The No.1 way to protect Data, Defender for Business and Premium, MSP’s and businesses looking for better coverage of the ASD Essential 8 with the fewest possible products should look at Microsoft Defender for Business or Business Premium preferably.
This morning a colleague (thanks Ross) sent me this article and it reminded me that we have great capability to lower the risk of cyber breach at affordable costs if done correctly.
Business Premium and Defender for Business are suited to organisations of less than 300 users only, or the first 300 users if your business has more staff, for device count each user can have 5 devices covered.
On the starting blocks today we have…
Two tickets to the Australian Cyber Security Centre ASD Essential 8 from Microsoft to present, on the left we have the solution for businesses looking to just Protect and Detect from cyber breach, and on the right we are adding business productivity and much more complete protection capabilities.
No other vendor can provide Microsoft’s coverage in the security arena, no other vendor can provide as much protection and detection capability and as Microsoft process 8 Trillion telemetry points per day they have a wealth of data available to protect businesses as soon as a threat becomes known.
When looking at capabilities from the traditional cyber security vendors with Endpoint Detection and response solutions, understand where they are strong and what they can/can not provide.
As an MSP your customer is never going to accept a detection strategy when the data was already stolen, this is an important question to ask your clients, “If we implement this EDR strategy, are you going to be ok if you are breached?”, “Will you be blaming us as the MSP for not looking at your security holistically with protection front of mind”? – because unfortunately Endpoint Detection and response does not work that well yet (in 2022).
Microsoft is not good at detecting malware?
Once upon a time this was the case, Microsoft Defender was not great at preventing malware, or detecting after it had allowed the persistent threat to embed itself with no capability to remove! Personally experienced this myself.
Today Microsoft is a leader in Endpoint protection and this direction is not going to change as Microsoft have more telemetry points to collect from than any competitor, unless they are using Google for corporate then this is a different conversation.
Endpoint Detection Response
For Detection alone are two higher efficacy products as evaluated by Mitre Engenuity for the detection and response to simulated attacks from last year – this is important because that is how Machine learning works, using training models of activities that have been seen in the past ….. when it comes to new cyber threats all EDR is hit or miss regardless of product as ML can not be effective at the “unknown unknowns such as Follina.
Detection alone as EDR is not a good early cyber security protection strategy, prevention of cyber attack is key to protecting organisations – like a home with a burglar alarm (Detection), yet the home has no locks (Prevention) on the windows.
Detection strategies can only tell the owner that something has been taken. Prevention is what stops data being stolen/ransomwared/accidentally forwarded/maliciously gathered.
This is Microsofts double punch, Follina for example is not detected by EDR solutions, but as Microsoft Defender comes with Attack Surface reduction rules, Fooling would still be stopped in the wild with ASR running.
The new way to protect Data, Defender for Business and Premium
For ASD 8 Coverage, the Microsoft Business Premium and Defender for Business products have strong coverage. Add to this Office Macro protection, patching of the OS, then the MFA that comes with Azure AD and Microsoft Business Premium or Defender for Business provides a much more complete solution without the cost of competitive solutions, in fact that is 5 of the 8 essential mitigations right there and for the total of 38 many can be covered with one Microsoft license.
|ASD Essential 8 controls (Microsoft Business Premium)|
|1. Attack Surface reduction|
|2. Application control|
|3. Multi Factor Authentication|
|4. Patch Operating Systems|
|5. User Application hardening|
|6. Configure Office Macro settings|
There are many capable solutions available for providing detection of a cyber breach, these are not perfect and not even close to being great. Considering that this is the case detection capability is a poor first or second decision in a cyber resilience program of work towards the ACSC ASD Essential 8.
Concentrate efforts on protection and prevention strategies and Detection will “come along for the ride” as the capability is therein many products already including the Microsoft suite.
If you can not manage security yourself due to resourcing or specialisation then many MSPs will take the Defender telemetry and provide management over top for you. Saving you the staffing requirements to provide this capability yourself.
Please reach out to us here if we can help with your cyber resilience strategies either as an MSP or a client looking for assistance.
Appendix: Microsoft Business Premium
The full feature list of Microsoft Business Premium is below at is accurate as of Jan 2022: