Since 2023, Microsoft has seen a 2.75 instances improve within the variety of organizations encountering ransomware campaigns.1 And as much as 90% of profitable ransomware campaigns leverage unmanaged endpoints, that are usually private units that folks carry to work.1 Whereas the variety of ransomware makes an attempt has elevated drastically, Microsoft Defender for Endpoint has decreased the p.c of profitable ransomware assaults at a better charge—greater than 3 times over the identical time interval.1
The important thing to preventing ransomware at scale is Microsoft’s unwavering dedication to simplifying, automating, and augmenting safety analyst workstreams to fulfill the calls for of immediately’s and tomorrow’s cyberthreat atmosphere. We’re excited to announce that Gartner has named Microsoft a Chief within the 2024 Gartner® Magic Quadrant™ for Endpoint Safety Platforms for the fifth consecutive time. Notably, Microsoft has moved to a tie for no 1 on the Imaginative and prescient Axis. We consider this announcement displays Microsoft’s continued progress in serving to organizations shield their endpoints towards even essentially the most refined assaults, whereas driving continued effectivity for safety operations middle (SOC) groups.
Microsoft Defender for Endpoint is an endpoint safety platform that helps organizations safe their digital property utilizing AI-powered, industry-leading endpoint detection and response throughout Home windows, Linux, macOS, Android, iOS, and Web of Issues (IoT) units. It’s core to Microsoft Defender XDR and constructed on world risk intelligence—knowledgeable by greater than 78 trillion each day alerts and greater than 10,000 safety consultants—empowering safety groups to fend off refined threats.2
Our clients and companions have been a useful a part of this multiyear journey, and we’re grateful for each their enterprise and their partnership. Learn the complimentary report offering extra particulars on our positioning as a Chief.
Microsoft Defender for Endpoint is constructed from the bottom up with operational resilience in thoughts. It begins with our agent structure that follows greatest practices for Home windows by limiting its reliance on kernel mode whereas defending clients in real-time. It doesn’t load content material updates from recordsdata within the kernel mode driver. As an added safeguard, we ship updates to clients making use of Microsoft’s long-established secure deployment practices (SDP) mannequin. Clients have full management over how these updates are delivered and the way controls are utilized to their system property. This mannequin of shared management helps present safety and resiliency.
During the last 12 months, Microsoft has delivered vital improvements which have helped defenders acquire the higher hand towards cyberthreats together with: improved assault disruption, Microsoft Copilot for Safety, a brand new Linux agent, simplified settings administration, the unified safety operations platform and Microsoft Defender Specialists for XDR.
Automated assault disruption, distinctive to Microsoft, is a self-defense functionality that stops in-progress cyberattacks by analyzing the attacker’s intent, figuring out compromised property, and isolating or disabling property like customers or units at machine velocity. For instance, in July 2024 we found the CVE-2024-37085 vulnerability. Quite a few ransomware operators exploited it to encrypt your entire file system and transfer laterally within the community. Assault disruption fends off such refined ransomware makes an attempt by blocking lateral motion and distant encryption in a decentralized manner throughout all of your system property—in simply three minutes on common.3 It is a functionality that Microsoft continues to put money into to disrupt extra eventualities even earlier within the cyberattack chain.
Microsoft Copilot for Safety is the {industry}’s first generative AI that empowers safety groups to guard on the velocity and scale of AI, usually accessible as of April 2024. Embedded inside the Defender XDR expertise, it assists analysts by offering enriched context for sooner and smarter selections. It accelerates investigation, containment, and remediation with prescriptive step-by-step steerage. Analysts can now simply perceive attacker actions with intuitive script evaluation and launch advanced Kusto Question Language (KQL) queries utilizing plain language. The outcomes from a randomized managed trial primarily based on 147 safety professionals confirmed vital effectivity beneficial properties together with velocity and high quality enhancements when utilizing Copilot for Safety. Safety professionals had been as much as 22% sooner throughout all duties, and greater than 93% of customers wished to make use of Copilot once more.
A brand new Linux agent has been constructed from scratch, utilizing eBPF sensor know-how to ship the efficiency and stability wanted for mission-critical server workloads whereas offering visibility into cyberthreats. We proceed prioritizing improvements throughout each sort of endpoint from Home windows, Linux, macOS, iOS, Android, and IoT to supply the holistic endpoint safety that organizations want.
Simplified setup and alter administration assist analysts configure units accurately to reduce risk publicity. With the final availability of simplified settings administration, SOC analysts can handle safety insurance policies with out leaving the Defender XDR portal.
Unified safety operations platform brings the foundational instruments a SOC wants right into a single expertise, with a constant information mannequin, unified capabilities, and broad safety. This unification helps SOCs shut essential safety gaps and streamline their operations, delivering higher general safety, lowering their response time, and enhancing general effectivity. Defender for Endpoint is core to this platform, which mixes “the ability of main options in safety info and occasion administration (SIEM), prolonged detection and response (XDR), and generative AI for safety.” By working seamlessly throughout Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot for Safety, safety analysts want solely a single set of automation guidelines and playbooks. Plus, they’ll use plain language to execute advanced duties straight away with Copilot for Safety embedded within the platform.
Microsoft Defender Specialists for XDR provides your safety staff protection with around-the-clock entry to Microsoft experience. Recognizing that refined cyberthreats transcend the endpoint, Microsoft provides Microsoft Defender Specialists for XDR. This managed service is obtainable 24 hours a day, 7 days per week, serving to organizations lengthen their SOC staff to completely triage occasions and reply to incidents throughout domains.
Thanks to all our clients. You encourage us as collectively we work to create a safer world.
Be taught extra
In the event you’re not but benefiting from Microsoft’s main endpoint safety answer, go to Microsoft Defender for Endpoint and begin a free trial immediately to judge our main endpoint safety platform.
Are you an everyday person of Microsoft Defender for Endpoint? Evaluation your expertise on Gartner Peer Insights™ and get a $25 present card.
To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.
12024 Microsoft Digital Protection Report. Publishing October 15, 2024.
2Microsoft Digital Protection Report, Microsoft. 2023.
3Get end-to-end safety with Microsoft’s unified safety operations platform, now in public preview, Rob Lefferts. April 3, 2024.
Gartner, Magic Quadrant for Endpoint Safety Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, Satarupa Patnaik, Chris Silva, September 23, 2024.
GARTNER is a registered trademark and repair mark of Gartner, Inc. and/or its associates within the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered logos of Gartner, Inc. and/or its associates and are used herein with permission. All rights reserved.
This graphic was revealed by Gartner, Inc. as half of a bigger analysis doc and must be evaluated within the context of your entire doc. The Gartner doc is obtainable upon request from Microsoft.
Gartner doesn’t endorse any vendor, services or products depicted in its analysis publications, and doesn’t advise know-how customers to pick solely these distributors with the best scores or different designation. Gartner analysis publications encompass the opinions of Gartner’s analysis group and shouldn’t be construed as statements of truth. Gartner disclaims all warranties, expressed or implied, with respect to this analysis, together with any warranties of merchantability or health for a specific goal.