Skip to navigation Skip to search Skip to content
    Contact

    Microsoft Defender for Endpoint (formerly ATP)

    Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection) is a powerful tool for effectively protecting the client infrastructure. It provides up-to-date, first-hand data and thus creates transparency about the threat situation.

    The solution is based on the proven MS Defender, which continues to serve as malware protection. In addition, Microsoft Defender for Endpoint collects and analyzes all security-relevant actions on clients. This applies to both corporate infrastructure clients and employees' personal BYOD equipment. Users gain insight into the patch status of the operating system and third-party software. Security vulnerabilities are detected before they are exploited. Information on the attack behavior of malware can be collected in a sandbox.

    Schedule a consultation
    IT security audit symbol with laptop, magnifying glass and check mark sign for cyber security audits

    Microsoft Defender for Endpoint
    obtain as a cloud service

    The Microsoft Defender for Endpoint cloud service can also be obtained directly from Microsoft. However, the configuration and deployment should be well thought out.

    We also offer the service with configuration services and distribution to companies without the corresponding internal know-how. Other services are tailored to the needs of your industry. We also advise companies on all aspects of using the service.

    We offer interested parties a telephone exchange to answer questions. Leave us your contact details here!

    Individualized basic KPIs for threat analysis

    The basis of a threat analysis is a baseline of selected security KPIs. These measuring points specifically record security-relevant settings that a company classifies as important.

    Anomalies such as malware attacks, vulnerabilities in software, potentially unwanted applications or an inadequate patch status are detected and reported in real time. The uniform query across the entire client environment provides a consistent statement about the security and health status of the client landscape.

    Specific detection of vulnerabilities,
    even before they are exploited

    For an attacker to successfully cause damage to your IT infrastructure, two things are necessary:

    1. an existing vulnerability and
    2. a way to exploit it.

    Most malware protection systems detect when malware attempts to infect a system via a vulnerability. However, MS Defender for Endpoint Service goes one step further.

    The service detects vulnerabilities in the operating system and in third-party software. To do this, it uses an extensive database that is maintained by specialists. This makes it possible to intervene before an attack on your IT infrastructure takes place.

    Analysis of malware and attack behavior

    Microsoft Defender for Endpoint Service detects conspicuous behavior. This often occurs when vulnerabilities are exploited by malware. The service records these actions at file, storage and network level. They are then sent to the cloud for analysis. This allows you to evaluate conspicuous behavior. In the event of an attack, you also receive evidence for further investigations to minimize damage and for forensic prosecution.

    Control over software inventory, reduction of the attack surface

    The software inventory of a client is directly related to the vulnerability of the end device. Outdated software or unwanted programs enable attackers to damage IT infrastructures or cause data leaks by exploiting security vulnerabilities. This can cause lasting damage to the company.

    A well thought-out authorization structure helps to avoid unwanted software installations. Consistent control of the software inventory is nevertheless a major challenge that increases as the service life of a client progresses. MS Defender for Endpoint Service is used to control and manage the software inventory across the entire client landscape. You receive a comprehensive overview of the software in use at a central location. If necessary, you can launch detailed queries to intervene immediately.

    Microsoft Defender ATP protection mechanisms with cloud and client-based ML security features for modern threat detection

    The interaction of cloud and client at a glance (source: Microsoft)

    Certainty regarding the patch status

    Finding and exploiting vulnerabilities through malware used to be the preserve of an interested hobbyist. Today, finding, exploiting, reporting and closing security vulnerabilities is an institutionalized activity of an entire industry with well-established processes.

    If security vulnerabilities are found, software manufacturers are usually given a short period of time to close them before they are published. Orderly patch cycles usually roll out the improvements automatically to the end devices. This procedure ensures that all parties involved have an interest in guaranteeing software security. At the same time, it increases transparency when it comes to finding attack surfaces.

    In practice, clients often do not receive the latest security updates due to malfunction or configuration. This represents an eminent risk, especially for end devices with Internet/mail access. MS Defender for Endpoint Service collects information across the entire client infrastructure and immediately reports failures centrally. This gives you the opportunity to react in terms of security.

    Immediate investigation by experienced specialists

    Increasing complexity due to technical progress is placing ever greater demands on the understanding of the assessment of IT security incidents. This demands financial and time resources from IT infrastructure operators. It takes them away from their core business and their economic service provision.

    In order to react quickly to threats and relieve you of non-value-adding tasks, the specialists at Leuchter IT Infrastructure Solutions AG take over the initial measures. They assess the security incident and discuss the next steps with you.

    Microsoft Intelligent Security Graph

    Microsoft collects billions of telemetry data worldwide every day. Microsoft refers to this data warehouse as the "Microsoft Intelligent Security Graph".

    Microsoft processes this data using machine learning methods, artificial intelligence and extensive data analysis. This enables the company to identify certain behavioral patterns that indicate malicious activities such as malware or attacks.

    The findings from the "Microsoft Intelligent Security Graph" flow into Microsoft security products such as Microsoft Defender for Endpoint in real time and thus offer comprehensive protection.

    Personal consultation

    A team of various professionals will take care of your inquiries concerning the topics IT infrastructure, organisation, communication and co-operation in the modern business world. Please consign your questions and messages to our team. A proven expert in these topics will contact you.
    We look forward to your inquiry!

    Get in touch
    Team IT-Infrastruktur

    Team IT-Infrastruktur

    Phone: 041 226 50 80
    E-Mail: kontakt@leuchterag.ch