The one stop security shop for the endpoints
November 21, 2023
The one stop security shop for the endpoints
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is being used an EDR and vulnerability management tool for our organization as well as for our clients. The use cases for this tool is primarily includes automating responses to incidents, performing weekly vulnerability assessments and managing endpoint security policies across the organization. We also employ it to set up evaluation labs for specific scenarios occasionally.
- Vulnerability Management is without a doubt one of the most efficient features of Microsoft Defender for Endpoint. It provides enough details about the vulnerability, its impact and the remediation as well.
- The latest addition of 'Endpoint Security Policies' has been a very well thought and insightful feature that relieves the security analysts from the hassle of switching to Intune just for reviewing the endpoint security policies.
- 'Automated Remediation' is a boon to many organizations across the industry that helps in responding to ongoing attacks at machine speed. Microsoft Defender for Endpoint does it quite well in terms of accuracy and quickness.
- Dynamic device tagging feature has been an underrated feature from Microsoft Defender for Endpoint. It is such a reliable and efficient feature that saves a lot of time whether you are dealing with vulnerabilities or incidents.
- While 'Vulnerability Management' is one of my favorite features, I do feel that it has been the same for quite some time and now it should have some integration capabilities to do actions like inform the affected users, or take small actions like updating the OS, sending prompts to devices etc.
- I think most people will agree with me when I say that 'Baseline Assessments' feature should now have more standards added to its inventory. CIS and STIG are the only ones available in this feature without any updates for a long time now.
- Device Discovery while a good feature is appearing to somewhat unstable in nature. It does not provide admins with enough details and any actions to take on the discovered devices.
- Only negative ROI is the costly licenses that can set you back a significant amount in your annual budget especially if you have a 300+ audience group.
- With automated remediation we have seen a tremendous decrease in triage time and even were able to deflect potential attacks in the early stages.
- With device groups, we have been able to customize EDR policies for different user types and hence were able to be compliant more effectively (in a user-friendly way).
- We have been able to manage content filtering very effectively with Endpoint DLP and has proven to be a big positive ROI for us.
- Cloud Solutions
- Integration with Other Systems
- Ease of Use
The depth and quality of logs provided by Microsoft Defender for Endpoint (especially for Windows endpoints) is exceptional and arguably the best in market. Due to this we have been getting very detailed activity timeline in incidents and an accurate software inventory in vulnerability management. While the onboarding process is a little complex, but it completely makes up for the fact that there are a wide array of actions that can be taken directly form the portal on the onboarded devices.
- Vulnerability Management
- Baseline Assessments
- Device Discovery
- Endpoint Security Policies
- Automated Remediation
- Dynamic Device Tagging
- Endpoint DLP
- Web Content Filtering
- Live Response
- Unified integration with Defender for Cloud
- Always remediate PUA
- Device Deception (Preview)
- Download quarantined files
- Evaluation Lab
- Alert Suppression
- Asset Rule Management
- File Content Analysis
- Memory Content Analysis
- Indicators
We currently have more than 200 active devices across the organization. We are a 'Windows' only organization when it comes to internal end user deployments. When it comes to server count, we have a small environment of less than 20 servers containing both Windows and Linux servers deployed in Microsoft Azure.
I found CrowdStrike to be confusing and complex when it comes to managing assets and incidents around endpoints. While it provides quality intelligence, it lacks a more admin-friendly way of presenting that information. Hence, as I have mentioned in the previous points as well, Microsoft Defender for Endpoint solves this problem by a big difference by giving a very intuitive and easy to access options which proves to be super useful especially when time is of essence.
Do you think Microsoft Defender for Endpoint delivers good value for the price?
Yes
Are you happy with Microsoft Defender for Endpoint's feature set?
Yes
Did Microsoft Defender for Endpoint live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender for Endpoint go as expected?
Yes
Would you buy Microsoft Defender for Endpoint again?
Yes