Hello All
Welcome back to the series of security Operations
This series - Part 5 we are going to cover, Microsoft 365 Defender on Cloud and let us jump on to it.
Microsoft 365 Defender
Cyber security professionals are constantly bombarded with new threats everyday . They are fighting back with advanced security analytics tools,machine learning, and AI tools and also with their own experiences and knowledges
Microsoft 365 defender came in to picture and provide help organisation to prevent, detect , investigate, and remediate the attacks automatically in Microsoft 365 cloud environments
It is an application suite which is integrated with threat detection, and response solutions , it is a automated end user security and prevents the emails, devices, URL's Teams chat, and end points
How Microsoft defender Work basically
M365 defender receives the raw signals data from the below
- user identities
- End Points
- Applications
- Email and Collaboration Tools
- individual Alerts
Then this data is gathered, analysed compared and finally correlated with incidents , It gives the complete view of attacks
M365 defender has advances hunting capabilities, and requires no specific expertise or customisation
Its automatically block the attack / threats , and no specific knowledge to configure in m365 defender
it prioritise the incidents like, high, medium, low, depends on the severity
Auto Heal
It auto fix the incidentals majorly either by resolving or it gives the recommendation of further action from m365 admin end
Say for example : if M365 defender found , if any user account get compromised, it will recommend to change the password of the user identity from the incident reported.
Comments
Post a Comment