The Microsoft 365 E5 license gives users entitlements to numerous Microsoft Security products—so many, in fact, that as companies deploy the Microsoft Security suite, they may need a managed detection and response (MDR) service to get the most out of it.
Enter Trustwave Managed Extended Detection and Response (MXDR) for Microsoft, an MDR service built specifically for Microsoft Security customers.
An MDR service is intended to help customers manage the security tools they already have, notably endpoint detection and response (EDR) and security information and event management (SIEM) systems. In some cases, that includes properly tuning the EDR and SIEM tools to alert on issues that are truly important, as opposed to every potential threat.
Even then, keeping up with all the alerts such systems generate is a 24/7 job, and it again takes experience to determine which alerts truly warrant attention. Most organizations simply don’t have the security expertise in-house required to do the job well, so they turn to a managed detection and response vendor for help. By next year, Gartner predicts 50% of organizations will be using MDR services.
Microsoft Security products under E5
Take a look at the Microsoft E5 license , which includes at least 10 distinct security products, and it’s easy to see why so many companies need a helping hand.
It’s important to have visibility and the capability to detect and mitigate an attack across a complex attack chain. Microsoft makes this easy with a number of tools under the E5 license:
- Defender for Office 365, which will detect when a user receives a phishing email or opens an infected attachment
- Defender for Endpoint can detect if a laptop or other endpoint is infected with malware.
- Defender for Identity is intended to prevent attackers from stealing user credentials.
- Defender for Cloud Apps helps detect when an attacker who succeeds in stealing credentials is moving laterally through a network or attempts to steal data.
Collectively, these four Microsoft Defender products make up the Microsoft Defender XDR suite, which works in unison with Microsoft Sentinel, Microsoft’s cloud-native SIEM, to provide a unified security operations experience for alert investigation and response.
Once the SIEM starts issuing alerts, it’s up to your security team to vet the alerts, determine which ones represent credible threats to valuable business applications or data, and quickly determine effective response actions.
That’s where things can get dicey for most organizations. Expert resources must be on hand 24/7 to monitor for alerts and determine which threats are truly serious while avoiding alert fatigue—or trying to.
Anatomy of a cybersecurity attack
The bulleted list above represents the tools required to detect and mitigate a classic intrusion progression. A bad actor sends a phishing email and gets a user to open an attachment or click on a URL. That may result in installing malware on the user’s endpoint, perhaps a keystroke logger that helps the intruder steal a user’s credentials. At that point, the intruder can use those credentials to log on to whatever corporate systems the legitimate user is authorized to access.
While the intent of such an attack may seem clear when written neatly in prose, in real time it can come across as a series of discreet alerts from each security tool. Even if the SIEM succeeds in connecting the dots and issues appropriate alerts, someone has to recognize what the alerts mean and initiate an appropriate response to thwart the attack – even if it happens at 3 a.m. on a Sunday.
On top of that, to really take advantage of all the security tools, companies have to be able to correctly deploy, configure, and continuously optimize them. Again, a tall order.
To overcome these challenges and accelerate an organization’s capability to defend itself against a complex attack, Trustwave offers multiple cybersecurity services to help users get the most out of their Microsoft Security products.
Trustwave MXDR for Microsoft offers 24/7 extended detection, threat hunting, investigation, and response across endpoints, identity, cloud apps, and email with proven preventative configurations to minimize exposures by leveraging the proactive capabilities of Microsoft Security. MXDR Elite for Microsoft with Co-Managed SOC adds a mature methodology for effective co-managed security operations, frequent collaboration with Trustwave experts, and custom configurations and content.
If you’re paying for or considering the Microsoft E5 license, you owe it to your organization to understand your entitlements and get the most out of the included Microsoft Security products. Discover how Trustwave, a longstanding Microsoft Security partner, can help.
