In response to a tide of interest in our service for Microsoft Defender for Endpoint (MDE), we have compiled the following list of “Frequently Asked Questions” (Microsoft Defender for Endpoint FAQ’s) and their answers, which we hope will help broaden your knowledge.
We are particularly pleased to see a wide variety of questions being asked of Cyberseer’s Threat Analysts who are recognised for their expert capabilities in research, monitoring and in-depth investigations. They use insight from Microsoft Defender for Endpoint to provide comprehensive support for our customers and combat targeted threats.
To help you find the answers you are looking for more easily, we have listed the questions here. Just click on the question and it will take you to the answer. If your question isn’t listed, please send it to our Threat Analysts team or schedule a call.
- What is Microsoft Defender Endpoint (MDE)?
- What is EDR?
- How do you deploy the agents?
- Can Cyberseer manage the MDE solution as a stand-alone or do I need other toolsets?
- Can Cyberseer provide an integrated service with MDE for EDR and another security management platform?
- What licenses do I need to buy from Microsoft to utilise the Cyberseer Service?
- Why invest in Cyberseer’s management service for Defender for Endpoint?
- Is Cyberseer able to utilise the response features in Defender for endpoint to respond on our behalf?
- Can you pull artefacts from specific endpoints for investigations?
- Does the Cyberseer EDR service include any threat intelligence or threat feeds?
- Does Cyberseer perform proactive threat hunting?
- Where does the data reside?
- How does Cyberseer ensure its service remains fit for purpose evolving in line with changing TTP’s?
Have More Questions?
What is Microsoft Defender for Endpoint (MDE)?
MDE is a leading EDR solution. It is agent-based and you deploy it to all your devices for protection, detection and response features.What is EDR?
EDR is a market term and stands for endpoint detection and response.How do you deploy the agents?
The agents can be distributed and managed with endpoint management and distribution tools. Microsoft recommends utilising their InTune solution. Although SCCM, group policy and others are available.Can Cyberseer manage the MDE solution as a stand-alone or do I need other toolsets?
Cyberseer can provide a dedicated EDR service utilising the defender for the endpoint toolset. We do not need a SIEM or other Microsoft products to provide detection and response 24×7.Can Cyberseer provide an integrated managed security service with MDE and another security management platform?
Cyberseer provides integrated managed security services with MDE and other detection and response platforms. Examples include MDE & Darktrace, and MDE with SEIM tools including Exabeam and Chronicle.
What licences do I need to buy from Microsoft to utilise the Cybesreer Service?
- Cyberseer can service both MS Defender for endpoint plan 1 & 2. If you’re looking to procure a full EDR service, you will need to purchase the plan 2 license. Compare license plans here https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide
- In addition, Cyberseer requires MS Azure AD plan 2. To access your Microsoft Security Portal, Cyberseer will make use of Entitlement Management or an access package which is part of Microsoft’s Identity Governance toolset. This feature requires Azure AD Plan 2 Licensing. https://www.techtarget.com/searchwindowsserver/tip/Azure-AD-Premium-P1-vs-P2-Which-is-right-for-you
Why invest in Cyberseer’s management service for Defender for Endpoint?
Microsoft Defender Endpoint is a Gartner leader for endpoint detection and response. Cyberseer will resource the output of the solution on your behalf 24×7 and provide monthly and quarterly threat reports.
Is Cyberseer able to use the response features in Defender for endpoint to respond on our behalf?
Yes, Cyberseers customers’ requirements differ from business to business depending on resources and expertise. Particularly out of hours, customers place more responsibility to respond on their behalf. Cyberseer offers a flexible approach when considering escalation paths and responses to use cases.
Can you pull artefacts from specific endpoints for investigations?
Yes, we use all available data to classify a threat. Cyberseer operates a process using confidence and severity to classify a threat to a customer when triaging.
Does the Cyberseer EDR service include any threat intelligence or threat feeds?
Yes, MDE utilises threat intelligence from Microsoft to drive value from its feature sets. Cyberseer offers a further intelligence service with our partner Digital Shadows to provide additional detection use cases including brand reputation, data leakage, spoofing, and credential leakage that can be integrated into Chronicle and the EDR service.
Does Cyberseer perform proactive threat hunting?
Cyberseer actively looks for known TTP’s, enabling the service to detect attacks. If we deem a search can be automated by creating rules that yield low false positives, then those would be implemented into the customer’s systems so that the system can alert quickly when that technique occurs in the future.
Where does my data reside?
Data resides in Azure datacentres in the EU. Data will be stored by Microsoft for your contracted retention period. No customer data will be stored by Cyberseer.
How does Cyberseer ensure its service remains fit for purpose evolving in line with changing TTP’s?
Cyberseer works closely with the customer to understand the wider digital strategy to assess and quantify further risk and build visibility using the MITRE ATT&CK framework and the associated TTP’s. We continually provide TTP insights in this framework as your environment develops.
