I like the attack graph of each incident. It's really handy, and there's a summary. For example, you can see what had happened with a timeline. And if you go to investigate, the evidence will be there, including the users and devices. Co-pilot is integrated there as well. With just one click, you have a summary of what to do and the next steps. For young analysts, it is quite helpful. You can have security administrators or global administrators. You can set up different permission structures outside of Defender. The solution's security extends or covers more than just Microsoft technologies. Linux machines can be used, for example. It is possible to install an agent for Linux so you can monitor also Linux machines. Apart from having everything within the same console, you have alerts. The attack disruption capabilities positively affect our security operations. We can integrate with third parties. If an email comes in with a file attached, Microsoft's intelligence would be able to tell if it's a phishing scam, and it can automate the deletion. We do educate and train our users, however, it provides an extra security layer that catches suspect emails. It reduces the risk of users accidentally clicking on phishing emails. The solution adapts to evolving threats. It's a next-generation solution. The machine learning and AI are integrated. With the help of machine learning, it can block quite a bit of suspicious activity. It offers multi-tenant capabilities. We have four different tenants, and for each, we have a different console, so I don't directly deal with multi-tenant capabilities; however, it is possible. We do use the solution with a variety of others. We haven't reduced the number of other products we use for security. However, it's quite handy. It blocks a lot of malicious attempts. Nothing really gets by it. The automatic incident response and protection have kept us very safe, even though we do have other backups there on offer as well. We've saved a lot of time with the automated detection. It reduces the time we need to respond and react. We've saved maybe 30% to 40% of the typical amount of time it would take, thanks to automation. For example, if there is, a phishing email goes to the XDR if we had to do an analysis and a report, that alone might take 20 minutes to an hour. Then, we have to remediate, delete and block. With automation, we can save those 20 minutes to an hour. The process is automatic, so we don't have to manually do it. Also, if you have a bunch of suspicious domains or IPs, it will take time to manually go through everything, one by one. However, we can automate the blocking process and save ourselves a lot of time.
