Describe Microsoft 365 Defender-Describe security, compliance, privacy, and trust in Microsoft 365

As shown in Figure 3-19, Microsoft 365 Defender treats security as though it’s divided into four domains: Identity, Endpoints, Apps, and Email/Collaboration Data. On many enterprise networks, the security operations for the four domains are separate, as each of them requires intense scrutiny. So, the people responsible for Identity security might not know about everything happening on the Apps security team.

FIGURE 3-19 The Microsoft 365 Defender security domains

Many enterprises have separate security operations that each function within just one domain, or perhaps two, but none see the whole enterprise security picture. Attacks always begin in one of the four domains, but after gaining initial access to the network, attackers often move laterally between domains, rendering them partially invisible to single-domain detection procedures.

For example, an attacker might trick a user into revealing their password in an enterprise with domain-based security. This compromises the user’s identity and allows the attacker to access the network. The team responsible for identity security might recognize the attacker’s efforts, note the unauthorized access to the network, change the user’s password, and prevent such attacks from happening again, but that is the limit of their brief.

This is because once inside the network, the attacker might have used the stolen identity to take control of an application, thus moving laterally from the Identity domain to the Apps domain, as shown in Figure 3-20. The Apps security people might detect unauthorized access to the application, but they, too, are not fully aware of events outside their domain. This is not neglectful because the amount of incoming signal information to monitor in each domain is huge.

FIGURE 3-20 Lateral attack across security domains

The domain divisions mean nothing to an attacker, of course, but there will never be a complete picture of the current attack or future attacks unless the information gathered by the two separate teams—Identity and Apps—is collated and analyzed together, along with information from the Endpoints and Data teams.

This collation and analysis of information from all four domains is what the Microsoft 365 Defender suite is designed to do. Microsoft 365 Defender consists of a separate application for each of the four security domains, as follows:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps

These separate applications all report to a central Microsoft 365 Defender engine that analyzes the input from the four domains and compiles a composite security picture that covers the entire enterprise infrastructure. Administrators can use the Microsoft 365 Defender portal to monitor and manage the ongoing security processes.

The following sections describe the capabilities of the Microsoft 365 Defender applications.

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.