Please enable JavaScript.
Coggle requires JavaScript to display documents.
Defender XDR Suite - Coggle Diagram
Defender XDR Suite
Microsoft Defender for Office 365
Focuses on email protection
bad links
Can also focus on links found in Sharepoint, Teams, Outlook
Investigation
Hunting
remediation
Sec Ops
Preset Security Policies
Threat Protection polices
Define the appropriate levels of protection for threats
Reports
Threat Investigation and response
Automated
Plans
Plan 2
EOP
Everything from P1
post-breach investigation
Plan 1
Exchange Online Protection (EOP)
stops broad attacks
protects email and collab from zero day attacks
Phish attacks
Microsoft Defender Portal
Combines
response
Common Cards
detection
daily operational needs
investigation
cloud app security
protection
Incidents and Alerts
Creates alert for sus activity
ID assets involved
automated investigation
gives evidence
Hunting
make custom detection rules to hunt for specfic threats
Threat Intelligence
Secure Score
Microsoft Defender Threat Intelligence
triage
incident response
threat hunting
threat information
Microsoft Defender for Identity
malicous insider threats
advamced tjreats
Hybrid Security
Monitor user behavior
permissions
Group memberships
insights on sus
Protect ID in AD
through recommendations, will help protect IDs
Active Directory Federation Services (AD FS)
Detects on prem attacks and show authentication events
ID sus activities
Cyberattack Kill Chain
Compromised Credentials
locate any attemps made to brute force, failed authentication, or change membershos
Lateral movements
Moves laterally inside to gain further access
Reconnaissance
Domain dominance
Provide clear info for quick triage
Focuses on AD data (signals)
Microsoft Defender for Cloud Apps
SaaS solution for cloud apps
Cloud Access Security Brokers (CASBs)
show cloud usage
app based threats
info protections
Sensitivity Labels
Remove external collabs on confidental files
Block downloads to unregistered devices
compliance
SaaS Security Posture Management (SSPM)
allows security teams to improve overall security posture
is connected to Secure Score
Advanced Threat Protection
Adaptive Access Control (AAC)
User and Entity Behavior Analysis (UEBA)
app to app protection
Defends gaps in OAuth
Open standard for token based authen and autho
Allows credentials to be used by third party apps without exposing the pw.
watch for unused apps
monitor credentials
Assess
Identify
Manage
Set Policies to monitor apps
Microsoft Defender for Endpoint
Tech used
Cloud security analysis
translates behaviors into actions in the cloud
Threat Intelligence
ID Attacks and tools and generate alerts based on collected data
Endpoint behavior
collects and process signals from the OS
Endpoint includes
Endpoint detection and response
detect endpoint attacks in real time, get the full scope of the breach, and how to respond
Automated investigation and remediation
Next Generation Protection
Microsoft Defender Anti-virus
Behavior based real time AV
Near instant detection and blocking of threats
Product updates for AV
Microsoft Secure Score for Devices
Attack surface reduction
Reduce attack surface by preventing misconfigs
Microsoft Threat Experts
Core Defender Vulnerability Management
look for endpoint vulnerabilites and misconfigs
Management and APIs
Defender Vulnerability Management
Assess, defend, prioritize critical assets
continously monitor assets to detect risk
Risk based intelligent prioritization
looks at emerging threats and notes what assets are at highest risk
Pinpoints breaches and protects high value assets
Common Vulnerabilities and Exposures (CVE)
Dashboard Insights
Used with Microsoft Defender
Shows exposure score
Endpoint detection and response (EDR)
Remediation
Exceptions
Remediation and tracking
Consildate inventories
Locate misconfigurations