July 23, 2020 Events & WebinarsProduct updates
Cordell BaanHofman Terence Jackson

Seek & Deploy: Microsoft Defender ATP

Microsoft Defender ATP is a cloud-powered endpoint security platform with deep insight into Windows threats. In this live discussion you’ll see how Red Canary helped Thycotic supercharge its Defender ATP deployment to improve detection coverage and eliminate false positives.

01:44 Panelist Introduction

04:42 Red Canary Overview

06:55 “Our detection engine does the heavy lifting. When we detect things like events, or things that are questionable or concerning, that is handed over to our cyber incident response team (CIRT).” – Cordell

09:05 “There are many systems out there that generate alerts, and we generate confirmed detections.” – Cordell

10:17 How Red Canary Works With Microsoft Defender ATP

10:33 “Your endpoints are sending data to the Microsoft Cloud. The Defender ATP SaaS offering resides in their Cloud.” – Cordell

11:12 “This is a Cloud to Cloud data transfer.” – Cordell

15:10 How Thycotic Uses Red Canary and Microsoft Defender ATP

18:35 “By switching to Defender, we actually gained some of the visibility that the other vendor was providing as far as the vulnerabilities on the endpoints, and we got much better detail and much more granularity.” – Terence

19:54 “I expected to see all these other alerts because we had alert fatigue from the other vendors and other solutions, and it was quiet.” – Terence

20:57 “I would probably say about 90-95% of the endpoint detections and alerts are handled and resolved by the Red Canary team. So that trust factor is there.” – Terence

28:09 Thycotic’s Take on Deploying Microsoft Defender ATP

28:33 “Enabling Defender to start collecting things when we did that rollout was literally just turning it on in the portal. All of our endpoints were already Windows 10. We do have some macs in the environment, but Microsoft Defender does have a mac agent too so we were able to deploy those with relative ease” – Terence

32:37 Microsoft Defender ATP’s NGAV Abilities

34:35 “One of the big takeaways with this tool is that we didn’t have to install any agents.” – Terence

36:15 “We have reduced our endpoint fatigue and workloads by 85-90% with the combination of Defender and Red Canary.” – Terence

36:45 Maintenance of Both Platforms

37:50 “The way that the portal is laid out is very understandable and user friendly. You can see all of the steps that have been taken in the investigation which actually helps with root cause analysis and timelines.” – Terence

40:27 “A lot of solutions generate a lot of false positives which makes it difficult because you’re trying to weed through and do investigations and actually validate or invalidate the alert. A small team could spend an entire day just investigating endpoint alerts.” – Terence

48:34 Questions & Answers

Cordell Baanhofman
Terence Jackson