Microsoft Defender for Endpoint in Depth: Take any organization’s endpoint security to the next level
- Length: 362 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2023-03-03
- ISBN-10: 1804615463
- ISBN-13: 9781804615461
- Sales Rank: #40206 (See Top 100 Books)
A comprehensive guide that will allow you to build a deeper understanding of the product, its capabilities, and how to successfully operationalize them
Key Features
- Understand the history of MDE, its capabilities, and how they can help secure an organization
- Learn how to implement, operationalize, and troubleshoot MDE from both IT and SecOps perspectives
- Leverage useful commands, tips, tricks, and real-world insights shared by industry experts
Book Description
Microsoft Defender for Endpoint (MDE) is a market-leading cross-platform endpoint security solution that enables you to prevent, detect, investigate, and respond to threats. Microsoft Defender for Endpoint helps strengthen the security posture of your organization in many ways.
This book starts with a history of the product and a primer on the various feature areas. From prevention to attack surface reduction to detection and response, you will learn the reasoning behind the features, the applicability, as well as get an overview of common misconceptions and caveats. After planning and preparation, then deployment and configuration towards a successful implementation, you will be taken through a day in the life of a security analyst working with the product. You will understand common issues, techniques, and tools used for troubleshooting along with answers to some of the most common challenges people face. Finally, the book will wrap up with a reference guide that includes tips and tricks that will keep you coming back to the book regularly.
By the end of the book, you will have a deep-level understanding of Microsoft Defender for Endpoint and you will feel more confident in your ability to secure your organization.
What you will learn
- The backstory of Microsoft Defender for Endpoint
- The reasoning behind the features, their applicability, and caveats
- How to prepare and plan a rollout within an organization
- Tool and methods to successfully operationalize the product
- Continuous operations and improvement of security posture
- The day-to-day of SecOps team operating the product
- Dealing with common issues using various techniques and tools
- Commonly used commands, tips, and tricks
Who This Book Is For
This book is targeted at cybersecurity professionals and incident responders looking to increase their technical depth when it comes to Microsoft Defender for Endpoint and its underlying components, and learn how to prepare, deploy, and operationalize the product. Readers are expected to understand general systems management and administration, endpoint security, security baselines, and basic networking.
Microsoft Defender for Endpoint in Depth Contributors About the authors About the reviewers Special thanks Content contributors Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Share your thoughts Download a free PDF copy of this book Part 1: Unpacking Microsoft Defender for Endpoint Chapter 1: A Brief History of Microsoft Defender for Endpoint It all started in Romania… The early days of antimalware At the Forefront A cloud was born Making sense of it Rapid innovation Expanding coverage Defender everywhere Microsoft Defender experts Milestone 1 – Microsoft Threat Experts Milestone 2 – growing and scaling Milestone 3 – Microsoft Defender Experts Summary Chapter 2: Exploring Next-Generation Protection What is next-generation protection? Breaking down client-side protection Client-side engines RTP Security intelligence Scan types Running modes Exclusions Expanding on cloud-delivered protection Cloud-based engines Automatic sample submissions BAFS Dynamic security intelligence Block levels Tamper protection Web protection Leveraging SmartScreen and Network Protection clients together Device control Reporting Summary Chapter 3: Introduction to Attack Surface Reduction What is attack surface reduction? Examining ASR rules The philosophy behind ASR rules Rule categories and descriptions Operating modes Exclusions Analyzing ASR telemetry using AH Network protection layers and controls Custom indicators Operating modes CFA ransomware mitigations Operating modes Story from the field Exploit protection for advanced mitigations Summary Chapter 4: Understanding Endpoint Detection and Response Clarifying the difference between EDR and XDR Digging into the components of EDR Telemetry components How telemetry is gathered Zeek integration Understanding alerts and incidents How alerts and incidents are generated Alerts overview Incidents overview Reviewing entities and actions Files Other entities Submitting files to Microsoft Action center Exploring enhanced features Threat analytics Advanced hunting Microsoft Defender Experts Summary Part 2: Operationalizing and Integrating the Products Chapter 5: Planning and Preparing for Deployment Architecting a deployment framework Understanding personas Leadership IT admins Security admin Security operations Gathering data and initial planning Defining scope Performing discovery Analyzing the results Planning your deployment Creating buckets Taking a gradual approach Selecting your deployment method Understanding security operations needs Creating a backout plan Some key considerations per feature Adoption order Next-generation protection Attack surface reduction Endpoint detection and response Other platforms Summary Chapter 6: Considerations for Deployment and Configuration Operating system specifics and prerequisites Understanding monitoring agents Supported operating systems Operating system specifics Prerequisites Configuration options for the portal General options Licenses Email notifications Auto remediation Permissions APIs Rules Configuration management Device management Network assessments Selecting your deployment methodology Onboarding packages and installers Group policy Intune Microsoft Defender for Cloud Other deployment methods Configuration management considerations Shell options Group policy Mobile Device Management (Intune) Microsoft Endpoint Configuration Manager Security management for Microsoft Defender for Endpoint Summary Chapter 7: Managing and Maintaining the Security Posture Performing production readiness checks Considerations for connectivity Enabling Defender Antivirus capabilities Attack surface reduction Endpoint detection and response Server-specific settings Staying up to date Windows Linux and macOS Gradual rollout Maintaining security posture through continuous discovery and health monitoring Sensor health and operating system Intune reports ConfigMgr reports Getting started with vulnerability management Dashboard Security recommendations Remediation Inventories Weaknesses Event timeline Summary Part 3: Operations and Troubleshooting Chapter 8: Establishing Security Operations Getting started with security operations Portal familiarization Security operations structure Understanding attacks The Cyber Kill Chain as a framework MITRE ATT&CK™ framework Case study – defining a modern attack Triage and investigation Antimalware detections and remediations Considering alert verbiage Managing incidents Performing initial triage Moving into investigation and analysis Responding to threats Files and processes URLs and IP addresses Device response actions Putting it into practice Threat hunting Go hunt Further investigation and threat hunting Creating custom detection rules Summary Chapter 9: Troubleshooting Common Issues Ensuring the health of the operating system Windows Linux macOS Checking connectivity Connectivity quick checks and common issues Client analyzer Capturing network packets using Netmon Overcoming onboarding issues Troubleshooting onboarding issues MMA versus the new unified agent Custom indicators Web content filtering Resolving policy enablement Checking settings Addressing system performance issues Windows Linux performance macOS performance Navigating exclusion types to resolve conflicting products Submitting a false positive Exclusions versus indicators Understanding your update sources Comparing files Bonus – troubleshooting book recommendations Summary Chapter 10: Reference Guide, Tips, and Tricks Useful commands for use in daily operations PowerShell reference MpCmdRun macOS/Linux Tips and tricks from the experts Online resources Reference tables Processes ASR rules Settings Logs and other useful output Useful logs Summary Index Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share your thoughts Download a free PDF copy of this book
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Microsoft Defender for Endpoint in Depth: Take any organization’s endpoint security to the next level
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.