Tag Archive for: Microsoft

Upgrade to Microsoft Defender ATP.

The endpoint security market is crowded with competition. From Kaspersky to AVG, or McAfee and Norton/Symantec products, there is an entire industry built to suit consumer, prosumer and enterprise markets. As we look into enterprise solutions, Carbon Black, CrowdStrike, Sophos and a few other players make a good case for themselves, but Microsoft has been investing heavily in their security (over $1 billion per year) and has taken the lead with their flagship endpoint detection and response (EDR) tool “Microsoft Defender Advanced Threat Protection” (MDATP): the business implementation of Microsoft Defender.

Microsoft Defender ATP Licensing

MDATP premiered two years ago, but the licensing has always been a point of confusion for many businesses. Until just recently, the only way to get MDATP was a pricey bundled SKU (Microsoft 365 E5 $57/user/month, Windows 10 E5 $11/user/month) or an add-on license (Microsoft 365 E5 Security $12/user/month) that required you to have Microsoft 365 E3 or Office 365 E5 licenses. While these bundled SKUs are a great value for businesses that need the included services, those only interested in MDATP found licensing too complex and often too expensive.

Licensing MDATP just got a whole lot easier as the standalone SKU launched in March for CSPs and Enterprise licensing. MDATP standalone is $5.20 per month, per user on up to five devices or per server. The value is impossible to beat for the quality of the tool, the tightly integrated ecosystem and the added value afforded by the intelligence component of the dashboard. Compared to the industry standard, which is often licensed by endpoint, Microsoft has priced the software per user in order to differentiate and bring immense value to their clientele in the increasingly complex world of antivirus (AV) and EDR. In companies that have an increasingly complex, diverse and connected workforce, this is potentially a huge cost savings over competitors. If you were on the fence before, perhaps it's time to take another look at Microsoft Defender ATP.

 

But Why Choose Enterprise Advanced EDR Tools At All?  

Microsoft Defender ATPThe most important thing to understand about modern AV software is that malware has evolved aggressively over the last decade, but the approach to securing against their attacks has advanced much more slowly. As such, most products balance speed, security and other performance metrics in order to sell the perceived value of security while not really securing users’ systems against advanced threats. Common antivirus solutions are efficient at detecting malicious files on disks, for example, but over the years, more sophisticated threat actors have adapted. In order to successfully deploy malware, threat actors have made wider use of “fileless” malware in order to circumvent traditional AV protection. These advanced payloads run directly in memory without ever dropping an executable file on the disk. 

Since no malware file touched the hard drive, there was not ever a signature on the disk – which is what traditional AV software is scanning for. As a result, even with up-to-date, consumer-grade AV software, these more sophisticated malware attacks remain completely undetected. This is unforgivable in today’s threat environment, and a problem solved by MDATP's active threat intelligence. 

 

Threat Intelligence 

What is more important than a reaction to an attack? On-going intelligence and proactive interception of threats. This is just one area where Microsoft Defender ATP shines by taking an active approach to monitoring systems. Rather than waiting for a threat to appear, the software proactively anticipates attacks by utilizing a wealth of forensic data it has acquired from decades of studying threat actors and their methods. Microsoft Defender ATP engages cloud look-ups to ensure the latest signature updates are considered, in order to anticipate new attacks. The cloud look-up will send suspicious files into secured detonation chambers where they are launched to simulate an attack in the cloud. If analysis identifies a program or file as malicious, the cloud signatures will be updated and made available immediately for all Microsoft Defender ATP clients – pushing them to all endpoints. 

In addition to this sandbox methodology, Microsoft Defender ATP will monitor the user, process and system behavior continuously across protected organizations using their cloud-based, proprietary machine learning technology. An often overlooked aspect of Microsoft’s strength in security is that the Windows Security Research Team benefits from being able to collect the intelligence of over one billion consumer endpoint versions of their antivirus engine and deploy it instantly to Microsoft Defender ATP users. And in this sense, Microsoft Defender ATP has truly become much more than just AV software. It is a globally postured, enterprise tested, cloud-based software as a service (SaaS) tool.   

Industry Comparison 

Flagship Information Technology researcher, Gartner, exists to produce actionable data to be used by consumers and enterprise. They are among the most respected names in the space. In 2019, they reviewed twenty competitors in the End Point Protection (EPP) space, and created a data quadrant to show how they stack up to one another. Microsoft Defender ATP led the pack in the “Leaders” category with the highest “Ability to Execute” among all the competitors. 

Gartner EDR Comparison

Gartner EDR Comparison

More Details 

A big part of the reason Microsoft Defender ATP scored so high on Gartner’s EPP report is the fact that the software covers so many things and takes such a proactive approach!  

  • Multi-layered protection: Microsoft Defender ATP provides multi-layered protection (built into the endpoint and cloud-powered) from file-based malware, malicious scripts, memory-based attacks, and other advanced threats 
  • Threat Analytics: Contextual threat reports provide SecOps with near real-time visibility on how threats impact their organizations 
  • A new approach to Threat and Vulnerability Management: Real-time discovery, prioritization based-on business context and dynamic threat landscape, and built-in remediation process speed up mitigation of vulnerabilities and misconfiguration 
  • Built-in, cloud-powered protections: Real-time threat detection and protection with built-in advanced capabilities protect against broad-scale and targeted attacks like phishing and malware campaigns 
  • Behavioral detections: Endpoint detection and response (EDR) sensor built into Windows 10 for deeper insights of kernel and memory, and leveraging broad reputation data for files, IPs, URLs, etc., derived from the rich portfolio of Microsoft security services 
  • “Deployment” is as easy as it gets by being built directly into the operating system. There is no agent to deploy, no delays or compatibility issues, and no additional performance overhead or conflicts with other products. No deployment and no on-premises infrastructure directly leads to lower TCO. 
  • Contain the threat: Dramatically reduces the risk by strengthening your defenses when potential threats are detected. Microsoft Defender ATP can automatically apply Conditional access to restrict the endpoint from accessing corporate data until the threat was remediated. 
  • Automated security: From alerts to remediation in minutes – at scale. Microsoft Defender ATP leverages AI to automatically investigate alerts, determine if a threat is active, what course of action to take, and then remediate complex threats in minutes. 
  • Secure Score: Watch your security score rise in the Microsoft Defender Security Center as you implement automated and recommended actions to protect both users and data. Microsoft Defender ATP not only tells you that you have a problem, but Microsoft Defender ATP also recommends how to solve it (and track the execution) with Secure ScoreVulnerability and configuration information provide weighted recommendations and actions to improve endpoint hardening and compare the current posture with the industry and global peers for benchmarking. 
  • Microsoft Threat Experts: Microsoft has your back — with Microsoft’s managed detection and response (MDR) service (called Microsoft Threat Experts), Microsoft supports customers’ incident response and alert analysis. Our automated threat hunting service helps ensure that potential threats don’t go unnoticed.  Source: Microsoft 

Unified EDR Across All Your Operating Systems, Microsoft Defender ATP Supported Operating Systems

Microsoft Defender ATP is one EDR solution that can cover all your endpoints, supporting the most common operating systems used in business at no additional cost. Native mobile device support for iOS and Android scheduled for release later this year. As per Microsoft's minimum system requirements, Microsoft Defender ATP will run natively on the following platforms:

Supported Windows versions
    • Windows 7 SP1 Enterprise
    • Windows 7 SP1 Pro
    • Windows 8.1 Enterprise
    • Windows 8.1 Pro
    • Windows 10, version 1607 or later
    • Windows server
      • Windows Server 2008 R2 SP1
      • Windows Server 2012 R2
      • Windows Server 2016
      • Windows Server, version 1803 or later
      • Windows Server 2019
Other supported operating systems
  • macOS (Mac OS X)
  • Linux (currently, Microsoft Defender ATP is only available in the Public Preview Edition for Linux)
    • Red Hat Enterprise Linux (RHEL) 7+
    • CentOS Linux 7+
    • Ubuntu 16.04 LTS +
    • SUSE Linux Enterprise Server (SLES) 12+
    • Debian 9+
    • Oracle Enterprise Linux 7
Coming Soon (ETA 2020)
  • Android
  • iOS

 

The Business 

We have covered the topic of Microsoft’s entire Office Suite in the past, and we briefly discussed the Microsoft Defender ATP advantage when we published “PLEASE DON'T ZOOM ME!” 

Here, we will stress the importance of Microsoft Defender ATP, both as a complete integration and as a stand-alone product. Then, we will explain the value of having it deployed by a Tier 1 Cloud Solutions Provider (CSP) and Microsoft Gold Partner such as GoVanguard 

Microsoft Vs Everyone Else

Just Use Microsoft!

First of all, Microsoft has long assumed that products like Microsoft Defender ATP make the most sense bundled into a platform – and it does in most cases – because businesses are utilizing the power of Word, Excel, Teams and the other tools on a daily basis in their current office environments. As such, it was bundled for an extra $11.00 – $57.00 per month (depending on various options) to existing clients with an E5 license through their CSP. However, due to popular demand and some of the increasing incentives provided to Microsoft CSP partners, Microsoft Defender ATP can now be licensed for under $6.00 per user account. And that is another crucial point. The pricing is not per workstation, device or other number of endpoints. Microsoft Defender ATP is available as low as $5.20 at the user account level, which means that it can sync across Windows and MacOS devices, Android and iOS with all of the above mentioned features deployed in 2020.  

It is important to understand that, outside of globally-sized clients on an enterprise scale, Microsoft does not have a direct sales model, and you have choices when it comes to choosing a CSP. GoVanguard is the highest rated and credentialed among all classes of Microsoft CSP standards, and we are a full time information security firm. At the forefront of cybersecurity, we spend our days developing open source security solutions, engaged in red team attack simulations for high value clients, consulting on progressive threat intelligence and contributing to valuable security projects in the open source community. 

Choosing GoVanguard as your Microsoft CSP to license your entire cloud productivity and security solution comes with special benefits because of our unique expertise. Advising on licenses and beneficial features is included as part of our CSP relationship and you get the added benefit of partnering with a security-centric firm that can assist in proactively mitigating common security threats, as well as consult on a wealth of other security, infrastructure and platform parameters within your organization.

If you want to benefit from Microsoft Defender ATP or the any other part of the Microsoft 365 suite, please contact us today to discuss a trial. New to Microsoft? Get started with six months of E1 productivity for FREE!

 

At GoVanguard, we recommend a systematic approach to information security. Carefully and simply implemented security protocols can minimize the risk of exposure to data breaches and the penalties the proceed them. In order to successfully navigate data security protocols during this period of global pandemic, compliance protocols must be in place. That is why we have a rigorous cybersecurity risk assessment and program implementation regimen in place!   

Reach out to us today and see how easy it is to take control of your security and keep your data secure. 

Quick Tips for Secure Cloud Deployment

“Can we move this to the cloud?” This question will continue to increase in frequency for the foreseeable future, as we have seen IT exponentially converging toward cloud Software as a Service (SaaS) over the last several years. While some of the more popular names like DropBox, Salesforce and Google Drive dominate the consumer and “prosumer” branding space, there are more powerful tools like Microsoft Azure (which underpins Microsoft 365 Office Suite and much more) that are increasing in market share for small business and enterprise. 

When your company transitions to a SaaS model, it will be important to consider the security risks since the cloud deployment is at the top of the stack and most typically managed and secured by a third party cloud service provider (CSP). So what is an IT manager or CTO to do? Cloud computing and storage has immense benefits, but how does one vet the various risks and choose the right SaaS solution?

A cloud security checklist!  

  • Evaluate Your Data: Paramount to everything else, IT and security staff must determine what type of data will be stored to the cloud and perform a risk assessment against it. How valuable is the data? What happens if it is lost or stolen? If it is inaccessible for hours/days/weeks what are the specific consequences to the business? As part of this assessment, it is also important to understand and assess the business continuity and disaster remediation practices of the SaaS provider. How long will your company be holding redundant data in house until the SaaS solution is trusted entirely?
  • Ask About Encryption: Know how securely the data is transmitted to the cloud. Is it encrypted during transmission and while stored? Many people will take this for granted, because most data would be transmitted securely by default, but it is important to know the risks and the procedures while taking extra precautions based on your own company’s potential edge cases. 
  • Consider Redundancy: Verify that the data in the SaaS environment is being backed up. How much redundancy exists? What are the provider’s data retention procedures? What are the procedures or fees for extracting data? 
  • Triple Check and Be Prepared: Since your company will not be managing the connectivity, storage, or the applications once they have been deployed to the cloud, it is crucial to understand how the SaaS application is running. Be sure to understand the intimate details of segmentation, resource allocation and security. Depending on your choice of provider and your budget, as well as the provider’s service packages, it may be possible to save money if you do not have to make any changes once deployment has been deployed. This is an opportunity to benefit in the long term by doing sufficient research up front. 
  • Ask About Ongoing Security: Make sure that the data transmission and storage is compliant with modern security standards. Discuss what monitoring the provider has in place, and make sure the client-facing interface supports things like 2FA as a standard practice. Are the submitting themselves to regular penetration testing? What are their internal remediation protocols? 
  • What About Passwords and Authentication? Review the type of authentication that is being used by the SaaS. Credentials, if compromised, could allow access to your corporate network, or other data if not properly segregated. So, make sure that authentication data is not shared between internal systems and the SaaS deployment. Also, as a general practice, make sure that all passwords used to log into the SaaS environment (and everywhere else) are unique, complex and have a lockout feature enabled.
  • Work With a Trusted Partner! While there are a million buzzwords and protocols that can be thrown around in a SaaS sales pitch, the thing that actually matters most is the cloud service provider itself. Nobody can be an expert in running their own business while also being an IT, cloud computing, storage and security expert. Make sure you choose a CSP that has the proper credentials and experience to manage your cloud SaaS environment effectively. 

Choose GoVanguard. A Microsoft Gold Partner and Tier 1 CSP. We offer service and deployment of the entire suite of Microsoft’s offering: powerful, elastic, cost-effective and featuring world class security standards. All Microsoft tools integrate with Office 365, Teams, Defender ATP and the glue that holds it all together: Microsoft Azure. Prices for the entire Microsoft Suite start in the $5.00 range per month. Contact Us to get started.  

At GoVanguard, we recommend a systematic approach to information security. Carefully and simply implemented security protocols can minimize the risk of exposure to data breaches and the penalties the proceed them. In order to successfully navigate data security protocols during this period of global pandemic, compliance protocols must be in place. That is why we have a rigorous cybersecurity risk assessment and program implementation regimen in place!  

Reach out to us today and see how easy it is to take control of your security and keep your data secure. 

Please Don't Zoom Me!  

The COVID-19 quarantine era will be remembered for a handful of interesting themes. After bat soup and face masks in bank lobbies, the meteoric rise of Zoom as the video conferencing app of choice will be long remembered for “Zoom Bombing” and as a gateway for much more problematic malicious attacks. While the software might be good enough for some home usersit is completely unacceptable for institutions and enterprise use.  

In just the last few weeks, Zoom has been found to have multiple zero day exploits allowing root access, an ID numbering scheme that can be easily brute forced with a repurposed “War Dialing” attack and a whole host of other unpatched exploits. While some of these things have been patched in recent updates, the fallout has been terrible with private videos leaked to TikTok and critical data shared across the internet. Respected infosec personality, Arvind Narayanan, has been so blunt as to say “Let’s make this simple: zoom is malware.”  

While there has been a campaign of damnation against the popular video conferencing platform, Zoom and its problems are only a small part of a bigger issue. No business should be using a patchwork of apps for their needs. The massive uptick of employees and students working from home has just shined a light on the problem! Dropbox for file sharingZoom for conferencing, Slack for collaboration, and G-Suite for word processing and spreadsheets… And all of that on top of chains of emails between colleaguesThe hodgepodge approach to business workflow software is confusing for users, and it is simultaneously a productivity, security and compliance nightmare. Each platform has its own update schedule as well as the potential for each piece of the puzzle having its own exploits that compound on each other, and most businesses don’t have licensing, know-how, or the IT and security staff to centrally manage user systems.  

So What Can Be Done?  

As a Tier 1 Microsoft CSP, we recommend taking a giant step away from the mosaic of apps out in the wild to consolidate everything into the only secure, enterprise-ready eco-system that can handle all document processing, cloud storage, team collaboration, group calling, and global security compliance management inside of one platform. Microsoft Office 365 and the accompanying tools are often a less costly platform for businesses as well. Currently, the E1 Office365 Suite is being offered for free for six months including the extremely versatile “Teams” platform, which is why we are strongly recommending the Microsoft suite of services right now 

What is Teams?  

In short, Teams is like Zoom, except that it has enterprise quality security and integrations with the most universal productivity apps in the world. On top of ISO 27001, HIPPA and SOC 2 security compliance, Teams adds in a user-friendly shared workspace for remote workers to communicate and make creative decisions together!  

This Includes world class implementations of the following: 

  • Threaded ChatWhile parts of a conversation can stay in the main thread, specific topics can be threaded.  
  • Channels: The most common topics or company verticals can be turned into collaborative channels. Both threads, channels and all chat functions give users the ability to delegate with the “@” command.  
  • Collaborative Documents: Using Sharepoint, documents can be created in Word, Excel or other applications and shared into Teams where other users can leave notes or collaborate on changes.  
  • Video Conferencing: One of the most valuable ways to collaborate is via group video conferencing with screen share for thousands of users and integrated chat, note-taking and photo/file display for desktop and mobile users.  

 With calendar integration, appointments and global integration, Teams is more like a combination of Slack, Zoom, Hangouts and GoToMeeting with the added benefit of never having to leave the overall Office 365 Teams ecosystem. In fact, a decentralized workforce could manage a large portion of their entire collaborative workflow without ever leaving the Teams environment at all. It is truly the backbone of the Office365 Suite, and it is the closest thing to working in a “real” office for those who work exclusively from remote locations.  

Teams Events 

Another feature of Microsoft Teams is its use as a presentation tool. Rather than having a meeting with open participation and equal privileges for all users, a Teams Event can have presenters, producers and attendees. This allows for multiple presenters to be able to work remotely or together in one space with the guidance of a producer who has control over active cameras or a presentation display working with PowerPoint or Stream 

The attendees can be managed at an organizational level for something like an internal conference, or they can be sorted out by paying members for a virtual trade show. For a more general audience or for doing an open webinar or a public Q&A session, the link can be tailored for anyone to be able to join with a limit of 10,000 participants.  

Oh! And for everyone who still thinks Zoom is just more “fun,” Teams even added background effects for video calls this week on top of being free until January 2021.  

Microsoft's Suite of Tools Also Comes With Several Bonuses!  

While there are plenty of reasons to criticize the “a la carte” approach to business productivity applications, there is a lot more to cover if we focus on the benefits of the Microsoft suite of tools and their benefits. One such tool is the world class end point security platform: Microsoft Defender Advanced Threat Protection (MDATP). A giant step up from traditional antivirus software, MDATP brings in central threat and vulnerability management system to quickly discover, prioritize, and remediate attack vectors and misconfigurations. This allows company security protocols to be enforced on all machines in the field while integrating directly with Microsoft to automate all processes.

Combined with Azure Sentinel, a world class SIEM tool, any company can upgrade its threat detection and response tools witcloud-deployed artificial intelligence; eliminating the need for security infrastructure setup and maintenance. This allows rapid scaling while reducing costs. Azure Sentinel aggregates data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, so that IT and security staff can process millions of records in a few seconds. 

All of these tools integrate with Office 365, and prices start in the $5.00 range per month. In the pursuit of the most valuable office productivity suite, right now Microsoft is truly without a peer, and we ask you to Contact Us to get started.  

At GoVanguard, we recommend a systematic approach to information security. Carefully and simply implemented security protocols can minimize the risk of exposure to data breaches and the penalties the proceed them. In order to successfully navigate data security protocols during this period of global pandemic, compliance protocols must be in place. That is why we have a rigorous cybersecurity risk assessment and program implementation regimen in place!  

Reach out to us today and see how easy it is to take control of your security and keep your data secure.