Microsoft Defender Threat Intelligence [EOL] Reviews

We use Microsoft Defender Threat Intelligence for security. It alerts us on anomalies. 

Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations. 

The tool's onboarding of users that use on-premise or hybrid environments needs to be improved. 

I have been using the product for six years. 

I rate the product's stability a nine out of ten. 

Microsoft Defender Threat Intelligence is scalable. My company has 7000 users for it. 

Microsoft Defender Threat Intelligence's deployment is not straightforward. 

We have seen ROI with the product's use. 

The tool is expensive as a stand-alone solution. However, it is not cheap when you purchase it as a bundle. 

I rate Microsoft Defender Threat Intelligence a nine out of ten. 

We use the product as a defender for Office 365, endpoints, and security-dependable cloud apps.

The product provides efficient email security for sending links and file attachments. It has valuable features for anti-spam and antivirus. It integrates well with Microsoft Sentinel as well.

We encounter problems connecting the product deployed on the user endpoints with the servers. Additionally, the license model for the servers needs improvement.

We have been using Microsoft Defender Threat Intelligence for two years.

It is a very stable product.

Microsoft Defender Threat Intelligence is scalable.

The initial setup is simple. However, it takes a lot of bandwidth to scan the device. It is challenging to deploy backups of thousands of computers. We have to configure the integration between the Defender for the endpoint and the server. The deployment and maintenance process requires one technical engineer to troubleshoot issues by reviewing PCs and setups.

They offer two license plans: Microsoft Defender for endpoints and Microsoft Defender for businesses.

I have evaluated Kaspersky.

I advise others to develop a good infrastructure and a vision for security before deploying any product. I rate Microsoft Defender Threat Intelligence a nine out of ten.

Microsoft Defender Threat Intelligence should integrate with different platforms. 

I rate the tool's stability a ten out of ten. 

The tool's deployment depends on the infrastructure's complexity. I do the deployment for my customers. 

Microsoft Defender Threat Intelligence is part of the system. I rate it a nine out of ten. 

Threat Intelligence is a modern antivirus XDR solution that we use to protect the environment, identities, data, and endpoints from attacks.

It was an excellent tool for its covered area and protected data, applications and controlled user access remotely.

I value how Threat Intelligence integrates with the different platforms in Microsoft.

I would like to see more AI features and capabilities.

I've been providing the solution to customers for a little over two years.

I rate Microsoft Defender Threat Intelligence's stability a ten out of ten.

I rate Microsoft Defender Threat Intelligence's scalability a ten out of ten. We have about 50 customers using the solution.

The technical support for Threat Intelligence is very good.

We have previously tried Trend Micro Palo Alto CrowdStrike and several others. We chose Microsoft Defender Threat Intelligence because it has more features and functionalities, is more effective with attacks, and integrates better with different platforms, especially Sentinel, which helped us build a SOC. Threat Intelligence has better reactivity, too, so this solution was what we needed. The other solutions were a bit more complicated and had limitations.

Another interesting thing was how the solution had other data applications, not only endpoints but also identity and so on.

The initial setup is not complicated at all. Threat Intelligence is something engineers can develop and deploy properly. However, the initial setup's difficulty depends on the experience the engineers have with the cases that they need to deploy for, and this is where the skills come into play.

The time taken to deploy the solution depends really on the scenarios. And besides this company, we deployed the solution for small projects, which took less than ten days. There is also integration with Sentinel and third-party tools, so the time to deploy Threat Intelligence depends on what's needed. The deployment, when compared to other solutions, Is not complicated and does not take much time.

The solution can be licensed, but most users would already have it in their Office 365 license. They just need to use it. The solution is very cost-effective and not expensive compared to what other vendors provide. Since the solution is part of a bigger bundle, customers would not have to pay extra.

I rate Microsoft Defender Threat Intelligence a ten out of ten. People planning to implement this solution can confidently choose it. I wouldn't hesitate a minute to renew my license because it's very cost-effective and rich in functionalities. It has more features than other vendors' applications.

We primarily use the solution not necessarily from a user point of view. Rather, we use it from an admin point of view. For example, the Log4j vulnerability. Last year, they released threat intelligence information on that vulnerability, put out the protections quickly, and updated their TVM module. It can easily identify what things are vulnerable and what assets you have that are vulnerable to attacks.

They seem to be pretty up to date with the latest threats in the world. That's a pretty good aspect.

The threat intelligence piece is pretty good.

The user interface is pretty user-friendly.

The integration integrates across the whole Defender suite, so that's pretty good.

It's very straightforward to set up.

The product scales well. 

I cannot recall any issues we've encountered or areas that need improvement.

Technical support could be a bit better. 

Clients might prefer a lowering of the price. 

I've used the solution for probably over four years. 

The stability has been pretty good. I'd rate it nine out of ten in terms of its reliability. The performance has been great. 

It's very easy to scale as needed. 

We're across the Defender Suite. In terms of analysts that use it, there are five of us.

Technical support is okay. It could be better. 

Neutral

We pretty much use all Microsoft, so not much else is used. We use 

Defender for everything, so Defender for the cloud app, Defender for Cloud, Defender for Android and Defender for IOS, Defender for Identity, and others. We also use Microsoft Sentinel. It's all Microsoft stuff.

The solution is very straightforward. It's easy to set up. 

It's bundled into an E5 license, so it comes with a bunch of other things as well. I'd say it's fairly well-priced.

We did compare Microsoft Defender Threat Intelligence with ESET and Kaspersky, among others. Defender is not necessarily better. However, it just suits our security strategy and risk appetite.

We have a partnership with Microsoft.

I'd rate the solution a nine out of ten. 

In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance,  Cisco TALOS is another example. 

We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds. 

In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.

Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats. 

The vast amount of threat data that Microsoft gathers globally is a significant advantage. It's built into their protection mechanisms and helps us stay ahead of emerging threats.

One area that can be improved is reducing false positives. They could be more finely tuned. For instance, if we see regular alerts from an IP that isn't malicious, we modify those rules and hunt things to ensure we don't produce more false positives. We do fine-grain the environment. Some procedures could be more refined to reduce these false positives. That's a basic issue I've seen with Microsoft products.

In terms of Microsoft, almost all Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, and Defender for Cloud, all of these are within the Microsoft ecosystem. I work in a complete Microsoft environment. 

So, starting from Sentinel, all these Defender products come together. We also integrate data from third-party products like firewalls. Essentially, we create a SOC scenario to onboard SOC services based on different products or services. 

I typically work on onboarding SOC services for multiple clients, including Cybercon, cloud security personal management, and cloud security assessment, among other things.

Scalability is well-managed in Microsoft Defender Threat Intelligence. It's a built-in service that doesn't require us to handle the underlying infrastructure. When we use it as a service from a public cloud provider, they take care of the infrastructure management. 

If we were to configure it ourselves, we'd need to set up servers, ensure high availability, and enhance security with load balancers and firewalls. 

However, when using managed services from providers, we don't have to concern ourselves with the underlying infrastructure. So, it's a matter of choice. 

If I were to set it up independently, I'd ensure high availability, robust security measures, and efficient load balancing. But if we opt for managed services, there's no need to deal with the infrastructure intricacies. It really depends on our specific needs and preferences.

The customer service and support are a bit hard to reach. It's sometimes really hard to get a hold of them.

Neutral

Setting up the SOC service from scratch requires a great amount of familiarity, experience, and visibility in the cybersecurity space. You need to understand coverage for identity, applications, endpoints, networks, and more. 

There's the task of understanding the umbrella and defining the architecture, whether it's multi-tenant or single-tenant, and how it's user-based. 

It's complex, especially when onboarding from scratch. So, these kinds of things I do on a regular basis, so I would say making the architecture, defining the coverage thing, tune-up the customer environment, and setting up another 24/7 monitoring service. It's a job which requires a lot of experience and skills.

Given the intricacies and the experience needed, I would rate it as an eight out of ten in terms of complexity.

The deployment duration varies. For Threat Intelligence, it also depends on the platform and the integration data connector you have. If you factor in the entire setup of SOC services, it can take a while. It depends on the number of users, the licenses, and network devices. 

If we're talking about just Threat Intelligence, are they integrating only paid sources, or are they using open source or creating their own Threat Intelligence?  So, taking all those things into account, it takes a fair amount of time to get everything up and running in terms of SOC services.  

The overall product is very good. I've worked with multiple operations using Microsoft's security suite, including Defender. Threat Intelligence is nice. It's flagged numerous security vulnerabilities, even some zero-days. Comparing it to other solutions, it often outperforms. 

Overall, I would rate the solution a nine out of ten.

Improvements could be made in updating and transitioning to the cloud, enhancing internet security, and aligning with customer requirements. The stability of the solution could be improved.

I have been using the solution for the past ten years.

The solution is generally stable. The stability could be improved.

The solution is scalable. We have 350 users.

The initial setup was straightforward. The deployment process involves licensing, deployment services, engaging with the customer to finalize the design, conducting training, tuning, and ultimately handing over to the IT team.

The pricing is cheaper compared to its competitors.

I recommend using the solution and rate it an eight out of ten.

The solution provides endpoint protection from malware. 

The product is useful when the end user downloads malware files. 

Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties.

I have been using the product for two years. 

I rate Microsoft Defender Threat Intelligence's stability a nine out of ten. 

My experience with the support team is not good. It takes ages for them to respond. 

I rate Microsoft Defender Threat Intelligence a seven out of ten.