WATCH ON-DEMAND
Microsoft Defender ATP is a cloud-powered endpoint security platform with deep insight into Windows threats. In this live discussion you’ll see how Red Canary helped Thycotic supercharge its Defender ATP deployment to improve detection coverage and eliminate false positives.
01:44 Panelist Introduction
04:42 Red Canary Overview
06:55 “Our detection engine does the heavy lifting. When we detect things like events, or things that are questionable or concerning, that is handed over to our cyber incident response team (CIRT).” – Cordell
09:05 “There are many systems out there that generate alerts, and we generate confirmed detections.” – Cordell
10:17 How Red Canary Works With Microsoft Defender ATP
10:33 “Your endpoints are sending data to the Microsoft Cloud. The Defender ATP SaaS offering resides in their Cloud.” – Cordell
11:12 “This is a Cloud to Cloud data transfer.” – Cordell
15:10 How Thycotic Uses Red Canary and Microsoft Defender ATP
18:35 “By switching to Defender, we actually gained some of the visibility that the other vendor was providing as far as the vulnerabilities on the endpoints, and we got much better detail and much more granularity.” – Terence
19:54 “I expected to see all these other alerts because we had alert fatigue from the other vendors and other solutions, and it was quiet.” – Terence
20:57 “I would probably say about 90-95% of the endpoint detections and alerts are handled and resolved by the Red Canary team. So that trust factor is there.” – Terence
28:09 Thycotic’s Take on Deploying Microsoft Defender ATP
28:33 “Enabling Defender to start collecting things when we did that rollout was literally just turning it on in the portal. All of our endpoints were already Windows 10. We do have some macs in the environment, but Microsoft Defender does have a mac agent too so we were able to deploy those with relative ease” – Terence
32:37 Microsoft Defender ATP’s NGAV Abilities
34:35 “One of the big takeaways with this tool is that we didn’t have to install any agents.” – Terence
36:15 “We have reduced our endpoint fatigue and workloads by 85-90% with the combination of Defender and Red Canary.” – Terence
36:45 Maintenance of Both Platforms
37:50 “The way that the portal is laid out is very understandable and user friendly. You can see all of the steps that have been taken in the investigation which actually helps with root cause analysis and timelines.” – Terence
40:27 “A lot of solutions generate a lot of false positives which makes it difficult because you’re trying to weed through and do investigations and actually validate or invalidate the alert. A small team could spend an entire day just investigating endpoint alerts.” – Terence
48:34 Questions & Answers