Recently I listened to our TechSperience podcast episode about the role of AI in cyber security. In this episode, Jamal Khan, President of Global, Digital, and eCommerce Marketing at Connection, explains various cyber threat scenarios that affect nation states and organizations. He also talks about Connection’s role in helping organizations with risk analysis and mitigation. He goes on to express how we focus on finding the best security solutions, so you can be sure to have a well-protected infrastructure. Microsoft Threat Protection is one of these solutions, and can be a powerful tool in securing your network.
There is an array of security products from Microsoft focused on different areas of your mobile-first, cloud-first environment. Maybe you are already familiar with Microsoft Defender Advanced Thread Protection, Office 365 Advanced Threat Protection, Azure Advanced Threat Protection, etc. Microsoft Threat Protection is the next step in defending your infrastructure. Today, I’ll explain the additional benefits that Microsoft Threat Protection brings when it’s stacked on top of those other Microsoft security products.
What Is Microsoft Threat Protection?
Microsoft already offers a bunch of cyber security tools, and you might be wondering what Microsoft Threat Protection could add. Microsoft Threat Protection is not a bundle of bundles like Microsoft 365. Instead, it’s a security feature in Microsoft Security Center. You can utilize Microsoft Threat Protection at various levels depending on your licensing mix.
Microsoft announced Microsoft Threat Protection in its 2018 Ignite conference. The idea was to bring the benefits of all the different security products from Microsoft under one roof to allow organizations to take a comprehensive approach to their threat defense and mitigation approach.
Microsoft invests over a billion dollars per year in security research and in an array of security services across various attack vectors, such as identities, endpoints, user data, and cloud apps. Microsoft Intelligent Security Graph uses advanced analytics to converge an enormous amount of threat intelligence and security data from Microsoft and their partners across all those attack vectors. Microsoft Threat Protection is built on top of the Microsoft Intelligent Security Graph.
Now, let’s explore what Microsoft Threat Protection means for a security analyst in your organization.
Better Visibility and Coordination
Most of the new sophisticated attacks are not contained within one attack vector. From the perspective of a security analyst, it’s helpful to have a unified view of the attack event during the mitigation efforts. This unified view of the attack event is the first benefit that Microsoft Threat Protection brings to the table. A unified view also reduces the time an analyst spends switching between various security products as part of an investigation. This means the analyst has more time in active remediation. The value is not just in the unified view; it also collects data from the individual apps and stitches them together into a combined incident queue so the analyst can get the full scope of the attack event in real time.
The Use of Artificial Intelligence in Microsoft Threat Protection
Microsoft Threat Protection leverages Microsoft’s AI capabilities beautifully into various aspects of the product. It starts an automatic investigation and initiates an automatic response to threats across attack areas. This reduces the progress of an attack event across assets. Here is an example from Microsoft docs on what this looks like in action: “If a malicious file is detected on an endpoint protected by Microsoft Defender ATP, it will instruct Office 365 ATP to scan and remove the file from all e-mail messages. The file will be blocked on sight by the entire Microsoft 365 security suite.” Microsoft Threat Protection uses AI and security playbooks to self-heal affected assets also. This means by the time the analyst starts looking at the event, the AI has started the remediation steps already. The implications for the use of AI are not limited to automated tasks, saving time for the analyst to use that time for other strategic tasks during an attack event. Microsoft Threat Protection uses AI, where manual efforts are not enough to stop the attackers.
If you were not familiar with Microsoft Threat Protection before reading this blog post, and if the capabilities that I mentioned make you wonder how you could leverage it in your organization, the following section is for you.
How to Get Microsoft Threat Protection
If you are licensed for some of the Microsoft security products, you have Microsoft Threat Protection already. Microsoft announced earlier this year that starting June 1, 2020, Microsoft will automatically enable these features when eligible customers visit the Microsoft 365 security center. Any of the following licenses give you access to Microsoft Threat Protection in Microsoft Security center:Microsoft Defender Advanced ThreatProtection, Office 365 Advanced Threat Protection, Microsoft Cloud App Security, Azure Advanced Threat Protection, Microsoft 365 E5, Microsoft 365 E5 Security, Windows 10 Enterprise E5, Enterprise Mobility + Security (EMS) E5, Office 365 E5Microsoft Defender Advanced Threat Protection, Azure Advanced Threat Protection, Microsoft Cloud App Security, Office 365 Advanced Threat Protection.
Here is the caveat: You need to enable all the supported services that talk to Microsoft Threat Protection to provide it with a comprehensive view of your entire threat landscape, so you should be licensed for those individual apps as well. Or you should have an overarching license, such as Microsoft 365 E5, E5 Security, A5, or A5 Security.
There are always more nuanced licensing compliance issues you would run into when you take an organization-wide approach of protecting your security landscape. Our Security Landscape Optimization team that Jamal mentions in the podcast are your go-to folks. Contact our experts at Connection today if you have any questions—we’re always happy to help.