Item: Microsoft Defender XDR
Rating: 8
Author: Verified User

Overall Satisfaction with Microsoft Defender XDR

Use Cases and Deployment Scope

We use Microsoft Defender XDR in our organization to give us visibility into devices and puts the information into a central dashboard. The alerts let us see how attacks/alerts are connected and can help in filtering out false positives from real attacks. being able to see things in a central dashboard helps with identifying incidents quicker and resolving them.

Pros and Cons

Pros

Centralized dashboard of incidents/alerts
customizable alerting
detailed information about device activity

Cons

easier ability to silence false positive alerts
Too many features that get confusing at times when you have to go several pages deep to find a setting
Labels could be easier to use if they were able to be linked to groups and automatically update when users change.

Return on Investment

increased visibility into device history and status
quicker alerting to suspicious activity
unified single pane of glass for most alerts

Challenges Being Addressed

We have a very small security team and needed a tool to provide more visibility to help protect our organization. total cost was a significant factor and purchasing multiple security tools from different vendors would end up costing us too much and lead to multiple management platforms. Having multiple tools in a centralized dashboard helps to increase resolution time.

Microsoft Defender XDR helped us get most of our tools into one single pane of glass and gave us a cost-effective solution to managing security for our organization. Useful to have multiple tools from a single vendor that offer a wide range of uses.

Automated Response

We currently have automated response enabled for most workstation machines set to automatically remediate most issues. It has the occasional false positive but overall has been useful in preventing some major issues from becoming larger problems by quickly responding to suspicious indicators and stopping them before alerting us about it.

SIEM Connection/Configuration

We have Microsoft Defender XDR data being sent to our SIEM and the information is somewhat useful but I can't think of any actual alerts that have been generated because of the connection. The connection is slightly difficult to configure and has changed a few times over the years of using the product making us have to configure the connection multiple times.

Key Insights

Do you think Microsoft Defender XDR delivers good value for the price?

Yes

Are you happy with Microsoft Defender XDR's feature set?

Yes

Did Microsoft Defender XDR live up to sales and marketing promises?

Yes

Did implementation of Microsoft Defender XDR go as expected?

Yes

Would you buy Microsoft Defender XDR again?

Yes

Likelihood to Recommend

Microsoft Defender XDR has worked well when incidents have happened that sent alerts about users attempting to use malicious tools to circumvent security controls. Some of the features like the ability to contain a machine and restrict its network access have been extremely helpful in an emergency. The ability to see device history on the timeline has been extremely useful when troubleshooting some tricky incidents.

Comments

Please log in to join the conversation