evidence of threats to your organisation and notifies you of anything suspicious.

 

- What is Threat hunting?

 

Threat hunting is a proactive cybersecurity technique based on threat intelligence and is used to find evidence of undetected threats within your environment.

@Heike Ritter 

 

The link to the episode gives the following errror: 

AndrevandenBerg_0-1679417301917.png

 

1 best response

Accepted Solutions
best response confirmed by Nitasha_Thakur (Microsoft)
Solution
How would YOU explain/describe Defender Experts for Hunting to someone?

Defender Experts for Hunting is a managed threat hunting service that proactively looks for threat 24/7/365 across endpoints, Office 365, cloud applications, and identity using M365 Defender data to prioritize significant threat and help with daily SecOps work.

The following capabilities included in this managed threat hunting service:
1> DEN (Defender experts notifications) - Notifications show up as incidents in Microsoft 365 Defender, helping to improve security operations' incident response with specific information about the scope, method of entry, and remediation instructions.
2> EOD (Experts on Demand) - Click the 'Ask Defender Experts' button in M365 Defender portal to ask for help on specific incident, nation state actor, or attack vector
3> Reports - An interactive report summarizing what was hunted and found
4> Threat Hunting and Analytics -Defender Experts for Hunting look deeper to expose advanced threats and identify the scope and impact of malicious activity associated with human adversaries or hands-on-keyboard attacks.


what is Threat hunting?
Threat hunting is the proactive process of identifying and investigating potential security threats or malicious activity on a network, computer, or device. It involves analyzing system and network logs, observing user behavior patterns, and identifying anomalies and suspicious activity that indicate the presence of a threat. The aim of threat hunting is to detect security incidents before they cause harm, and to take steps to prevent them from happening again in the future.

View solution in original post