Organisations are increasingly turning to the cloud to become more agile and efficient.
Many will choose the Microsoft ecosystem and will need to become familiar with its native threat detection and response tools and understand how to extract maximum value from them.
Kroll’s latest eBook, Microsoft Threat Detection and Response: Five Key Pitfalls (and How to Address Them) provides up-to-date insights to enable businesses to level up their cloud security.
Risk vs. opportunity: threat detection and response in the Microsoft ecosystem
The eBook provides recommendations on how to optimise the native security tooling and telemetry in Microsoft endpoint and cloud technology and overcome key challenges. We explore:
- Common security challenges companies face when moving to a Microsoft cloud environment
- How to gain the most value from solutions such as Microsoft Sentinel and the Microsoft XDR solutions, Microsoft 365 Defender and Microsoft Defender for Cloud
- Practical steps to help accelerate threat detection and response across your Microsoft estate
- Insights from a real-life case study
5 key Microsoft threat detection and response pitfalls to avoid
Pitfall 1. Failure to understand where to prioritise with your E5/Microsoft Defender licence
One common pitfall is the lack of certainty among many companies around which Microsoft Defender/E5 products should be prioritised, and which solution they need to onboard first out of Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint and Defender for Cloud Apps.
Pitfall 2. Buying Microsoft Security solutions before understanding how to configure them
Many organisations make the error of committing financially to adopting security solutions before they fully understand the amount of time and level of insight required to optimise them. Failing to ensure that effective configuration is in place in order to identify the right telemetry and activity can cause monitoring to become redundant.
Pitfall 3. Not leveraging response automation and native integrations
Organisations don’t frequently automate response playbooks with on-premise environments because of the negative impacts this can have on more legacy technology which also demands specific on-site forensics. However, as the cloud is both highly accessible and fast-moving, response should be highly automated.
Pitfall 4. Not addressing the costs and complexities of log ingestion
As organisations start adopting Microsoft Sentinel, they can suddenly find themselves overwhelmed with vast quantities of data collected from an ever-increasing number of new data sources. This can significantly increase the costs of log storage and ingestion, leaving security teams with the reactive and risky task of reducing their coverage or having to suppress log collection altogether.
Pitfall 5. Not harnessing opportunities presented by Defender for Cloud
Too many organisations continue to overlook the many advantages of leveraging Defender for Cloud for environments such as Azure and AWS, not least its ability to break down into more granular solutions covering monitoring for SQL, storage, containers, etc.
Download the eBook to view all five pitfalls in detail and key recommendations for addressing them.
Avoiding the risks: what to look for in a Microsoft MDR provider
The eBook also outlines key criteria organisations should keep in mind when looking for a Microsoft MDR provider, including:
Microsoft-certified security specialists
Ensure that the prospective provider’s services are delivered by security experts certified in Microsoft Security competencies such as AZ-500 Microsoft Azure Security Technologies and SC-200: Microsoft Security Operations Analyst.
Microsoft Commercial Marketplace
Check that your prospective provider is in the Microsoft Commercial Marketplace. This makes it easier for existing Microsoft businesses to select and onboard MDR service providers using their existing enterprise plans.
How Kroll can help
Kroll Responder, our award-winning managed detection and response solution, enhances Microsoft’s technology by applying frontline threat intelligence from thousands of cyber incidents handled by our investigators every year, enabling deeper and more effective threat hunting across your organisation’s mailboxes, networks and endpoints. In partnership with Kroll Responder MDR, organisations can maximise the value of Microsoft’s email, cloud and endpoint technology to significantly improve cloud security posture.