Microsoft Defender Threat Intelligence Reviews

We use the software to scan malware for email attachments by identifying and blocking phishing emails.

The product's anti-spam and malware-scanning features are useful. We scan email attachments, documents, and malicious codes.

The software is expensive.

We have been using Microsoft Defender Threat Intelligence for almost a year now.

The software is stable, similar to Office 365.

We have 400 Microsoft Defender Threat Intelligence users. It is a scalable product. However, the cost increases as we increase the number of users.

We receive technical support services via the integrator as well as the vendor.

The software is deployed on the cloud. The setup requires technical knowledge or assistance from the integrators.

The product generates ROI for securing the company resources at minimum cost. We don't need to employ two to three analysts for this purpose.

It is an expensive product. We purchase its yearly license.

We evaluated a few products before.

I rate Microsoft Defender Threat Intelligence a ten out of ten.

We use Defender Threat Intelligence for threat detection. 

The most valuable aspect is that it just runs in the background. I don't have to worry about its intelligence. It is easy to use. 

I would like for there to be extra confirmation that there aren't viruses. Even if the virus detection software is always running there could be hidden applications that are using the computer. 

I have been using Microsoft Defender Threat Intelligence for three years. 

It is a stable solution. I rate the stability nine out of ten. 

The technical support is good. They are good at fixing any issues we have.

The initial setup is easy. 

The pricing of the solution is good. 

Overall I would rate the solution a nine out of ten. 

We use Microsoft Defender Threat Intelligence for security. It alerts us on anomalies. 

Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations. 

The tool's onboarding of users that use on-premise or hybrid environments needs to be improved. 

I have been using the product for six years. 

I rate the product's stability a nine out of ten. 

Microsoft Defender Threat Intelligence is scalable. My company has 7000 users for it. 

Microsoft Defender Threat Intelligence's deployment is not straightforward. 

We have seen ROI with the product's use. 

The tool is expensive as a stand-alone solution. However, it is not cheap when you purchase it as a bundle. 

I rate Microsoft Defender Threat Intelligence a nine out of ten. 

In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance,  Cisco TALOS is another example. 

We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds. 

In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.

Microsoft collects trillions of signals from all over the world, which is incredibly valuable. It helps us identify zero-day vulnerabilities and global threats. 

The vast amount of threat data that Microsoft gathers globally is a significant advantage. It's built into their protection mechanisms and helps us stay ahead of emerging threats.

One area that can be improved is reducing false positives. They could be more finely tuned. For instance, if we see regular alerts from an IP that isn't malicious, we modify those rules and hunt things to ensure we don't produce more false positives. We do fine-grain the environment. Some procedures could be more refined to reduce these false positives. That's a basic issue I've seen with Microsoft products.

In terms of Microsoft, almost all Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, and Defender for Cloud, all of these are within the Microsoft ecosystem. I work in a complete Microsoft environment. 

So, starting from Sentinel, all these Defender products come together. We also integrate data from third-party products like firewalls. Essentially, we create a SOC scenario to onboard SOC services based on different products or services. 

I typically work on onboarding SOC services for multiple clients, including Cybercon, cloud security personal management, and cloud security assessment, among other things.

Scalability is well-managed in Microsoft Defender Threat Intelligence. It's a built-in service that doesn't require us to handle the underlying infrastructure. When we use it as a service from a public cloud provider, they take care of the infrastructure management. 

If we were to configure it ourselves, we'd need to set up servers, ensure high availability, and enhance security with load balancers and firewalls. 

However, when using managed services from providers, we don't have to concern ourselves with the underlying infrastructure. So, it's a matter of choice. 

If I were to set it up independently, I'd ensure high availability, robust security measures, and efficient load balancing. But if we opt for managed services, there's no need to deal with the infrastructure intricacies. It really depends on our specific needs and preferences.

The customer service and support are a bit hard to reach. It's sometimes really hard to get a hold of them.

Neutral

Setting up the SOC service from scratch requires a great amount of familiarity, experience, and visibility in the cybersecurity space. You need to understand coverage for identity, applications, endpoints, networks, and more. 

There's the task of understanding the umbrella and defining the architecture, whether it's multi-tenant or single-tenant, and how it's user-based. 

It's complex, especially when onboarding from scratch. So, these kinds of things I do on a regular basis, so I would say making the architecture, defining the coverage thing, tune-up the customer environment, and setting up another 24/7 monitoring service. It's a job which requires a lot of experience and skills.

Given the intricacies and the experience needed, I would rate it as an eight out of ten in terms of complexity.

The deployment duration varies. For Threat Intelligence, it also depends on the platform and the integration data connector you have. If you factor in the entire setup of SOC services, it can take a while. It depends on the number of users, the licenses, and network devices. 

If we're talking about just Threat Intelligence, are they integrating only paid sources, or are they using open source or creating their own Threat Intelligence?  So, taking all those things into account, it takes a fair amount of time to get everything up and running in terms of SOC services.  

The overall product is very good. I've worked with multiple operations using Microsoft's security suite, including Defender. Threat Intelligence is nice. It's flagged numerous security vulnerabilities, even some zero-days. Comparing it to other solutions, it often outperforms. 

Overall, I would rate the solution a nine out of ten.

Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing. 

Microsoft Defender Threat Intelligence has stability issues. Microsoft is trying to make everyone switch from Windows 10 to Windows 11. They patch twice a month. 

The tool's scalability is not an issue. We have around 650 users. 

The tool's deployment can be good, but maintenance can be heavy. 

You must first define the risk or threat and use the solution to mitigate them. You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model. I rate it a six out of ten. 

Improvements could be made in updating and transitioning to the cloud, enhancing internet security, and aligning with customer requirements. The stability of the solution could be improved.

I have been using the solution for the past ten years.

The solution is generally stable. The stability could be improved.

The solution is scalable. We have 350 users.

The initial setup was straightforward. The deployment process involves licensing, deployment services, engaging with the customer to finalize the design, conducting training, tuning, and ultimately handing over to the IT team.

The pricing is cheaper compared to its competitors.

I recommend using the solution and rate it an eight out of ten.

The solution provides endpoint protection from malware. 

The product is useful when the end user downloads malware files. 

Having up-to-date documentation and real-time reflections in all portals would be beneficial to keep users informed about any changes. Additionally, the frequent changes in Microsoft's UI and the movement of features between different products in the set pose difficulties.

I have been using the product for two years. 

I rate Microsoft Defender Threat Intelligence's stability a nine out of ten. 

My experience with the support team is not good. It takes ages for them to respond. 

I rate Microsoft Defender Threat Intelligence a seven out of ten.