Download the ATP (Advanced Threat Protection) Buyer's Guide including reviews and more. Updated: March 2023
Gain an unparalleled view of the ever-changing threat landscape. Defender Threat Intelligence maps the entire internet to expose threat actors and their infrastructure. Get the cyberthreat intelligence you need to block an entire attack and keep your organization safe from complex threats like ransomware.
We've used it in many different scenarios, including enterprise and SMB - all kinds of different situations.
It really depends on how people want to receive their threat intel. Most people want to keep it in Microsoft using the Defender console. Some people just ask to fill in Sentinel and integrate it with Azure Sentinel. Some people want those events going into their SIM. We've had all of the above use cases.
One of the most valuable aspects is that Defender is a native Microsoft solution.
You own your own data. With CrowdStrike and Rapid7, and other products, your log data leaves your tenant, it goes into their system, and they produce the analysis on their technology. Therefore, although you're running the agent instead of giving them the signals, you're really giving up a lot of your data for their own personal gain. Defender's biggest competitive advantage is that your data stays within your tenant, and you own it.
It naturally keeps getting better and better. They have a very transparent roadmap for the product. We don't have any concerns or complaints. Defender exceeds expectations, especially for someone who's flipping from CrowdStrike or Falcon XR. This is night and day.
We have Microsoft bias. We generally don't have any significant negative feedback or improvement points around Defender, EDR and CMDR platforms. It does a good job across the board.
The price point is something they can improve slightly for those who don't have an M 365 E5. I believe it's a $2.80 cents add-on. In Canadian, that's expensive. If they can drop it to a dollar, for those who don't have M 365 E5, they're going to open up market share and increase affordability for an entire market segment in the medium business category. Other than that, we have no major negative feedback.
We've been a security company since 2007. Since the day Defender was born, we've been dealing with it.
I have not met a more stable product before.
The clients we deal with are big, many with 33,000 to 50,000 endpoints.
It is fantastically scalable.
We're a premier partner with premier support and we're a Premier Gold Partner. We bought Microsoft Premier Support. We have zero complaints. We pick up the phone a hundred percent of the time and get the help we need.
We've dealt with solutions such as CrowdStrike and Rapid7.
You need to have a partner install it. Microsoft is a partner-to-partner-driven ecosystem. It is complex. You need depth and knowledge of understanding of security, as well as Microsoft technology. It's not something you can right-click, install, and go next, next, next, and it just works. And nor should any security product be that way. If you don't know what you're doing, you shouldn't be installing it.
It requires a proper design, and it requires a proper thought process before you can just roll it out.
You have to have a proper implementation strategy and a backup plan. Typically, we like to use SCCM or Intune to push and manage deployments with proper scripts since we're usually uninstalling a Carbon Black or a McAfee or a Symantec while we're putting in Defender. And we're touching servers and users, so we want to minimize the number of times we touch these things. The more times you touch a server, the chances are you will run into a problem. So we like to group our uninstall and install scripts, reboot all at once, and streamline the installation.
There's a lot of testing that goes on. In an organization with 50,000 endpoints, we're testing 5,000 devices before rolling anything out. The rollout is scheduled. It's complicated. It happens at night. There's a batch. You do them in batches as you don't want to go straight at it. We will turn it on for 5,000 things at the same time. The average implementation for a 200-user company should take between three to four months.
The beauty of Microsoft, if you have a Microsoft environment, is you just need Microsoft people to maintain it. Your existing IT department can keep the product up to date with Patch Tuesday. There is not an out-of-cycle update required. That's what I keep driving home to people, how many third-party products do you want to maintain, patch, secure, troubleshoot, and bug fix for? Pick one platform, put all your eggs in that basket, and do an outstanding job at securing that basket. That's what Defender helps you do.
From a client perspective, the return on investment comes by streamlining on one platform like Microsoft. By eliminating third-party platforms, you save about 62% on your technology or your security budget. Then you also broaden the depth of your security intelligence since Microsoft is the only system with 1.3 trillion security signals daily. You're getting a more comprehensive threat intel, plus you're getting it on a single pane of glass.
We're a Microsoft partner and reseller.
I'd rate the product ten out of ten.
It aligns with the best practice philosophy of proper security organizations. It is cost-effective. It flattens your threat plane to a single pane of glass. It allows you to manage your environment with a standard, generally available skill set in the marketplace. Therefore, you're saving money on staffing your IT team as well. You get those savings of 62% by moving to an all-in-one Microsoft solution.
