What is Microsoft Defender XDR? What is Microsoft 365 Defender? What is XDR? Microsoft Defender XDR

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys there will be different series on Microsoft Defender for endpoint for office for identity and for cloud apps I will link those playlists in the description box for all of those series the first introduction video is this in this we will learn what are the services provided by Microsoft 365 Defender Suite what is xdr and what is Microsoft Defender xdr let's begin with Microsoft 365 Defender this is a Security package from Microsoft that protects different parts of your digital life like for example your email your computer your applications and your online accounts so this Microsoft 365 Defender provides integrated protection across various Microsoft 365 services so it combines threat protection capabilities from Microsoft Defender for office mdo and then Microsoft Defender for endpoints Microsoft Defender for cloud apps and Microsoft Defender for identity so Microsoft 365 Defender provides these Services now what is xdr xdr stands for extended detection and response so this integrates and correlates data from multiple security tools so it is getting data from many security tools like for example all these security tools and other security sources across an organizations environment XTR goes beyond the traditional endpoint detection and response that is EDR or network detection and response ndr capabilities so before all these security tools were isolated now xdr unifies them because of this you can patents and also act on them faster so you can respond more effectively to security incidents you have more visibility and context to the security incidents and because of that you can respond more effectively and this minimizes the impact of breaches now what is Microsoft Defender xdr so this unifies endpoint email app and identity Security in one place so the xdr solution automatically collects correlates and analyzes data signal threat and alerts from all across your Microsoft 365 environment including these that is endpoint email app and identities it can automatically stop attacks and remediate affected assets so this is a cloudbased solution this is required pre breach that is before breach as well as post breach so what xdr does it coordinates prevention detection investigation and response across endpoints identities apps email collaborative applications and all of their data let's look at an example this is an example from microsoft.com itself this is an example of a fishing attack imagine that an employee in your organization gets a fishing email and it has a malicious attachment and this user doesn't know it is malicious or it is a fishing email so they go ahead and open the mail attachments so there is a malware in this which gets installed which in turn gets the user identity and then the attacker uses that identity to move laterally to I mean to move to other devices assets and get more information sensitive information they start to exfiltrate but now imagine that there is Defender Suite installed Defender Suite in the sense all the services provided by Defender we that is Defender for Office 365 Defender for endpoint Defender for identity and Microsoft Defender for cloud apps first is that there is exchange on online protection so exchange online protection is part of mdo that is Microsoft Defender for Office 365 so exchange online protection can detect the fishing email and once it detects the fishing email it uses flow rules these are also called as transport rules these rules are used to make sure that the fishing email never even goes to the inbox of that employee and then Microsoft Defender for office uses something called as safe attachments you don't have to worry about this right now I will explain it in the later uh videos of these series but for now understand that there is something called as safe attachments in mdo which will test these attachments and determine that it is harmful or not not harmful and if it is harmful based on how you have set up your rules either the user cannot do anything with that uh email attachment or it never gets delivered to this inbox at all and then there is Microsoft Defender for endpoints this is for all the devices so mde detects uh device and network vulnerabilities okay and next there is Defender for identity this gets to know things like privilege escalation or you know if there is any lateral movement that is happening this gets to know any any weakness related to user identity and then there is Microsoft Defender for cloud apps mdca this usually notices anomalous Behavior like for example impossible travel request uh that means suppose say I am in the US I'm trying to log in maybe within 5 minutes or 10 minutes there is another login with my user ID from and so that is an impossible travel so it will alert the admin saying this is happening you can also take actions automatically it can also identify anomalous activities like unusual download you know sharing sensitive files mail forwarding activities all these can be identified using Microsoft Defender for cloud apps so this is how all the services that are provided by Microsoft 365 Defender act when there is an attack now let's look at Microsoft Defender XD architecture so here you can see that the xdr gets the signals from all of the defender components and it combines all these signals to provide extended detection and response capabilities so this includes combined incident q that means there is an incident you will get all the alerts triggered from all of these Microsoft Defender Services in that one incident it combines all those alerts together together and provides it in one incident and then there is automated response to stop attacks you don't have to wait for the admins or analysts to take actions automatically this can be done and then there is selfhealing selfhealing is the ability to automatically detect and remediate security issues without any human intervention and selfhealing is for compromised devices user identities and mailboxes and there is also cross product threat hunting and threat analytics now there is Microsoft Defender for office so like we mentioned before it is going to safeguard your organization against malicious threats posed by email messages email links or URLs that are in the emails and collaboration tools and this shares those signals with xdr and then exchange online protection provides end to end protection for incoming emails and attachments and the next one is Microsoft Defender for endpoint MDI like you can see this is getting the signals from Azure active directory as well as on premise integration of adfc that is active directory Federated services and on premise active directory domain services so it uses these signals to protect your hybrid hbd identity environment uh this can protect against hackers that use compromised accounts to move laterally across workstations in the on premise environments okay and then there is Microsoft Defender for endpoint this is getting all the signals from all the devices then there is Microsoft Cloud app security that is Microsoft Defender for cloud apps this is getting all the signals from your organization's use of cloud applications and it protects data flowing between between your environment and these Cloud applications using this you can also sanction what cloud applications you might want your employees to use also unsanctioned Cloud applications that you think might pose any threat then there is aure AD identity protection this is Microsoft entra ID protection now this evaluates all of those signin attempts that is happening it identifies if there is any risk in those signin attempts and based on this any account access is allowed or prevented you can set up something called as conditional access we will talk about this in the later videos but for now understand that there are something called as conditional access policies which can be configured to allow or prevent account access as per your organization's demand so Azure ad identity protection that is Microsoft entra ID protection is licensed separately from Microsoft Defender xdr okay all of these come can come under xdr uh license but Azure ID ad uh identity protection is different it uh is included with Microsoft entra idp2 and all of these shared signal right that is from all the components of Microsoft Defender xdr can be integrated into Microsoft Cent senel Microsoft Sentinel is the Sim and Source Solution by Microsoft but not only Microsoft Sentinel you can send these signal data to other logging sources and all of that data you can see in the defender portal that is security. microsoft.com you can see the incidents alerts devices emails how to set those policies that we were talking about this is related to all the email policies mdo that is so all of that you can see under security. microsoft.com the defender Microsoft Defender portal so that's it for today guys if you have any questions please leave them in the comment section or if you need me to make videos on any specific topic or tool please let me know in the comment section I hope this video helped you understand what is XTR what is Microsoft Defender XTR what are the services provided by Microsoft 360 65 Defender Suite if it did please don't forget to like subscribe and share our videos that will help us a lot thank you so much for watching I will see you again soon bye-bye

Info

Channel: CyberPlatter

Views: 1,305

Rating: undefined out of 5

Keywords: Cybersecurity, cybersecurity interview, Microsoft Defender for Endpoint (MDE), MDE, Microsoft Defender for Endpoint, Endpoint Detection and Response (EDR), EDR, Endpoint Detection and Response, Microsoft Defender, Microsoft Defender Advanced Threat Protection (ATP), Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP, Microsoft 365 Defender, Microsoft XDR, Microsoft Defender XDR, XDR, Microsoft Defender for Office, MDO, Microsoft Defender for Cloud Apps, MDCA, MDI

Id: YRi7lvuUf6Y

Channel Id: undefined

Length: 12min 10sec (730 seconds)

Published: Thu Apr 25 2024