cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Defender Experts Services Expanded Coverage Upcoming Preview
By
Elisa_Lippincott
Published May 06 2024 09:00 AM 1,227 Views
Elisa_Lippincott
Microsoft
‎May 06 2024 09:00 AM

Microsoft Defender Experts Services Expanded Coverage Upcoming Preview

‎May 06 2024 09:00 AM

We’re pleased to announce the upcoming preview of our Defender Experts services expanded coverage scheduled for June 2024 that extends our capabilities to include customers’ cloud estates with servers and virtual machines (VMs) running in Microsoft Azure and on-premises via Defender for Servers in Microsoft Defender for Cloud. In addition, our coverage will utilize third-party network signals to enhance investigations, create more avenues to generate leads for comprehensive threat hunting, and accelerate response earlier in the attack chain.

 

World-class security expertise now extends to Microsoft Defender for Cloud

 

Despite growing cloud maturity, a staggering 95% of security professionals remain concerned about public cloud security.1 Cloud security is top of mind for many organizations, but they face skills gaps and staffing challenges for this area of expertise. According to ISC2, 92% of organizations report having skills gaps in their organization – the most common being cloud computing security.2 SOC teams are overwhelmed and understaffed, and organizations need quick access to security expertise to address their coverage gaps. With Defender Experts services now expanding coverage for Defender for Cloud (Defender for Servers), our customers can extend their Defender Experts service to their cloud assets with our field-tested team of experts for proactive threat hunting and managed detection and response.

 

Elisa_Lippincott_0-1714980502897.png

Figure 1. Screenshot of a list of incidents with one highlighted to show the service source as Microsoft Defender for Cloud and the detection source as Microsoft Defender for Servers

 

Customers utilize servers and VMs in their cloud environments to run their business-critical applications; however, cloud computing also introduces new cybersecurity challenges and risks that require specialized skills and tools to address. Securing servers in the cloud requires threat detections that extend to cover connected, cloud-native components, management plane, lateral movement, the discovery of unmonitored machines, file integrity monitoring and more. With Defender for Servers coupled with Defender Experts services, customers can safeguard their servers with around-the-clock coverage and access to our team of experts who will augment your SOC team and help protect your environment across your hybrid environment.

 

Elisa_Lippincott_1-1714980579808.png

Figure 2. Screenshot of an attack story involving a multi-stage incident that includes alerts on virtual machines (VMs)

 

Enhanced investigations through telemetry data enriched by third-party network signals

 

Both Defender Experts for XDR and Defender Experts for Hunting services use Microsoft’s extensive and dynamic threat intelligence, and the Defender Experts team utilizes this data to inform their efforts and deliver insights into attackers and their attacks in a customer’s environment. A significant enhancement to this capacity is the ability to enrich Defender incidents with third-party network signals, which provide two key advantages for our customers:

 

  • Deeper insights into incidents: Enriching Defender incidents with network signals from the following providers (Palo Alto Networks (PAN-OS firewall), Zscaler (ZIA and ZPA), Fortinet, and Cisco (ASA and Meraki firewalls) further enhances our threat telemetry and visibility and gives the Defender Experts team the ability to intensify their threat hunting efforts and investigations and further refine the timeline reconstruction of an incident across multiple vectors.

 

  • Accelerated response times: Select network logs will enrich Defender incidents to provide a more comprehensive view of the attack path and additional pivot points for deeper threat hunting, which enables faster and more complete detection and response.

 

Expanded coverage preview requirements

 

As part of the expanded coverage preview, customers will be able to see what the Defender Experts team does for them in Microsoft’s new unified security operations platform. This streamlined platform provides you with deeper context into investigations and end-to-end visibility to investigate and respond to threats faster.

 

For the Defender for Cloud expanded coverage preview requirements, a Defender Experts for XDR license or trial is required (both include the Defender Experts for Hunting service); a Defender for Cloud – Defender for Servers Plan 1 or Plan 2 license; and Defender for Endpoint agent running on the servers/VMs. Customers must be familiar with the Microsoft Defender XDR suite and Azure Lighthouse must be configured on the customer tenant to allow Defender Experts analysts to access the customer’s Defender for Cloud portal.

 

For the third-party network signals expanded coverage preview requirements, a Defender Experts for XDR license or trial is required (both include the Defender Experts for Hunting service); a Sentinel instance within the unified security operations platform; at least one of the supported third-party network signals ingested into their Sentinel instance using the built-in data connectors; opt-in to the ASIM preview feature and Sentinel Research Data Access (RDA); and Azure Lighthouse must be configured on the customer tenant to allow Defender Experts analysts to access the customer’s Sentinel instance.

 

Customers who are interested in our expanded coverage preview can contact their Microsoft representative for more information.

 

We understand our customers have unique requirements when it comes to managed security services, so we frequently collaborate with our rich ecosystem of verified MXDR partners to choose from that best meets their needs.

 

See Defender Experts in action

 

We will be in attendance at the RSA Conference (RSAC) in San Francisco, California on May 6-9, 2024 and invite you to join us for an in-booth theater session featuring Defender Experts at booth 6044N on Monday, May 6, 2024 at 6:30pm. For more information about Microsoft’s overall participation at the conference, please visit our main RSAC blog.

 

Click here to discover more about our services or check out the Microsoft Defender Experts for XDR and Microsoft Defender Experts for Hunting documentation pages. Make sure you bookmark our Defender Experts Ninja Hub for the latest resources and videos.

 

 

 

All non-Microsoft product names and brands are property of their respective owners.

 ____________________________________________

1 2023 Cloud Security Report | ISC2 and Cybersecurity Insiders

2 ISC2_Cybersecurity_Workforce_Study_2023

 

 

Co-Authors
Version history
Last update:
‎May 06 2024 12:49 AM
Updated by:
Labels