Full width home advertisement

Post Page Advertisement [Top]

We are currently utilizing Microsoft Defender for EndPoint (and basically all other Defender XDR components). I've had calls with CS, SentinelOne, and a few other vendors that utilize Defender.

One of the things that really interests me is the threat hunting component. Defender has a Threat Analytics feature that provides intelligence, exposure per device, and detections/incidents that match the threat profiles. It's never been particularly useful to me, but I've also never had it "sold" to me before. Is it any different than the threat hunting that is included in OverWatch and WatchTower?

Also a slight tangent, but the core services we utilize for security are ZScaler, M365, and Intune. None of these MDR vendors that provide threat hunting, do any hunting with logs generated by third parties. I'm just a cybersecurity layman, but I would think not including network logs in particular would make it vastly more difficult or impossible to find advanced/persistent threats. Is that an incorrect assumption? Do these threat hunting tools actually provide any value when they're looking through a straw solely at their own endpoint logs? submitted by /u/imscavok
[link] [comments]


http://dlvr.it/T9tZdX

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib