2022-08-17T15:27:22Z

What is your primary use case for Microsoft Defender Threat Intelligence?

Julia Miller - PeerSpot reviewer
  • 0
  • 12
PeerSpot user
14

14 Answers

DineshKumar25 - PeerSpot reviewer
MSP
2024-02-29T08:08:00Z
Feb 29, 2024

We use the product for endpoint security of machines. It includes threat detection, defining compliance rules, and governance policies. It helps us with extracting reports as well.

Search for a product comparison
AR
Real User
Top 5Leaderboard
2024-02-06T13:29:28Z
Feb 6, 2024

The protection provided by Microsoft Defender Threat Intelligence is robust and effective.

SV
Real User
2024-02-01T11:53:29Z
Feb 1, 2024

The solution provides endpoint protection from malware.

KV
Real User
Top 5
2023-12-01T11:30:00Z
Dec 1, 2023

The solution is used for threat intelligence. The tool enables us to detect potential breaches and react to them proactively. Alerts are sent to our SOC team. Our SOC team investigates whether it's a positive or a negative alert. Depending on the result, a playbook is started.

EO
Real User
Top 5Leaderboard
2023-11-10T11:42:17Z
Nov 10, 2023

We use it to monitor endpoints for threats and duplicates on the server and defend identity and trust.

AS
Real User
Top 5Leaderboard
2023-11-09T15:06:00Z
Nov 9, 2023

We use Microsoft Defender Threat Intelligence for security. It alerts us on anomalies.

Learn what your peers think about Microsoft Defender Threat Intelligence. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Mark Ngeno - PeerSpot reviewer
Real User
Top 5
2023-10-20T08:19:00Z
Oct 20, 2023

We use the software to scan malware for email attachments by identifying and blocking phishing emails.

Oscar Abouchaaya - PeerSpot reviewer
Real User
Top 5
2023-10-03T07:18:37Z
Oct 3, 2023

Threat Intelligence is a modern antivirus XDR solution that we use to protect the environment, identities, data, and endpoints from attacks.

SM
Real User
Top 10
2023-09-29T08:36:00Z
Sep 29, 2023

We use the product to capture the logs, collect data, and understand patterns.

LK
Real User
Top 5
2023-09-06T13:30:25Z
Sep 6, 2023

In terms of threat intelligence, let's take Microsoft Sentinel as an example. We onboard threat intelligence from different sources, such as open-source MISP and AlienVault. We also develop our own threat intelligence signals based on the threats we observe. For instance, Cisco TALOS is another example. We integrate all these threat intelligence feeds into Microsoft Sentinel and create detections based on them. For instance, if we integrate threat intelligence data for specific IP addresses, we create detections to monitor for activity from those IPs. We also conduct hunting based on these feeds. In addition, we use automated tools like VirusTotal and AlienVault OTX to scan entities, URLs, and API connections when incidents occur, providing results on whether they are malicious or safe. These are some of the integration scenarios we typically work on in terms of threat intelligence.

MM
Real User
Top 5Leaderboard
2023-08-10T10:01:56Z
Aug 10, 2023

It can be used as an API solution to sign and send threat intelligence to a security operations center (SOC). This allows the SOC to detect and respond to threats more effectively.

James Selby - PeerSpot reviewer
MSP
Top 5Leaderboard
2023-05-30T10:33:00Z
May 30, 2023

From a threat intelligence perspective, we use Microsoft Defender in conjunction with Azure and the cloud for our cloud-based customers. It helps us defend against various types of malicious code, whether it's through email inbounds or uploaded through USB sticks. It offers a wide range of capabilities.

EG
Real User
Top 20
2022-09-16T10:19:59Z
Sep 16, 2022

We primarily use the solution not necessarily from a user point of view. Rather, we use it from an admin point of view. For example, the Log4j vulnerability. Last year, they released threat intelligence information on that vulnerability, put out the protections quickly, and updated their TVM module. It can easily identify what things are vulnerable and what assets you have that are vulnerable to attacks.

Nim Nadarajah - PeerSpot reviewer
Reseller
Top 20
2022-08-17T15:27:22Z
Aug 17, 2022

We've used it in many different scenarios, including enterprise and SMB - all kinds of different situations. It really depends on how people want to receive their threat intel. Most people want to keep it in Microsoft using the Defender console. Some people just ask to fill in Sentinel and integrate it with Azure Sentinel. Some people want those events going into their SIM. We've had all of the above use cases.

Microsoft Defender Threat Intelligence is a comprehensive security solution that provides organizations with real-time insights into the latest cyber threats. Leveraging advanced machine learning and artificial intelligence capabilities, it offers proactive threat detection and response, enabling businesses to stay one step ahead of attackers. With Microsoft Defender Threat Intelligence, organizations gain access to a vast array of threat intelligence data, including indicators of compromise...
Download Microsoft Defender Threat Intelligence ReportRead more