Ignite Sniffing the wind after the large uptick in ransomware attacks across the corporate world, Microsoft said it plans to roll out an SMB version it has dubbed Defender for Business.
The preview isn’t out yet, though Microsoft lifted the lid on some of the features, which industry watchers praised as potentially bringing full endpoint detection and response functionality to small-and-medium-sized companies at a relatively low cost. With small firms complaining of opportunistic malware-flinger attacks, it’s certainly a timely offer for those with “up to 300 employees.”
The plans were emitted at the software outfit’s Ignite shindig this week, where it also unveiled pricing: the “standalone” software will set you back $3 per user per month, although it will be bundled into Microsoft 365 Business Premium, if you’re a Microsoft Teams and Office 365 shop.
The product’s aimed at the average employee – many of whom are working from home – who cannot be expected to be an infosec expert but should, however, be expected to follow some simple rules. With GUIs to help with the understanding of the live situation and setting up of new devices it looks like it can quickly be installed and be up and running, or so Microsoft claims. We have all heard those sorts of publicity blurbs before.
At the moment only screenshots are available, therefore no testing or evaluation can be done. However, it does appear sharp and comprehensive initially. It can also be used in conjunction with Microsoft Lighthouse.
Once your network has this up and running it will bring up alerts to any suspicious activity on your system in real time. What you will have is basically a small network operations centre, this is far more comprehensive than normal Defender. This is also very nice for the IT manager and their team, who may able to react to attacks as they occur.
Anyone who has worked in a Network Operations Center on a large system will appreciate the flexibility and choices this sort of thing gives you. The command line diehards will complain of GUI interfaces and more things to go wrong, and there are a still few out there.
However, a picture paints a thousand words. And having been in a network operations centre during a real live crisis, this scribe is not in the command line camp. The “automated reaction” and future proofing are at the moment going to be have to be taken with a pinch of salt as a sales pitch. The moment you make such claims, there will be someone trying to outsmart you.
What is the downside to this? Any security system is only as good as the virus definition recognition database it has. No system is perfect or ever fully up to date.
Recently, VMware’s security unit Carbon Black identified a remote-access trojan it claimed could “perform many harmful activities such as disabling Windows Defender.”
Also, the privacy of your employees seems to be given little consideration from the screenshots. Microsoft’s Tech Community post on the new product clearly shows someone opening PowerShell. Will it also be showing exactly what websites you visited during lunch breaks? The bad guys may not have you, but the boss will. ®