When Microsoft posted their blog about leading in five of Gartner’s security Magic quadrants, it came as no surprise. The engineers at Enabling have been using these services to secure our customer's cloud and on-premises environments for several years. This blog describes how these five categories (EUM, EPP/EDR, CASB, etc.) work together in the Enterprise Mobility & Security platform.
In Gartner Group’s eyes, Microsoft is now a five-tool A player. Microsoft’s jump in their position in these major quadrants is partly due to their 3,500 security engineers investing $1 billion in R&D, but also due to the Intelligent Security Graph.
Why is a platform of consolidated security services better than a variety of best in breed products? It’s best for one of our customers to share their perspective, so feel free to watch this testimonial from Cascade Environmental.
The Intelligent Security Graph
The Intelligent Security Graph is Microsoft's machine learning database of security signals from across the globe and across multiple Microsoft services. The Graph connects disparate security incidents hitting Azure Active Directory, Office 365, Bing, Xbox, Outlook.com, and other assets. A recent Microsoft slide boasted 6.5T signals a day (see below)!
Success begets success. With increased use of Microsoft’s cloud security platform, the more data the Graph ingests, and the greater its intelligence.
The Synergies of the Platform
The Security Graph is more than big data. It provides Microsoft 365 subscribers with actionable intelligence. For instance, when machines in the fleet (managed by Defender ATP) are found to have vulnerabilities in third-party software, those machines are flagged as risky. The status of the overall risk of the fleet is provided in an “Exposure Score” (see below, left). Details are provided about the specific issues (below, right).
But how could an admin then update the vulnerable software? Therein comes another advantage of the platform: the connections between the services.
- From Defender Advanced Threat Protection (a competitor to Crowdstrike in the EDR/EPP Leader’s Quadrant), you can open a ticket in Intune to patch a machine that has out of date or vulnerable software.
- From Cloud App Security (a competitor to Netskope in the CASB quadrant), admins can revoke the active session of any user that appears to be compromised.
- Office 365 Advanced Threat Protection (a competitor to ProofPoint in the Information Archiving quadrant) can purge the inboxes of messages found with a zero-day malware link or attachment.
- Azure Sentinel (a competitor to Splunk and Qradar) ingests data from office 365 and Azure at no charge but still has hooks to open standards logs from firewalls, proxies, and networking hardware.
More Synergies between Defender ATP and the rest of the platform can be seen below.
The prevailing viewpoint on managing best in breed security services is that:
- Each security product or service adds its own administrative portal, training requirements, and log analytics. Taking time to analyze logs is unproductive, and most go unread.
- In loosely run IT organizations, more products add costs and complexity, and in at least one customer I've met in the last month, a lot of shelf-ware (purchased but undeployed solutions)
- Attackers continue to morph their attacks, which marketeers and entrepreneurs latch onto, and introduce more point solutions.
We've been pointing out to customers that a platform of security services can provide better security than a hodgepodge of best in breed services. This is especially true for smaller firms without a security operating center staffed by CISSPs.
As more organizations subscribe and feed signals into the Intelligent Security Graph, the more accurate the analysis becomes, the more integrations that are released, the more organizations will realize the Magic Quadrants are right. A platform of services will provide better protection (and sanity) than a series of best in breed products.
If you'd like to pilot any of these quadrant leaders, or begin synergizing your security solutions, contact us at SecureCloud@enablingtechcorp.com