What advice do you have for others considering Microsoft Defender for Endpoint?

Regarding the automatic attack feature, I don't believe we've really utilized that yet.I believe we've pretty much utilized all the features of Microsoft Defender for Endpoint that were available to us.I don't believe we are using the Security Exposure Management feature of Microsoft Defender for Endpoint.I think Microsoft Defender for Endpoint has helped free up our SOC team to work on other projects or tasks; the portal and the alerts give us a lot of good information that we can act upon very quickly, so we can usually get things diagnosed in about fifteen minutes.I believe Microsoft Defender for Endpoint has helped reduce the mean time to remediation, MTTR; before, we were able to solve it within fifteen minutes or less.Sometimes with deploying some of the rules in Microsoft Defender for Endpoint, that would affect some end users not being able to do certain tasks, so we would have to work with them to make exceptions, mainly around the ASR rules.I would rate this review an eight overall.

My experience managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint involves using role-based access, where the Information Security group has a different view of the environment, separate from the actual local IT teams that are supporting the end-users. This helps both of them, one from an overall management perspective, but also from a local regional perspective, to know the health of the environment in those two different forms. My experience with Automatic Attack Disruption in Microsoft Defender for Endpoint has been pretty good for us, as we have been able to stave off some issues and it has brought them to our attention. It has worked quite well. We have tried to integrate every single thing within Microsoft Defender for Endpoint, but it takes a lot of time and planning because you do not want to just apply the security settings by default. You want to go through a test process; otherwise, you may introduce incidents. I would say that testing it on Microsoft Defender for Endpoint is not difficult; it just requires proper planning when you do a rollout so that you do not cause issues of your own. The integration process has actually been quite good for us. We do use the Security Exposure Management feature in Microsoft Defender for Endpoint. The impact of using the Security Exposure Management feature is that Information Security says, 'You have some items to clean up,' and they assign a lot more work. I would not say it helped free up the SOC team to work on other projects, but it gave them an area of focus to do their jobs better. I would say that Microsoft Defender for Endpoint did reduce mean time to remediation. The licensing for Microsoft Defender for Endpoint has been fine, but I do not know about the pricing that was handled at more of an executive level, so I do not know if that was good or not. I would rate my overall experience with this product as a nine out of ten.

I do not know if I have saved any money by switching to Microsoft Defender for Endpoint. Our Microsoft bill gets bigger every year, and we have to keep adding more licenses because you need an F3, F3 with security, A3, A3 with security, E5, F5, and whatever the licenses are. It is all alphabet soup at this point. All I know is our Microsoft bill is very large, and we just pay it every year. For the price we pay for Microsoft Defender for Endpoint, I suppose it is okay, versus going out and buying a second product that we would have to pay for, because we would still have to pay for the E5s because we need it for everything else. Microsoft Defender for Endpoint has helped reduce mean time to remediation. Being able to isolate the device, once we isolate it, it is kind of remediated for the most part, and then it is just cleanup. That is a feature we did not have with Symantec, so it is a really nice piece to have. Microsoft Defender for Endpoint has the security exposure management feature that provides visibility into what settings and patches are missing. My advice to someone who is looking to implement Microsoft Defender for Endpoint is that if you do not have another solution already, go with it. If you have Microsoft E5 licenses, it is free, so use it. I would rate this product an eight out of ten.

Good describes my experience of managing unified endpoint settings across both security and IT teams with Microsoft Defender for Endpoint. I have no idea how much time was saved. I cannot quantify if Microsoft Defender for Endpoint has helped reduce mean time to remediation, or MTTR. Cost is the factor that led me to consider a change. My advice to another organization that's considering Microsoft Defender for Endpoint is to go for it. I give this product an overall rating of eight.

The experience of managing unified endpoint settings has been straightforward. My experience with automatic attacks includes having many attacks every day. I have created many automations to automatically respond to attacks, which makes it easy for my SOC team to focus on real, bigger problems rather than specific, small ones. Creating this automation is easy and not difficult. I update the automation approximately once a month. If the ecosystem changes, I need to update, add more integration, or make other adjustments, but it is not difficult to update. It did help reduce the mean time to remediation, or MTTR. I rate this solution an 8 overall.

We may be moving away from Microsoft Defender for Cloud because it was not fulfilling our needs, so we may be looking at another product called Wiz. The main difference between Microsoft Defender for Endpoint and Wiz is that they are completely different. It is not a very good example, but it shows that Microsoft Defender for Endpoint, because there are so many different products within the Defender platform, would benefit from having everything within that platform. All of the information could be aggregated and consolidated. However, it seems that Microsoft Defender for Endpoint does a good job of certain things, but when moving to the cloud, we are looking at other products. Wiz is a CNAPP, which stands for Cloud Native Application Protection Platform. Microsoft has their product, probably one of the Defender for Cloud pieces, but we ended up going with Wiz because pricing and the features were just not there. It is completely separate from endpoint security. On a scale of one to ten, I would rate Microsoft Defender for Endpoint an eight. The only thing is that the Linux server administrator said that it does not work too well for him, but we have a way around it, so we are okay. We may not even be using the automatic attack disruption feature in Microsoft Defender for Endpoint, so I am not sure. We do have a lot of CAPs, which are Conditional Access Policies, that take care of a lot of those. We have a managed XDR, so they do a lot of that. I am pretty sure the security exposure management feature to optimize our security configurations is enabled, but I do not know. That piece is managed by my peer. My overall rating for Microsoft Defender for Endpoint is eight out of ten.

Microsoft Defender for Endpoint has helped us immensely, especially with attack disruption, as it has made us faster. The possibilities of tuning alerts, whitelisting alerts, and doing automations have helped us greatly in bringing the number of false positives down, allowing us to focus more on the true positives. Microsoft Defender for Endpoint has great capabilities to automate tasks and enable us to do more with our time.For Microsoft Defender for Endpoint as a solution, I would rate it an eight point five, a strong eight point five, as I think there are still things that can be improved. If I have to round the rating for Microsoft Defender for Endpoint, I would give it a nine, but only because I'm a true advocate and really appreciate it, as I see the potential. I gave it a nine because they only receive full marks if they build the features that I want them to implement. My overall review rating for Microsoft Defender for Endpoint is nine out of ten.

I would describe the experience of managing unified endpoint settings as relatively easy because whatever platform I am leveraging to manage devices, whether they are infrastructure, end-user devices, or mobiles, I can use the same one for management as I can for security. I am essentially unifying that.My experience with any automatic attack disruption is that it can be quite useful. I do need the correct licensing in order to leverage the full automated capabilities, but they are quite good. Beyond that, I have the opportunity to perform investigations and hand it over to my SOC team if I have an internal SOC. I am using the security exposure management feature to optimize my security, which is nice because it collaborates between each of the capabilities of the XDR platform and gives me a holistic view. I can identify vulnerabilities that need to be dealt with, and I can also identify common threats to the organization. Microsoft Defender for Endpoint has somewhat helped to free up my SOC team. I think that is somewhat complex because it can also add additional requirements for the SOC teams directly interacting with the XDR platform, especially if I am using something such as Sentinel. In that instance, I am going to leverage the automation capabilities to then run automated isolation of devices with XDR and endpoint. I am going to free time up, but I am creating new capabilities that need someone to manage them anyway. It can help to reduce remediation time from hours to minutes. The time it saves depends on how much of the automation is being leveraged. If I am fully licensed on Plan 2, and it does the full AIR piece, I get that full investigation. I am saving a lot of time for my SOC analyst because I am removing the need to manually go through and correlate the events. It does save a lot of time if used effectively and at the right license model. I assess the stability and reliability of it by running evidencing exercises against the workspace that supports the product. Using Kusto Query Language, I can correlate the registry key values as expected based on control policy. I can run exercises using some of the Microsoft-hosted tooling that allows me to simulate threats. If I really want to, I could always get someone to do some red teaming exercises against it to check my configuration afterwards. I would rate this product an 8 out of 10.

I would advise another organization considering Microsoft Defender for Endpoint to take a look at it, especially for the cost point if they are already working inside of the Microsoft stack; it is seamless to deploy it, and it works with the other tools. I would rate this product a nine out of ten.

We use a Zero Trust approach according to Microsoft best practices, so we follow the Zero Trust approach of never trust and always verify. I rate Microsoft Defender for Endpoint a ten out of ten.

I would rate Microsoft Defender for Endpoint a nine out of ten. The log search features are difficult. If I don't have visibility into another product, the log search functions of Microsoft Defender for Endpoint are pretty difficult to navigate.

I would rate Microsoft Defender for Endpoint a ten out of ten.

Microsoft Defender for Endpoint is a comprehensive and scalable solution for protecting on-premises and hybrid infrastructure. It provides strong protection and management capabilities. Customers are advised to use this solution for its robust features like advanced threat protection and easy integration with other Azure ( /products/microsoft-azure-reviews ) applications. I rate Defender for Endpoint nine out of ten.

Overall, I recommend Microsoft Defender for Endpoint due to its features and capabilities, which cover more loopholes than other EDR solutions. I rate the solution nine out of ten.

I'd rate Microsoft Defender for Endpoint nine out of 10. I don't give anything a 10, and it's about as good as a nine can get.

I rate Microsoft Defender for Endpoint eight out of 10. While I think highly of it, there are issues with sharing data across tenants, which is a particular request but still affects our satisfaction.

I rate Microsoft Defender for Endpoint eight out of 10.

I would rate Microsoft Defender for Endpoint a seven out of ten. It has effectively improved our security posture, but there are areas where support and usability can be enhanced.

I'd advise others to use Microsoft Defender for Endpoint because it's a good solution with many experts behind it. Additionally, it's compatible and easy to use with Windows environments. I'd rate the solution eight out of ten.

I'm a Microsoft partner. This solution does not make my top five. As far as relatively decent, I'd say they are okay. I'd rate it seven out of ten. However, it's always the number one thing threat actors are targeting.

Overall, I would rate it nine out of ten.

To those evaluating this solution, I would advise first figuring out what your needs are. Figure out what levels of granularity you need in the system to see if it will support your needs. For example, if you have something like department-level control over devices, you might want to look at another system versus a central security solution that controls all devices. Beyond that, make sure your machines have the resources necessary to support the features you turn on in the environment. A lot of the resources in Microsoft Defender for Endpoint can be shut down for slower machines and older machines. I would rate Microsoft Defender for Endpoint a solid nine out of ten.

Microsoft Defender for Endpoint helps us save time since we don't have to keep a separate semantic console. We can see the threats as soon as they come in. Our security team gets notifications. I rate it an eight out of ten.

I rate Microsoft Defender for Endpoint nine out of 10.

The product's threat intelligence prepares us for potential threats and helps us take proactive steps. Its vulnerability management feature is important to us. Microsoft Defender for Endpoint has improved our security posture by giving visibility to our endpoints and vulnerabilities. The tool helps us save months per year. It also helps us save money in manhours. Microsoft Defender for Endpoint has reduced our time to respond and time to detect by a large margin. We chose the product because we already use Microsoft products, and it better integrates with them. I rate it an eight out of ten.

I would rate Microsoft Defender for Endpoint six out of ten. The support and product development team need to improve. We have deployed Microsoft Defender for Endpoint across the globe on all of our endpoints. Microsoft Defender for Endpoint updates itself so there is no need for maintenance. It is advisable to always exercise patience with technical support and occasionally guide them in the right direction. Otherwise, they may become overly focused on irrelevant logs. Additionally, it is crucial to always have a contingency plan in place in case Microsoft Defender for Endpoint encounters unforeseen challenges. The effectiveness of both best-of-breed and single-vendor security suite methodologies hinges on seamless integration. When products integrate effectively, they provide a unified view of the security landscape, enabling comprehensive monitoring and threat detection. A SIEM, XDR, or similar tool can serve as this centralized dashboard, providing a single pane of glass for security operations. By centralizing visibility and streamlining response times, organizations can effectively achieve their information security analysis and response objectives.

The solution provides us with clear visibility. We have a clear dashboard analysis, and we don't need to worry about the changes we need to make as it gives a clear solution for us. Threat hunting is the best feature that gives the response to any event happening. The solution helps me prioritize threats across our enterprise because I'm able to map all the devices across my enterprise. It is improving my security score compared to the earlier one. Compared to our earlier endpoint protection solutions, we have a good edge over the mapping we have with Microsoft Defender for Endpoint. Any new devices getting added to our ecosystem are getting secured in a better way. We use more than one Microsoft security product. We have integrated all of these products, and it was easy to integrate them. The integrated Microsoft security solutions work natively together to deliver coordinated detection and response across our environment. This is very important for us because we follow a framework where protection, detection, response, and recovery have to happen in a seamless manner. Microsoft security products give visibility into the information about the latest threats happening across the globe. This gives us awareness and helps us to be well-prepared before the attacks. We use Microsoft Defender for Cloud, and we make use of its bi-directional sync capabilities. Microsoft Defender for Endpoint has both on-premises and cloud capabilities. We use Microsoft Sentinel, which enables us to ingest data from our entire ecosystem. We have different types of endpoints. The ingestion of data gives more data and more credibility to the logs, which makes my environment more secure. MS Sentinel enables us to investigate threats and respond holistically from one place. It provides vulnerability management and threat detection so that we'll be able to see different logs and parameters. Normally, the threat collection, detection, and response are very much important for an organization. MS Sentinel’s built-in SOAR and UEBA are different higher-end functionalities with artificial intelligence that provide a secure environment for any platform. It can analyze more volumes of data. Compared to MS Sentinel, SOAR solutions are more costly. Our Microsoft security solution helps automate routine tasks and help automate the finding of high-value alerts. It gives us a clear investigation report to find the RCA appropriately, thereby speeding up our response time. Our Microsoft security solution has helped eliminate having to look at multiple dashboards and given us one XDR dashboard. I can integrate all my security parameters into one dashboard, and looking for the management review is easy for me. The solution’s threat intelligence helps prepare us for potential threats before they hit and to take proactive steps. It alerts me immediately from which IP the threat is coming so that I can block that respective port immediately and prevent it from entering my network. Our Microsoft security solution has saved us time by making the operations faster and reducing the response time. The solution has saved me almost 15 days in a month. Our Microsoft security solution has saved us money by providing a single integrated solution and eliminating the need for different security solutions. The solution has decreased our time to detect and respond. The solution has enabled me to act quickly on any issue before it hits me. Microsoft Defender for Endpoint is a one-stop solution for your protection, and it gives overall visibility of your endpoint devices. You can easily add on the devices whenever the enterprise is growing. With Microsoft Defender for Endpoint, you can club your endpoint protection, email protection, network protection, and application protection and ensure they are in good hands. We can handle anything regarding security operations, investigations, or complaints from a single point. Overall, I rate Microsoft Defender for Endpoint a nine out of ten.

I rate Microsoft Defender for Endpoint an eight out of ten. We also utilize Defender for Cloud. Defender for Cloud is employed specifically for the Azure product. If we have servers deployed within Azure, the system handles alerting, traceability, and security. Therefore, we certainly use it. We have three locations where Microsoft Defender for Endpoint is deployed. One is in Australia, another is in Qatar, and the third is in India. Consequently, we employ approximately two hundred personnel. No maintenance is required for Defender for Endpoint on the customer's end. A single-vendor security solution approach is better than a best-of-breed strategy. We all are using Microsoft laptops and OS. I recommend completing a POC before adapting Microsoft Defender for Endpoint.

I rate Microsoft Defender for Endpoint nine out of ten. Microsoft Defender for Endpoint is indeed a commendable product. However, despite its implementation, we should consider the integration of other security products. This is due to the escalating variety of cyberattacks prevalent today. While Windows consistently issues patches to update its existing products, I propose the adoption of a dual-product approach within our infrastructure. This approach aims to preempt eleventh-hour security breaches. By juxtaposing and scrutinizing the attributes of different solutions, we can better comprehend their nuances, specifically at the feature level. The pivotal factor lies in how adeptly a solution identifies and mitigates potential threats. Therefore, I advocate for the incorporation of two distinct solutions within our infrastructure. This strategy is poised to yield heightened efficiency, effectively mitigating the risks of both security breaches and data breaches.

I give Microsoft Defender for Endpoint an eight out of ten. We currently have around 6,000 Microsoft Defender for Endpoint users in our organization. We have a team called InfoSec Operations that handles maintenance and consists of approximately five people. I recommend Microsoft Defender for Endpoint for larger organizations, and they should undergo training if they intend to use it in conjunction with Microsoft Sentinel, as it is a complex tool compared to others like QRadar. For smaller organizations, I suggest using Splunk, which is a reliable solution. Microsoft Defender for Endpoint is a viable solution, but it does have limitations when it comes to other operating systems. I would not recommend this solution for an organization that operates in a Linux-based environment.

I would rate Microsoft Defender for Endpoint a seven out of ten. The solution is stable, easy to deploy, and scalable. However, threat detection could use some improvement. Our organization is a cybersecurity company, and after using Microsoft Defender for Endpoint for one year, we found that it lacked features such as endpoint detection and response. Additionally, it was weak in certain areas, like detecting a set of malware and providing email protection. As a result, we started exploring other solutions, even though they may be more costly.

Defender for Endpoint doesn't really help to prioritize threats across the enterprise. It's more of a basic threat protection solution. It's more of a reactive approach, once something hits. With a single vendor, it's much easier to detect alerts and threats beforehand. Having a single vendor helps. I would recommend Defender For Endpoint. If you are using other Microsoft products, together, this is a better security solution.

I rate Microsoft Defender for Endpoint a nine out of ten. If someone asked me whether a best-in-breed or single-vendor strategy was better, I would say there's no right or wrong answer. It's better to use one vendor from an integration perspective because it's easier to set up. A single-vendor approach also simplifies support. For example, if you use CrowdStrike, you might be using Splunk as your SIEM. When you open a ticket with CrowdStrike, they will only be able to answer questions about their own products.

I give the solution an eight out of ten. The most cost-effective and user-friendly option for security is a single-vendor security suite. This approach also eliminates the need for multiple integrations. I recommend that organizations avail themselves of Microsoft's trials and demos, and compare Defender with other solutions in their environment to determine the best fit. With a Microsoft E5 license, organizations can access all of Microsoft's solutions and use whatever they need.

I rate the solution nine out of ten, and I recommend it. We use Microsoft Sentinel, and it allows us to ingest data from our entire ecosystem. Sentinel enables us to investigate threats and respond holistically from one place, which is important to us.

Defender for IoT is an add-on to Defender for Endpoint. It's there, but you have to onboard it. I don't really have enough devices, other than my home base, but in a regular business it would find all the switches, routers, security cameras, monitors, printers, modems, and anything else you have attached. With Defender for Endpoint, you need to have an operating system—Linux, Windows, et cetera—to deploy it. A refrigerator or a camera or a security device doesn't really have a Windows-based operating system on which to deploy the agent. So IoT, within Defender, will scan those devices, find them, and let you know that it found them. It does that out-of-the-box with Defender for Endpoint. If you want to see the actual operating system of IoT devices and get alerts that something is out of date or has vulnerabilities, you have to get a subscription to IoT, which I hope to do. There's a lot to learn when it comes to using Defender for Endpoint to automate routine tasks and find high-value alerts. KQL is a structured query language for hunting. If I have data ingestion from M365 logs, Defender for Containers, Defender for Storage, and AWS, Defender for Endpoint or Sentinel will allow me to hook up connectors to pull all of those logs into a "master database" with different tables that contain those logs. There are routines that are already written that say, "If you're looking for this type of an event that started with this application that went to a SQL server that was stored on this server that was accessed from a laptop where the guy went through a browser and went to this particular rogue network," and they access all those tables in that master database. KQL allows me to tap into each of those different tables and correlate like events or like data, and pull it all into an alert or a threat hunt. It's something to master. It's sort of like regular SQL, but there are a lot of tables and schemas and you have to know what the tables and headers and columns and fields are, and then the syntax. It does threat-hunting really well with the canned queries that it has. But if you're looking for something in particular, you need to learn KQL. A SQL Server database admin would know SQL and how to pull data out of tables and do joins, commits, and transaction rollbacks. KQL is on that same level where you have to be an expert in KQL to actually pull all that stuff together. It's quite the learning curve, but there are courses out there that teach you. I've been doing systems administration and engineering server admin things for quite some time, a couple of decades since Windows came out, and a little bit before that. But jumping over into the security space for my home business, and putting all these things together with Defender and Sentinel, has been a learning curve. It has slowed me down a little bit. A while back, security was always an issue for security teams. Now that I'm working on my own company, I'm a one-man show. But at the same time, I know there are a lot of bad actors out there.

Microsoft Defender decreased our time to detect and time to respond. However, we didn't completely rely on one solution. We had other means as well. We used to have another EDR solution as well, and we used to run both together. I would definitely agree with a security colleague who says that it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite. For example, if you are a one-vendor customer, the day the vendor gets hit with zero-day or any huge attack, none of your tools or software would work. Your data and other things are also at risk. So, having multiple vendors is good because you'll be covered by different products. Microsoft Defender's threat intelligence helps to prepare for potential threats before they hit and take practice steps, but there was another team that was using the threat intelligence and reporting capabilities to see whether the organization was ready. In my previous organization, we had overall IT support, which was then divided into nearly 20 different teams. We had one team specifically to do one specific job. For prioritization of threats, if I'm not wrong, Microsoft Defender gives you a severity value. I haven't been in the admin part for long, but it gives you a severity value. Based on that, you can prioritize your threats. I would rate Microsoft Defender an eight out of ten.

If you're considering working with Microsoft Defender, the first thing you need to do is an inventory of the infrastructure. We need to know what the client has: how many Windows Servers, how many Linux servers, and how much content. And then you need to know what you want to do with the devices. Some devices are not supported anymore. We need to know which devices the client wants to be covered by Defender. A lot of times, we want to work with Sentinel because it's the best on the market. But Sentinel is more tricky to put that in place. But when you advise a client on security, of course, you propose a lot of solutions, including Defender and Sentinel. You propose the best on the market to improve their security. Usually, they go for Microsoft Defender, but for Sentinel, sometimes it takes time. They say to us, "We don't have the money right now, let's wait two years." On many of my projects, my clients have already worked in the cloud and they want to start working with Azure. That's why Microsoft Defender is a good tool to implement. There are times we advise the client about Sentinel but they already have a SIEM solution like Splunk. Defender for Endpoint does not help us automate routine tasks right now because it's extra work. I know we could put that in place, but often, when we start working with a client in the cloud, we spend a lot of money on that. I know, in the day-to-day operations of the security teams of our clients, they have so much to do and it would be really good to implement automation. We propose it to our clients, but it's up to them to decide if they want to do it. The threat intelligence can help prepare for potential threats before they hit, but this is also something we need to talk to the client about. Sometimes, it's not in our hands. We can propose things to the client, but they have to choose. So far, after proposing these kinds of things to clients, I haven't received their agreement. This part of the solution is really interesting, but it can also be expensive for some clients. It depends on their budget. And in terms of using multiple vendors for security or a single-vendor security suite, in my current company, we generally advise our clients to have different vendors, but it depends on the client. I, myself, am not a risky guy. But a lot of our clients have Microsoft products, and we'll advise them to use Microsoft products. You don't want to go to war with your client. Sometimes, they want to work with a lot of different products, but when you try to do that it can be really expensive because you need to work on the connections between them. I usually advise Microsoft because it's very easy and a lot of clients already have Windows Servers, et cetera. It really depends on each case. It depends on who is paying, who is asking, and what they want.

To a security colleague who says it’s better to go with a best-of-breed strategy rather than a single vendor’s security suite, I would agree. I prefer multiple vendors. I am not in favor of implementing Microsoft products in all areas because, in every domain, there are some specialty products. You should focus on that and see how to make your organization much safer. Every organization claims that it has all the products, but all the products are not good. That's why you have to find out the best one and put it there. I would recommend comparing it with other products and defining what are the most important needs for your organization. You may not require all the features. Microsoft Defender includes a lot of things. Microsoft Defender has its own MCAS solution. It also supports DLP, which is not yet mature. You should see what is required for your organization and then do a testing or PoC on that. Microsoft Defender works well with Microsoft products. You can implement or install it on the Windows platform, but you will have to find another way to track non-Windows platforms, such as Linux platforms or Unix platforms. Similarly, Microsoft Sentinel does the analysis for Microsoft products in a better way, but they are yet to catch up when it comes to non-Windows products. It lacks when it comes to analyzing non-Windows products. It isn't able to identify all the threats properly. The number of false positives is much more compared to other products, but still, Microsoft Sentinel is one of the leading products in the market. It has developed a lot as compared to what we saw one year ago. It enables you to ingest data from your Microsoft environment, but I am not sure about the non-Microsoft environment. This data ingestion is very important. Without ingesting all the logs to your SIEM, you can't monitor the threats. When it comes to security products, they need to be product-independent. In terms of cost, it is almost similar to other products, but it is a little bit cheaper than Splunk. In terms of ease of use, on the Windows platform, it is very easy to use, but it is not so easy for non-Windows platforms. Overall, I would rate Microsoft Defender an eight out of ten.

I would rate this solution as eight out of ten. If you have the money for it, I would recommend the Microsoft security solution. I would recommend a single-vendor strategy if you have the money for it. I believe in defense in depth. Regarding endpoint protection, I think it's better to stick with one vendor. In my previous organization, they had conflicts between MDE and McAfee. McAfee would read MDE as a virus, and MDE would read McAfee as a virus. The problem with endpoints is that if you have more than one solution, each of those solutions will see the other guy as a virus or potential virus. When it comes to endpoint protection, I would go with a single vendor.

If you have a big team, then you can go with a best-of-breed strategy where you have dedicated teams that are looking at your endpoint protection, email protection, network protection, and so on. You may have a SOC team as well that gets the events and incidents from all of the different teams, analyzes centrally and provides a general view from a security operations perspective. In summary, if you have a well-resourced, mature organization, then it may make sense to go for the best-of-breed strategy. However, if you have an organization without a big security team, it makes sense to have a single vendor's suite. At times, it may appear to be a single point of failure, but in terms of management and usability, it's a bit easier to work with and deploy. It will give you some level of visibility that will cut across the different domains. Overall, Microsoft Defender for Endpoint is a good solution, and it'll give you good visibility and protection. It's worth considering, and I will rate it at eight on a scale from one to ten.

I would rate the solution eight out of ten. The infrastructure team has bi-directional sync capabilities set up and running well. It's essential when it comes to having hybrid cloud solutions and cloud solutions from different vendors. Various systems need to have seamless communication and shared issue reporting. Microsoft is increasing its data connectors, which is very helpful for ingesting data from different feeds, though some elements aren't fully fleshed out yet. How much data needs to be digested depends on the enterprise; every SIEM tool has a price to pay for how much data is ingested. The simple answer is that Sentinel allows us to ingest a ton of data, and that's vital. If we can't see a threat, we can't detect it and protect against it. Sentinel enables us to investigate and respond to threats from one place, which is very important for us. This is an area Microsoft has improved because we used to have to go to three different portals for our security picture. Now, everything we need to find can be seen in one pane of glass in Sentinel, whether we are looking at alerts or incidents. The comprehensiveness of Sentinel's protection depends on an organization's security program's maturity and capacity to leverage the solution. There's room for growth, but Microsoft is making good strides in the machine learning and AI portion of its product. The setup and fine-tuning of the tool play a significant role in how smoothly SOAR operates and whether it fulfills an organization's specific requirements. The default playbook may not fit with needs precisely, and staff with knowledge of Kusto Query Language are necessary for fine-tuning. A certain level of expertise is required to leverage Sentinel's sort and machine learning capabilities fully. I don't know how much Sentinel costs as I don't see the bills, but the biggest standalone SIEM and SOAR competitor is Splunk. Splunk does a better job but is also much more expensive; people often complain about the cost. I can't compare the value and pricing of the two as I need to know precisely how much they cost. Splunk is supposed to have changed its pricing model to become more affordable recently, and I wonder if Microsoft did the same with Sentinel. However, because Sentinel integrates with other solutions an organization may already use if they're a Microsoft shop, it makes it worth the price. When it comes to a best-of-breed versus a single vendor security suite, it depends on the people higher up in the organization and usually comes down to cost. Everyone wants the best of the best, but only some companies are capable or willing to pay for that because it can be costly. Microsoft is trying to provide a pricing model that encourages customers to use a suite that seamlessly integrates with Windows and server OSs and increases integration with Linux and Mac OSs. That can provide a better ROI than getting the best of the best but having limited visibility and integration with other tools and the network. Microsoft leverages the security suite model as its selling point, and it's working for them. I advise potential customers to read up on the community boards and look into their specific needs. Defender for Endpoint is a good competitor for those looking for an EDR solution, and for those looking for a complete security suite, it's one of the better choices. The tool is competitive, but there are other choices if a company wants the best. Microsoft Defender for Endpoint is in the top three, only considering EDR, but for those looking for a line of products to protect their company and thereby make some savings, it's one of the premier choices.

Your use cases, how your organization is configured, and what your infrastructure is like will determine whether you go with a best-of-breed strategy rather than a single vendor's security suite. From a cost perspective, I think it's better to just go with one technology because when you have two technologies in place, there may be conflicts with policies that may result in additional time spent investigating. However, if an organization has a high number of macOSs and they have a lot of Linux servers, they may choose to go with two technologies if Microsoft Defender doesn't provide a complete set of security capabilities. Before you implement the solution, first see what your use cases are and what you're actually looking for. Then, define your environment and what you're going to protect first, whether they be application servers or just endpoints. Then, you can have a detailed discussion with the implementer or vendor. On a scale from one to ten, I would give Microsoft Defender for Endpoint an overall rating of seven.

In theory, the best-of-breed strategy is not secure, and practically, a single vendor's suite is better because there is only one contact. I would recommend trying Microsoft Defender for Endpoint and would give it an overall rating of nine on a scale from one to ten.

I would recommend Microsoft Defender. They are a leader, and they have many deployment use cases. However, it also depends on the requirements of a company. There is no one-size-fits-all. Each company has its own unique requirements. I would rate it an 8 out of 10.

I would advise following those secure scores and watching out as you start to communicate with your user base because you're going to impact applications. To a security colleague who says that it is better to go with a best-of-breed strategy rather than a single vendor’s security suite, my response would be that you got to measure trying to do the integration because with security, to me, bringing that integration together is the key thing. You need to know how quickly you are going to be able to move from your detection to your mitigation. Are you going to turn on things on the firewalls or can you go right to the devices and isolation? The best of the breed is great, but trying to get them all to work together becomes very complex. I would rate it an eight out of ten.

We are not using Microsoft Sentinel. It will create alerts regarding VMs or storage but the cost is very high. Sentinel is not going to help much more when compared with Defender for Endpoint. Sentinel isn't preferable. It only creates alerts. There is not that much impact on the organization if it uses Sentinel also. Microsoft Defender for Endpoint is a very good solution. I recommend using it.

Work on Sentinel. It has a lot of power versus the Microsoft Defender solution.

First, have an understanding of Microsoft's best practices. Second, understand that Defender for Endpoint is part of the operating system. It is not a "bolt-on," like most antiviruses are. There are going to be some differences in how Defender interacts with an operating system, compared to an external solution. Be prepared for that. It helps prioritize threats across an enterprise to some extent, but we haven't delved that deeply into that part of Defender yet. The solution hasn't saved us time but I'll qualify that with the fact that we are in migration, moving to a new system, which is Microsoft, and that always takes more time and effort, as we work through the teething troubles. That is not necessarily a reflection on Microsoft. It's a reflection that anytime you move from one system to another, it takes a while before the teething troubles are smoothed out. If a security colleague said to me that it's better to go with a best-of-breed strategy rather than a single vendor security suite, I would say there are pros and cons. It would have to be a discussion about what they need to achieve and their thoughts on why a particular solution would seem best. On a high level, there are good and bad reasons for all kinds of solutions. Without having a clear understanding of what is trying to be achieved, it's really difficult to say whether one is particularly good or bad.

I would advise comparing it with others. If your environment is mostly Microsoft, it makes sense to use Microsoft Defender as part of your deployment. I would rate it a nine out of ten.

I rate Defender for Endpoint nine out of ten. It's great. I don't have anything negative to say about those technologies. They are serving their purpose.

At the moment, it is one of the best security platforms for endpoint security in the market. It is comparable to SentinelOne in terms of features and functions. It is part of Microsoft's ecosystem. If you need a reliable and secure work environment, and you are bound by GDPR and other standards where you have to take care of your data and prevent breaches and unauthorized access, it is a great solution. The E1, E3, or E5 license contains Defender for Endpoint along with many other solutions. Having just the scanner is not enough these days. You need an overview of your whole environment. You need to make sure that your endpoints are encrypted, they are up to date, and they are correctly using zero-trust relationships for your central services. All these things that you need these days are perfectly implemented in the solutions that Microsoft provides. This is the only way for a company that takes data seriously and has to give a guarantee to customers that data is protected. It is resource-intensive, but you have to take into account that it is not only a file scanner. It is continuously scanning every connection you make on the internet. It is deeply investigating the data that you transport and the connections that you make. It is scanning your files, and it is scanning your software against all kinds of knowledge bases to identify whether there are vulnerabilities in the software that you use. It is a solution that integrates almost everything. It is doing what a central firewall did before, but it is doing that in a distributed way on your device. So, it does so much more than you expect. If you are providing it to your users, you have to take its CPU consumption into account, and you need to provide sufficient CPU power for this. I would rate it an eight out of ten.

My advice regarding Defender is the same for any other security solution: Check what you need, what types of logs and whether you will consolidate these logs in another tool. What type of knowledge will you bring from those tools to create and apply new policies and anticipate security problems? Always check your needs with the business case. Aligning them will help determine what you need to buy. Check inside Defender to see what you need to activate. Every new feature you activate inside the cloud is billed and you need to understand if you really need each feature. Defender has some effect on the endpoint itself but it does not change the user's work processes. It is a single tool on the endpoint to monitor the activities that happen there, but it does not affect the end-user. But you need to understand the limitations. There are some limitations with Defender when it comes to non-Microsoft solutions. But that's not unique to Defender. It's the same with every tool. You need to understand its limitations.

My advice to people looking into implementing Microsoft Defender for Endpoint is to do it very fast because the tool is changing very rapidly, so if you are a novice and you are just learning, what you learn might get changed in the next quarter. Some of the functionality might get changed, so you need to keep up with the changes, and you need to learn quickly and implement Microsoft Defender for Endpoint fast. My rating for Microsoft Defender for Endpoint is seven out of ten.

I'd rate the solution seven out of ten.

I rate Microsoft Defender for Endpoint a seven out of ten.

I recommend this solution and rate it eight out of 10.

I rate Microsoft Defender for Endpoint eight out of 10. It's a cost-effective solution for Microsoft shops.

My advice would be to plan carefully and make sure you take notice of what's coming out because it pushes out a lot of very useful information. It's a matter of having sufficient staff because the amount of information it gives you is phenomenal. If a company doesn't have sufficient resources then any other antivirus might work, but this thing produces so much useful information that if you're implementing this solution it's worthwhile having the staff to deal with it. I rate this product 10 out of 10.

I would recommend this solution to others. I rate Microsoft Defender for Endpoint a nine out of ten.

I would rate this solution 7 out of 10.

I rate Microsoft Defender for Endpoint an eight out of ten.

Microsoft Defender for Endpoint has improved a lot over the years and it is a lot better now. I would recommend this solution to others. I rate Microsoft Defender for Endpoint an eight out of ten.

We've been working with various Microsoft solutions, e.g. Microsoft Defender for Endpoint, Microsoft Azure, etc. Microsoft Defender for Endpoint has been awesome, so far. I wasn't around during the setup of the solution, so I have no idea on how long setting it up took. We have 6,000 end users of Microsoft Defender for Endpoint within the company, and it's being used on workstations, servers, and mobile devices. I'm rating Microsoft Defender for Endpoint nine out of ten. I found it to be a good product. It's a fine product.

I would recommend this solution to others who are interested in it. I would rate Microsoft Defender for Endpoint an eight out of ten.

New users who are leveraging Microsoft can decide if they want to use Defender. It's already there - you can either activate it or not, depending on your preference. It's nice that you have a choice. Many companies find Defender is enough for them, however, if you want more security, you may be able to add other firewalls or security features to your existing infrastructure. I'd rate the solution at a seven out of ten.

If I do recommend it, it will not be solely for security purposes. It is possibly for a first-line security platform, and it is required to build a second, third, and possibly fourth business security layer. I would rate Microsoft Defender for Endpoint a seven out of ten.

I'm using Microsoft Defender for Endpoint for myself and for my clients. I'm a partner of Microsoft. I'm the one in charge of the deployment and maintenance of this solution. My advice to someone planning to use Microsoft Defender for Endpoint is that it's super easy to understand, whether you have no prior knowledge of it, or you want to learn more about it. You can also learn more about security, particularly information security. My rating for Microsoft Defender for Endpoint is nine out of ten.

Defender is an ideal solution for web security. I would rate it as seven out of ten.

Currently, we have not experienced or seen any challenges with Microsoft Defender for Endpoint. Our customers are mostly medium-sized companies. My advice to people thinking about implementing Microsoft Defender for Endpoint is that it is good, in relation to Windows, but if they want to have a holistic product in relation to Linux and other systems, they need to consider other products. I'm rating Microsoft Defender for Endpoint an eight out of ten.

Anyone on Windows 10 Enterprise should choose this solution. It really depends on the volume. You need one senior architect who can just define the entire thing: the device, network configuration, etc. You will also need some Level 1 engineers who need to keep on monitoring the devices and do onboarding. If they are using the latest version of Windows 10, then you can do the onboarding via Intune, Endpoint, etc. My rating for this solution is an eight out of 10.

I rate Microsoft Defender an eight out of ten. I would recommend it to others, but it depends on whether they have their own policy for deploying antivirus products. It's good for some users who have some preferences—who need to follow their security policy or who have some budgeting issues.

I will rate Microsoft Defender eight out of 10 for now, but we need to evaluate it more, especially the virus detection, which still isn't proven. I think we need to evaluate it first. Yes. I wouldn't recommend it for end-users who already have a more capable antivirus solution. But if someone would like to try in a small environment, we can recommend Defender security.

I would recommend Microsoft Defender for Endpoint.

I would recommend this solution. I would rate it a seven out of 10.

I rate Microsoft Defender for Endpoint eight out 10. I would recommend it to others.

We are a Microsoft Customer. I'm not sure if I would recommend the solution to others. It depends on their requirements. It needs to fit a company's use cases. I would rate the solution at an eight out of ten.

I'm a consultant. I primarily work with Microsoft and I do the threat management and check vulnerabilities on the database. I'm looking for something that is not super expensive yet covers vulnerability management and where you can pick the products, and pick alerts, and you get a weekly digest report, just so that we can better manage everything. I work with pretty much all of the 365 products. I'm pretty widely experienced in Defender. I work for a managed service provider. I'm one of the people that's, besides having my Microsoft Azure architecture, Azure security, Microsoft 365 expert level, plus M365 security knowledge. I focus on Azure and M365 security. For Microsoft Defender, the product is cloud-based, therefore it is managed and it's updated constantly. I would advise users to take advantage of Microsoft integrations. I would suggest that they put it all together, so they can use it as a full bundle. I'd rate the solution at a ten out of ten.

My advice would be to start small, don't start a project thinking that it's the best solution, and bowl it out straight away. Take your time. Don't think that you'll be able to incorporate the platform within a month, although that would depend on the size of your business. Take your time, there's no rush, be patient. Because there will always be some problems. I would rate it an eight out of ten.

I rate Microsoft Defender for Endpoint a ten out of ten.

We are customers and end-users. This Microsoft security platform is very much a SAS platform. It's playing together with all the other security products from Microsoft and the company is using the Azure platform to collect the information and to work on the main refine security findings. It's working very well together with the Microsoft Cloud solution for security. It's my understanding that they call it the security graph. It's quite important that they are communicating together. Windows Defender, ATP is delivering a lot of telemetry to that form and correlating it with telemetries. The reason why we have implemented DHCP part is due to the fact that we bought a Microsoft E5 license with a lot of security enhancements. I've only seen it in the implementation and design phase, however, it's pretty good. That said, it's also within the environment of a large company where the processes can be a bit difficult. I'd advise users to integrate it into their security operations center so that they can have the full benefit of the product. I'd rate the solution at an eight out of ten.

The organizations I have worked with that are using Microsoft Defender for Endpoint are mostly small- and medium-sized businesses. Our larger customers are generally not using it. There was a service built within our organization, a service that is very much hooked in with CrowdStrike. If you've ever seen the CrowdStrike products, you'll understand why. They are pretty impressive products. They do some things that help them see malicious activity in near real-time. Can they react to it in near real-time? No. But like everybody, they are trying to find a way to be able to react faster. They just bought a company called Humio, which is a SIEM/SOAR product I referred to earlier that does not store events directly to disk, so it can act on things much faster. Used alone, I would rate Defender for Endpoint a seven out of 10. When integrated with other Microsoft products, I would give it an eight. It really depends on other pieces of the solution for Zero trust to work properly. It won't work well if you deploy it by itself. If you're going to use Defender for Endpoint, you should also use Defender for Identity, Defender for Office 365, and the full gamut, including MCAS and MIP, and then you will need your SIEM/SOAR. It's a long journey. And you had better have done your identity very well. If you haven't, it won't really matter what you throw in place, once they breach your identity plane. That's the most important one. I can put every possible safeguard in place, but if someone gets the keys to the kingdom, I might as well just turn them off.

I would recommend this solution and rate it a seven out of 10.

I would definitely recommend others to go with Defender ATP if they have got the licenses because it can give them a wide range of security controls. It is integrated with Office portals and Microsoft monitoring systems, so they get the sensors from different places. We haven't come across any security threats yet. From the point of view of its theory, implementation, and architecture, Defender ATP and other ATP integrations would definitely help customers in controlling their organization and implementing the best security rules and policies. It hasn't affected the user experience much for our customers. Customers only see the notification pop up saying that Defender hasn't found anything and things like that. I would rate Microsoft Defender for Endpoint a seven out of 10.

In terms of the end-user experience, end-users don't like to be bothered with the virus scan. A virus scan is always annoying for the end-user. An end-user cannot actually configure the antivirus and only gets a notification if something is wrong or some malware is found. That's it. There is not really an end-user experience. The performance of the client is fine with Defender. We are not encountering many performance issues or any serious issues with Defender. When we turned over to Defender, some of the applications that were functioning absolutely flawlessly with McAfee started to have serious performance issues. So, we had to define an exclusion list for some of the processes or applications, but there are always some applications that needed exclusions for McAfee or Defender. I would rate Microsoft Defender for Endpoint an eight out of 10.

If you're looking for anti-virus software, use the one that comes with Windows 10, and save your money. On a scale from one to ten, I would give Microsoft Defender for Endpoint a ten.

When we initially implemented Windows Defender, we were pessimistic about whether it would be good enough. However, it is a pretty mature product now. My advice for anybody who is considering this product is that it's good, and it gets results early. I would rate this solution an eight out of ten.

Make sure you read the documentation and understand what else is required before you get started. I would rate it a seven out of ten. I don't think that another tool is doing anything better, or this one doesn't. It's just about using it and seeing where to find the stuff.

I would recommend my friends and colleagues use Microsoft Defender because it always protects us against ransomware and viruses. In summary, this is a great product. I would rate this solution an eight out of ten.

I would recommend this solution to others. I rate Microsoft Defender Antivirus an eight out of ten.

Defender for Endpoint is marketed as an endpoint detection and response tool, but for others who are looking at onboarding it, they should take it as a holistic tool that provides AV, EDR, and vulnerability management all in one. However, it does not provide very good integration with third parties.

Microsoft Defender for Endpoint is quite good. We haven't really experienced any issues with it. I would recommend Microsoft Defender for Endpoint to other users. Overall, on a scale from one to ten, I would give this solution a rating of eight.

It's pretty good. I would rate this solution a nine out of ten.

Overall, on a scale from one to ten, I would give this solution a rating of nine. Some integration components on Mac should be improved. It should be more stable on Mac. If they fixed this, I would give it a rating of ten.

We are considering moving to another solution, so we are trying to inform ourselves about the other products in the market that will fit our budget and needs. We are trying to see what the competitors offer in the server market. We are looking into ESET NOD32 because we know the product from back in the day. I would recommend this solution. It is free, and it is doing its job for Microsoft Windows Server. It is a good product. I would rate Microsoft Defender for Endpoint a nine out of ten.

I would recommend this solution to others. I have a lot of good things to say about it. We are still navigating through it, and it has been working very well. We will absolutely keep on using it. I would rate Microsoft Defender for Endpoint an eight out of ten.

I have never touched this product. I'm just selling it, and I don't recommend it to anybody as a standalone solution. I would rate this solution a five out of ten.

It's a good solution. I would recommend Microsoft Defender ATP to anyone who is interested in using it. I would rate Microsoft Defender ATP a seven out of ten.

Because of my lack of knowledge or experience with the solutions full capacity, I cannot recommend this solution or offer any advice. I would rate this solution a five out of ten.

I would suggest that if you're already using Microsoft products, then I think it makes sense to go with Microsoft Defender over any other product. I would rate this solution an eight out of 10.

My advice for anybody who is implementing Windows Defender is to purchase the ATP, which is in addition to the version that comes with Windows 10. This will allow you to really get the benefits and manage your organization's endpoints as a whole. This requires a presence in the Microsoft environment, such as a subscription to Office 365 or Azure. I think that people should explore Windows Defender before looking at third-party products. While they are not a pioneer in anti-malware and anti-virus software, they are attacking it and they have a good budget. The advanced threat protection has a large cloud presence in Azure that we can take advantage of, and they update their product frequently. As soon as there is a new threat, they act on it right away. I would rate this solution a nine out of ten.