Microsoft Defender Threat Intelligence OverviewUNIXBusinessApplication

Microsoft Defender Threat Intelligence is the #13 ranked solution in top ATP (Advanced Threat Protection) tools, #16 ranked solution in top Threat Intelligence Platforms, and #21 ranked solution in top Microsoft Security Suite tools. PeerSpot users give Microsoft Defender Threat Intelligence an average rating of 9.0 out of 10. Microsoft Defender Threat Intelligence is most commonly compared to Microsoft Defender for Office 365: Microsoft Defender Threat Intelligence vs Microsoft Defender for Office 365. Microsoft Defender Threat Intelligence is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
Buyer's Guide

Download the ATP (Advanced Threat Protection) Buyer's Guide including reviews and more. Updated: March 2023

What is Microsoft Defender Threat Intelligence?

Gain an unparalleled view of the ever-changing threat landscape. Defender Threat Intelligence maps the entire internet to expose threat actors and their infrastructure. Get the cyberthreat intelligence you need to block an entire attack and keep your organization safe from complex threats like ransomware.

Microsoft Defender Threat Intelligence Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Nim Nadarajah - PeerSpot reviewer
Partner & Director Advisory Services at Cruciallogics
Reseller
Top 20
A native Microsoft solution the provides great ROI and continuously improves its offering
Pros and Cons
  • "They have a very transparent roadmap for the product."
  • "The price point is something they can improve slightly for those who don't have an M 365 E5."

What is our primary use case?

We've used it in many different scenarios, including enterprise and SMB - all kinds of different situations.

It really depends on how people want to receive their threat intel. Most people want to keep it in Microsoft using the Defender console. Some people just ask to fill in Sentinel and integrate it with Azure Sentinel. Some people want those events going into their SIM. We've had all of the above use cases.

What is most valuable?

One of the most valuable aspects is that Defender is a native Microsoft solution. 

You own your own data. With CrowdStrike and Rapid7, and other products, your log data leaves your tenant, it goes into their system, and they produce the analysis on their technology. Therefore, although you're running the agent instead of giving them the signals, you're really giving up a lot of your data for their own personal gain. Defender's biggest competitive advantage is that your data stays within your tenant, and you own it.

It naturally keeps getting better and better. They have a very transparent roadmap for the product. We don't have any concerns or complaints. Defender exceeds expectations, especially for someone who's flipping from CrowdStrike or Falcon XR. This is night and day.

What needs improvement?

We have Microsoft bias. We generally don't have any significant negative feedback or improvement points around Defender, EDR and CMDR platforms. It does a good job across the board. 

The price point is something they can improve slightly for those who don't have an M 365 E5. I believe it's a $2.80 cents add-on. In Canadian, that's expensive. If they can drop it to a dollar, for those who don't have M 365 E5, they're going to open up market share and increase affordability for an entire market segment in the medium business category. Other than that, we have no major negative feedback.

For how long have I used the solution?

We've been a security company since 2007. Since the day Defender was born, we've been dealing with it.

Buyer's Guide
ATP (Advanced Threat Protection)
March 2023
Find out what your peers are saying about Microsoft, Anomali, Palo Alto Networks and others in ATP (Advanced Threat Protection). Updated: March 2023.
688,618 professionals have used our research since 2012.

What do I think about the stability of the solution?

I have not met a more stable product before.

What do I think about the scalability of the solution?

The clients we deal with are big, many with 33,000 to 50,000 endpoints.

It is fantastically scalable. 

How are customer service and support?

We're a premier partner with premier support and we're a Premier Gold Partner. We bought Microsoft Premier Support. We have zero complaints. We pick up the phone a hundred percent of the time and get the help we need.

Which solution did I use previously and why did I switch?

We've dealt with solutions such as CrowdStrike and Rapid7.

How was the initial setup?

You need to have a partner install it. Microsoft is a partner-to-partner-driven ecosystem. It is complex. You need depth and knowledge of understanding of security, as well as Microsoft technology. It's not something you can right-click, install, and go next, next, next, and it just works. And nor should any security product be that way. If you don't know what you're doing, you shouldn't be installing it.

It requires a proper design, and it requires a proper thought process before you can just roll it out.

You have to have a proper implementation strategy and a backup plan. Typically, we like to use SCCM or Intune to push and manage deployments with proper scripts since we're usually uninstalling a Carbon Black or a McAfee or a Symantec while we're putting in Defender. And we're touching servers and users, so we want to minimize the number of times we touch these things. The more times you touch a server, the chances are you will run into a problem. So we like to group our uninstall and install scripts, reboot all at once, and streamline the installation. 

There's a lot of testing that goes on. In an organization with 50,000 endpoints, we're testing 5,000 devices before rolling anything out. The rollout is scheduled. It's complicated. It happens at night. There's a batch. You do them in batches as you don't want to go straight at it. We will turn it on for 5,000 things at the same time. The average implementation for a 200-user company should take between three to four months.

The beauty of Microsoft, if you have a Microsoft environment, is you just need Microsoft people to maintain it. Your existing IT department can keep the product up to date with Patch Tuesday. There is not an out-of-cycle update required. That's what I keep driving home to people, how many third-party products do you want to maintain, patch, secure, troubleshoot, and bug fix for? Pick one platform, put all your eggs in that basket, and do an outstanding job at securing that basket. That's what Defender helps you do.

What was our ROI?

From a client perspective,  the return on investment comes by streamlining on one platform like Microsoft. By eliminating third-party platforms, you save about 62% on your technology or your security budget. Then you also broaden the depth of your security intelligence since Microsoft is the only system with 1.3 trillion security signals daily. You're getting a more comprehensive threat intel, plus you're getting it on a single pane of glass.

What other advice do I have?

We're a Microsoft partner and reseller.

I'd rate the product ten out of ten. 

It aligns with the best practice philosophy of proper security organizations. It is cost-effective. It flattens your threat plane to a single pane of glass. It allows you to manage your environment with a standard, generally available skill set in the marketplace. Therefore, you're saving money on staffing your IT team as well. You get those savings of 62% by moving to an all-in-one Microsoft solution.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Cyber Security Manager at a manufacturing company with 1,001-5,000 employees
Real User
Top 10
Good threat intelligence, straightforward to set up and integrates across the whole Defender suite
Pros and Cons
  • "The user interface is pretty user-friendly."
  • "Technical support could be a bit better."

What is our primary use case?

We primarily use the solution not necessarily from a user point of view. Rather, we use it from an admin point of view. For example, the Log4j vulnerability. Last year, they released threat intelligence information on that vulnerability, put out the protections quickly, and updated their TVM module. It can easily identify what things are vulnerable and what assets you have that are vulnerable to attacks.

What is most valuable?

They seem to be pretty up to date with the latest threats in the world. That's a pretty good aspect.

The threat intelligence piece is pretty good.

The user interface is pretty user-friendly.

The integration integrates across the whole Defender suite, so that's pretty good.

It's very straightforward to set up.

The product scales well. 

What needs improvement?

I cannot recall any issues we've encountered or areas that need improvement.

Technical support could be a bit better. 

Clients might prefer a lowering of the price. 

For how long have I used the solution?

I've used the solution for probably over four years. 

What do I think about the stability of the solution?

The stability has been pretty good. I'd rate it nine out of ten in terms of its reliability. The performance has been great. 

What do I think about the scalability of the solution?

It's very easy to scale as needed. 

We're across the Defender Suite. In terms of analysts that use it, there are five of us.

How are customer service and support?

Technical support is okay. It could be better. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We pretty much use all Microsoft, so not much else is used. We use 

Defender for everything, so Defender for the cloud app, Defender for Cloud, Defender for Android and Defender for IOS, Defender for Identity, and others. We also use Microsoft Sentinel. It's all Microsoft stuff.

How was the initial setup?

The solution is very straightforward. It's easy to set up. 

What's my experience with pricing, setup cost, and licensing?

It's bundled into an E5 license, so it comes with a bunch of other things as well. I'd say it's fairly well-priced.

Which other solutions did I evaluate?

We did compare Microsoft Defender Threat Intelligence with ESET and Kaspersky, among others. Defender is not necessarily better. However, it just suits our security strategy and risk appetite.

What other advice do I have?

We have a partnership with Microsoft.

I'd rate the solution a nine out of ten. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user