What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Aug 17, 2022
Increase in Observations of Socgholish Malware
THE THREAT Starting in early August 2022 and continuing through the month, eSentire identified a significant increase in Socgholish (aka. FakeUpdates) malware incidents. Socgholish is a loader type…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Sep 20, 2022
eSentire Recognized as Top Global MDR Provider by MSSP Alert, CrowdStrike and G2
Waterloo, ON - September 21, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), celebrated multiple industry recognitions as the leading global MDR provider, over the last week: Named #9, and the top pure play MDR provider on MSSP Alert’s Top 250 MSSPs global rankingRecognized as the CrowdStrike 2022 Global MSSP Partner of the Year Earned G2’s industry-renowned status…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Sep 22, 2022

Why You Should Take Advantage of Microsoft 365 Defender, the Microsoft 365 E5 Security Suite

8 minutes read
Speak With A Security Expert Now

Over the past 2-3 years, cybersecurity leaders and practitioners have faced immense pressure to keep up with the latest tactics, techniques, and procedures (TTPs) adversaries are relying on to gain initial access into your environment and deploy malware.

Complicating matters further, the shift to work-from-home and hybrid workforces have forced many organizations to adopt cloud-based tools for remote business collaboration and to increase productivity.

Although Microsoft Office 365 continues to be the leading cloud-based software provider for business collaboration, many organizations don’t understand the breadth of cybersecurity capabilities they have access to as part of their E5 licensing.

We see that many organizations and even our own customers often fail to take advantage of Microsoft’s 365 E5 security capabilities. In this blog, we’ll explore the benefits of Microsoft 365 E5’s security stack and why you should partner with an MDR for Microsoft provider to make the most of out of your Microsoft investment.

Why Choose Microsoft 365 E5?

While there are countless cybersecurity tools in the market that all promise the same thing – to protect your business against cyber threats – not many deliver on their promises. In fact, it’s likely that your team is often left with too much data, too many alerts that are left uninvestigated, and an increasing number of false positives that you need to wade through. According to the Neustar Cyber Threats and Trends Report, 39% of cybersecurity teams receive alerts from 7+ tools.

In addition, no matter the size or industry of your business, many of your cybersecurity peers are all facing the same three challenges:

This is where Microsoft Office 365 E5 truly shines. Unlike many other cloud-based productivity tools, Microsoft 365 E5 is a cost-effective solution that will easily scale alongside your business. What’s more, the real advantage of the E5 license is that it comes with Microsoft 365 Defender, a suite of built-in security tools that incorporate its security and compliance functionalities right into the operating system so you can consolidate the best-in-class tools in one ecosystem.

Microsoft 365 Defender allows your team to have the same threat prevention, detection, and response capabilities that you would have needed at least four distinct security vendor tools to fulfill. By leveraging Microsoft 365 Defender, your organization can easily experience cost-savings of 50-60% when compared to the cost of engaging a multi-vendor, best-of-breed security tool stack.

So why do so many organizations fail to take advantage of Microsoft’s suite of advanced cybersecurity tools? This is likely due to two reasons:

What are the Security Features of Microsoft 365 Defender?

Microsoft 365 Defender enables your team to initiate response actions to keep malware from spreading, terminate sessions to prevent adversaries from stealing data, and purge malicious files. Your team is also significantly better equipped to deal with the three most used attack vectors used in real-world threat scenarios: phishing, privilege abuse, and malware.

Using Microsoft Defender for Office 365 to Combat Phishing

According to our latest threat report, Disrupting Initial Access, email has been widely used as a delivery vector by cybercriminals. In 2020, email accounted for 66% of all incidents we saw in customer environments and though its use decreased in 2021, we saw a resurgence of email-based malcode in 2022. Therefore, phishing, and other types of business email compromise (BEC) attacks, are a significant threat to your organization.

Microsoft Defender for Office 365 allows your team to prevent BEC attacks via robust filtering capabilities, identify suspicious content and attack patterns through its AI-based threat detections, automatically purge malicious emails and files, and conduct email-focused threat investigations and threat hunting.

Using Microsoft Defender for Identity Against Privilege Abuse

The 2021 Verizon Data Breach Investigations Report (DBIR) stated that some form of privilege abuse was used in 75% of all breaches investigated in the report. Threat actors often rely on credential theft to obtain admin privileges for lateral movement across your environment to exfiltrate data.

Microsoft Defender for Identity leverages Azure Active Directory so your team can govern and protect user identities:

Most importantly, Microsoft Defender for Identity allows you to get real-time insights all mapped to the techniques listed in the MITRE ATT&CK framework.

Figure 1 Snapshot view of threat detections available to your team spanning the attack lifecycle (source: Microsoft)

Using Microsoft Defender for Endpoint Against Malware Deployment

In addition to using BEC attacks, threat actors are using a variety of techniques such as drive-by social engineering attacks (e.g., SEO poisoning) to deploy malware and ransomware in their victims’ environment. As noted in the Disrupting Initial Access report, eSentire’s Threat Response Unit (TRU) saw a surge in drive-by cyberattacks, from 7% in 2020 to 34% in 2021. It’s clear that cybercriminals are evolving their tactics as necessary to evade email filtering controls and improvements in Phishing and Security Awareness Training (PSAT).

Microsoft Defender for Endpoint allows your team to isolate ransomware, stop data exfiltration, and block hands-on-keyboard attackers by quarantining files, blocking known bad or suspicious hash values, terminating malicious processes, conducting reboots of affected systems, and eradicating cyber threats.

Figure 2 Snapshot view of the how your team can automatically block malware and other cyber threats (source: Microsoft)


“The Microsoft Defender stack is comprised of an endpoint security solution, an identity solution, an email solution, and a cloud security solution,” says Kurtis Armour, Vice President of Product Management at eSentire. “Together, those capabilities encompass everything you need to be able to stop a threat. From phishing and social engineering to lateral movement and initial code execution, the vectors that are exploited in nearly 100% of attacks are covered by Microsoft Security.”

Why Engage an MDR for Microsoft Provider?

Even though the Microsoft 365 Defender arms your team with a suite of high-quality cybersecurity tools, you still need the right expertise to configure the tools properly and manage them 24/7.

The reality is that many cybersecurity teams are still outnumbered against the onslaught of cyber threats and security alerts they face every day. It’s likely your team is experiencing the same pain points:

Herein lies the need for a Managed Detection and Response (MDR) for Microsoft provider. Unlike traditional MSSPs who focus primarily on preventative measures and a birds-eye view of your cybersecurity posture, an MDR provider will get in the trenches with you.

In other words, MDR providers come equipped to take response and remediation actions on your behalf so you can get peace of mind. This is especially beneficial from a Microsoft standpoint since the Defender suite comes equipped with response and remediation capabilities that a team of 24/7 Cyber SOC Analysts can leverage.

Remember, the key difference between response and remediation are the outcomes:

Leverage eSentire MDR for Microsoft to Secure Your Microsoft Investment

Rather than trying to adopt a DIY approach to managing your Microsoft security stack, it’s much more cost-effective to partner with an MDR for Microsoft provider so you can get access to a team of Elite Threat Hunters and 24/7 Cyber SOC Analysts that you can trust.

By engaging an external MDR provider, you can achieve 24/7 visibility across your Microsoft ecosystem, ongoing cybersecurity event monitoring, threat detection and investigation, and complete response capabilities ­– all at a significant cost-savings. When compared to the DIY approach, you can reduce the total cost of ownership for threat detection and response by 50% if you engage eSentire MDR:


Benefits of eSentire MDR for Microsoft include:

Learn how our eSentire MDR for Microsoft can help your team reduce your overall cybersecurity spend and stop cyber threats across your Microsoft ecosystem by booking a meeting with an eSentire cybersecurity specialist.

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.