What is Microsoft Defender for Endpoint?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys hope you're all doing well welcome back to our channel and in this video i'm going to talk about microsoft defender for endpoints now this will be the first video of the entire series that i'm going to create for microsoft defender for endpoints so the core agenda would be knowing what is this product what is the purpose behind using microsoft defender for endpoints then we are going to talk about where exactly this product has been placed when we talk about m365 defender suit all together okay we're also going to talk about different components that work in conjunction to make sure that the end points are secured and last thing that i'm going to discuss will be the different features that are available with this product now since this is the first video think about this as just an introduction or make yourself familiar with the different terms that exist in this particular product but as we move along with the playlist we'll go deep in terms of understanding how exactly each and every service is working in an isolated environment and how the correlation is working or how this entire product is working in making sure the end points are secured okay now before we go ahead and talk about microsoft defender for endpoints a very quick recap in terms of knowing the naming convention which has been changed for this product over the period of time so when this product was launched it was termed as windows defender atp where atp stands for advanced threat protection then the name got changed to microsoft defender atp and currently this product has been termed as microsoft defender for endpoints but there is one more thing which has remained same and that is the portal to access this particular console or this particular product now security center.when is still available and is accessible if provided you have the right set of permissions to go ahead and access this particular portal and provided you have the right set of licenses but lately what we have seen that microsoft has invested a lot in terms of bringing all the security components into one single console and that product or that portal is termed as security.microsoft.com now there is a setting which is available on securitycenter.windows.com and that's been termed as portal redirection that means if you want all of your admins to work on a one single console which is security.microsoft which not only includes the endpoint protection settings but also the settings uh likewise that belongs to uh microsoft defender for office 365 right so it's like bringing everything into one single console there is a feature termed as portal redirection which is available once that is enabled all of your admins who are signing into securitycenter.windows.com will get redirected to security.microsoft.com now let's talk about what is microsoft defender for endpoints to make it super easy and relatable it's a solution that's available for endpoint security now this could be your domain join pcs this could be the pcs which belongs to users their personal devices now this could be mobile devices this could be linux servers as well as mac devices now there is a very specific reason behind saying this statement that not every platform in every version is supported because there are certain version limitations right when we talk about cross platforms likewise linux servers or mac devices but if i talk about the basic scope yes now all the platforms are covered so if you'll go to the onboarding section which i will show in the upcoming videos most of the platforms are getting listed over there which simply means that you can onboard all these platforms to a defender for endpoints okay but now the question comes why exactly do we use this product or what is the exact purpose now traditional endpoint security solutions were not mature enough and that's why new uh capabilities like edr and threat and vulnerability management and many more were introduced in many of their products as well okay but in a nutshell when we talk about defender for endpoint it's a four stage process that you can do in terms of preventing or in terms of making sure all the endpoints are secure the first one is prevent that means it will show you the right set of information so that you can prevent any attack that's happening in your enterprise when we talk about endpoint layer itself then the question comes how exactly it is happening because it has detection and response capabilities now once any anomaly or once any threat is getting detected on multiple machines you can see it on the console you can actually go ahead and investigate that thread with the right set of tools and last but not the least that you can have a process in place wherein you can define remediation actions likewise automatic remediation or semi remediation now it's a four step process just to make you understand but when we go ahead and when we on board devices and when we'll see some of the simulations in real time things will make a lot more sense so just to summarize microsoft defender for endpoints can help you prevent detect investigate and response to the threats that's happening at the endpoint layer itself by following the right set of practices and right set of insights and all this kind of information is available on security center dot windows.com or security.microsoft.com now let's talk about where exactly it is placed in m365 defender suit so since we know that there are four different products uh that belongs to this particular suit the first one is microsoft defender for office 365 obviously which is there to protect and secure your emails similarly for endpoints we have microsoft defender for endpoints for application at semcas and for identities it's microsoft defender for identity so these are the four different products which exist in m365 defend their suit all together now let's talk about the components of microsoft defender for endpoints now when we talk about any endpoint security solution or any endpoint security product there must be an agent that should exist on a particular device or an endpoint which is actually going to monitor everything that's happening on that particular device then only it can prevent the threats that might occur on that particular device right but since we are talking about microsoft since we are talking about the most adopted operating system as of now all across the globe it's windows 10 the sensor or the agent is already embedded okay so when we talk about windows 10 the agent is already there okay but when we talk about other platforms then you have to install agent or application okay but the question comes what exactly is the purpose of this first component why a sensor is required step number one this sensor is actually capturing most of the information which is relevant from an endpoint security perspective now what do i mean by this that it collects all the behavioral analytics that's happening at the os layer or at the endpoint layer itself likewise monitoring registry changes likewise keeping a track of file hashes likewise keeping a track of what are the processes which are running if there is any malicious entry which has been made or not right now since all this information is already collected the question comes how do we enhance or how do we use this information from an endpoint security perspective or from an endpoint detection and response capability perspective to be very precise in this case all this information which is getting captured from your endpoint is actually being sent to a dedicated tenant that belongs to your enterprise now every endpoint security instance or every microsoft defender for endpoint security instance is a dedicated tenant that belongs to a customer likewise it happens in azure 80 okay or every tenant in fact has a very dedicated security insights just to address a common feature here that the data which is getting uploaded in your tenant is not shared with any other customer or with any other tenant altogether okay so it's a dedicated tenant that belongs to each and every organization altogether so basically what typically happens that all all this information will be collected by sensors and then it will be routed to a specific tenant altogether and then once all this information is received the rest of the part happens under the hood okay but as i've said before that since we're talking about windows 10 and 2019 server edition the agent is there by default but when we talk about the other other editions of windows windows 7 or some older versions of windows server then there is an agent which is required and similarly for ios and android you can go ahead and install the application from the app store for linux and mac also there is an agent available so the first component for microsoft defender for endpoint to work is the sensor that's there on the device itself the next capability is moreover related to the insights part now what do i mean by this that when we talk about enterprises of large scale just think about this as a hypothetical example think about the kind of information or think about the scalability of the data which will get generated when all these devices will report some information to a specific tenant altogether basically what will happen there will be a huge amount of data but the question comes that not all signals or not all the optics which a cloud service is receiving will have some sort of insights or will have some relative information most of the information will be redundant or what should i say not relevant in terms of defining threat intelligence or knowing whether there is any anomaly that exists on the device okay so in this case what will happen all the signals which have some uh relevant information right will be turned into insights in terms of knowing that there could be any anomaly that's happening on a specific device now once there are certain insights which are analyzed the respective alerts has also or must also be shown to admins so that they can go ahead and take actions right so the cloud side of service which helps in doing all this intelligence part or which helps in translating signals into insights by using big data and a lot of other services it's typically termed as cloud security analytics okay that's the second component which exists for microsoft defender for endpoints and then last but not the least is the threat intelligence part itself wherein it's the microsoft security hunters team itself which feed in a lot of intelligence in your tenant or to this particular service so that you can go ahead and take the respective actions all together now this is a very quick or a very brief summary in terms of knowing how the different components of microsoft defender for endpoint works but when we talk about the actual features which are listed or you know on behalf of which microsoft defender for endpoint is the product that can secure your endpoints are these six of them threat and vulnerability management attack surface reduction and next generation protection and point detection and response automatic investigation and remediation and microsoft threat experts now not only this the kind of intelligence which is generated by microsoft defender for endpoints or the kind of telemetry which is captured by microsoft defender for endpoints is also available through apis right and obviously it's it's a kind of a scope that helps you to be a part of the end-to-end microsoft thread protection story as well this is a security product that is protecting one of your layers right now each of this feature which has been listed over here is a very much uh descriptive topic and there will be different dedicated videos for these as well but as of now just remember these terms and just have a thought process in terms of making it relative in terms of knowing how this product is going to work and how it is securing the end points right so this was all about knowing a very small introduction about microsoft defender for endpoints so let's talk about a quick summary of what all we have discussed in this video we have discussed what is microsoft defender for endpoints its components and its features in the next video we are going to discuss about the requirements that you need to get started with microsoft defender for endpoints now if you think that this channel is helping you to learn anything new please feel free to subscribe and share this video with your technical community thank you so much thanks for your time

Info

Channel: Concepts Work

Views: 7,075

Rating: undefined out of 5

Keywords: Microsoft, Security, CISO, Microsoft Security, Endpoint Security, Endpoint Detection and Response, Microsoft Endpoint Security, Azure, Microsoft azure, Threat and Vulnerability Management, Microsoft Threat Experts, MITRE

Id: wRmVq8oS6-U

Channel Id: undefined

Length: 14min 20sec (860 seconds)

Published: Sun May 02 2021