Detecting and remediating command and control attacks at the network layer
Microsoft Defender for Endpoint helps SecOps teams detect network C2 attacks earlier in the attack chain, minimize the spread by rapidly blocking any further attack propagation, and reduce the time it takes to mitigate by easily removing malicious binaries.Microsoft Defender ATP for Mac - EDR in Public Preview
At Microsoft, we’re committed to building security solutions not just for Microsoft but also from Microsoft. We know that customers have complex and heterogenous environments running multiple applications, multiple clouds, and multiple platforms. Today, the Microsoft Defender ATP team is proud to announce the public preview availability of endpoint detection and response (EDR) capabilities on macOS devices.
EDR in block mode vs AIR?
By the launch of EDR in blockmode, i'm just wondering how is this different than the "AIR block" with the changed default action to have it fully automatic? I would assume that you could customize the EDR responses, for instance instead of using Flow/Power Automate you would be able to tell the "new active EDR" to isolate high risk assets or so, but seems like nothing like that is available. Links for info: https://docs.microsoft.com/sv-se/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-automation-defaults-are-changing/ba-p/2068744
