Adlumin is a security operations command center that simplifies complexity and keeps organizations of all sizes secure. Its technology and integrations create a platform that obtains security telemetry from across an organization to provide greater insights into security alerts and streamline workflows.
N/A
Microsoft Defender XDR
Score 8.8 out of 10
N/A
Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.
If you don't already have a system in place for anomoly detection, log monitoring, and alerting, you're doing your company a disservice. Whether Adlumin is the best choice for you depends on your budget and technology stack, but overall, Adlumin has been one of the best security purchases made by our company in the last few years, and has paid for itself by automatically preventing and protecting against specific attacks that were non-attacks due to Adlumin stopping them before they could start.
Microsoft Defender XDR is well suited for organizations already invested in the Microsoft Ecosystem - including Microsoft 365, Azure Ad and INTune. For example, in scenarios where you need to correlament the fishing attacks with the closing point behavior and identity agreement, Microsoft Defender XDR does a big task of sewing the timeline of a full attack simultaneously and even automatically removing. This hybrid function is also ideal for the environment, where safety visibility in distance tools, cloud apps and email is important. Microsoft Defender XDR provides centralized insight and response in all these domains without the requirement of many devices. However, it is less suitable in the atmosphere with diverse or non-microsoft infrastructure, such as an organization running a mixture of Linux server, Google work area or third-party EDR tools. Cross-platform support is still developing, and integration of the microsoft ecosystem often requires additional configurations or third-party connectors. For companies of that situation, Microsoft Defender XDR cannot give its full value from the XDR box.
The software uses advanced AI and machine learning algorithms to monitor activities and detect any anomalies immediately, protecting our financial data.
Automated responses to known threats reduce the impact of possible incidents and improve our security posture.
Microsoft 365 Defender easily combines with other Microsoft 365 services and external security solutions, providing a complete and unified security solution.
After an alert has been "Cleared" by internal IT, there should be no further action taken by the SOC team or the AI agent.
When there is an active internal incident or problem with Adlumin, there should be a notice in the incident or on the platform's active issues board about issues that may affect Adlumin agents. This would save people who have to respond a lot of time.
Have not been able to get one forwarder to function properly, despite documentation from a technician and the platform documentation. This is frustrating when a Windows collector option is available but doesn't work at all.
I have noticed some SentinelOne detections do not warrant responses or actions from the Adlumin team. These are usually repeated flags that do not require action, but some do, and some do not. I can't figure out what we reference specifically to determine a response from SOC or AI.
Improved algorithms to minimize false positives in threat detection, reducing the impact on security teams and preventing unnecessary investigations into non-threatening incidents.
Advanced User-Friendly Interface:
Streamlined and intuitive user interface for the centralized dashboard, making it more accessible for security professionals with varying levels of expertise.
Greater Third-Party Integration:
Increased compatibility and integration capabilities with a broader range of third-party security tools
We are pleased with the product and have no plans to look for alternatives. We are deeply invested in Microsoft ecosystem and Defender XDR provides seamless integration to other Microsoft products. For academic institution pricing is also quite affordable. In the contrary, we hope to extend the scope of the product for our entire environment.
A number of integrations were simple to set up and well documented, but a few things were difficult or undocumented yet. Some sections feel over-complicated and others feel way too vague during the setup process. Once the onboarding is finished though, the product is very simple, but there is a learning curve at the beginning.
Overall the UI is modern and OK to use. Attack story is quite nice visual of incident. Advanced hunting supports autocomplete so that helps doing KQL-queries efficiently. The product is quite comprehensive and one can get lost in the vast UI. Learning curve is quite high and navigation is complex. As product also continues to evolve the UI might change somewhat.
In our experience there has been very little downtime for Microsot Defender XDR. For us there hasn’t been any single incident where we needed the product and it was not available.
Most of the time the product is as responsive as you might expect from cloud product. Occasionly the product is little slugish, this has been at most a slight irritation. Reports generate quickly ennough for our needs. We also not have found that Defender XDR slows down systems that it is integrated with
Their support throughout our onboarding of the product was fabulous. They not only took the time to carefully explain to teams not as well equipped with the lingo but explained to the tech team how to teach the other teams to be successful. They never once seemed impatient or annoyed with basic questions and didn’t pretend to know something when they needed to research an answer
Microsoft Provides a good training for the Microsoft 365 Defender and has a good learning paths to learn and take the exams and get your Certifications.
seemless and almost transparent. can be deployed by script if needed so every endpoint on our system get's it. if you have intune it gets dumped on the the endpoint by policy so nothing escapes it
ArcticWolf has been a great product that we have used, but the ability that Adlumin has is extremely comparable for a fraction of the price. There are no hardware requirements with Adlumin, but it still has all of the abilities as ArcticWolf without the overheard. Again, the SOAR actions are a game changer when it comes to automation and immediate action.
Our product in that area, for instance as a security platform and for us it is for the moment really bad point. We started to move in that direction that there is that disconnect from the client management. So if there is some action that needs to be executed detected by security team, there is not an easy way to make that available to the team that is responsible for managing the identities as users, as the devices
Azure cloud provides techical power to scale the product for whole organization. From organizational point of view scaling Defender XDR for various IT teams needs good collaboration and clear norms that all teams must agree to and follow.
We used to be with an MSP before I was hired, and the company spent over 20K per year for that service. With N-Able, we have reduced the cost by over half.
I spend minimal time now patching computers because this is all automated. I sometimes have to patch a couple of machines because I missed a patch, but it has saved me a great deal of time.
I save a great deal of time with Board Reports because they are automatically generated for me each month.
