Moving Beyond Traditional EDR

 

An evolution is happening in the cybersecurity industry. Even as our workforce is becoming more and more distributed, our security architecture is unifying into a single security analytics capability for threat detection and response. Extended detection and response (XDR) is at the center of this shift, providing centralized visibility across your various security data sources. Security teams who are investing in detection and response tools must consider XDR in their evaluations, as XDR delivers all the capabilities of traditional endpoint detection and response (EDR), but with superior extensibility and analytics to meet the needs of the future.

 

XDR Is an Extension of EDR Capabilities

To tell the story of XDR, we must begin with traditional EDR because it is the foundation from which we are extending. EDR capabilities are a critical precursor to an XDR solution because there is no better way to detect an intrusion than by monitoring the actual target environment being attacked, and the telemetry collected by EDR forms the basis of triage and investigation. You simply cannot have a marketable XDR solution if you don’t have best-in-class EDR capabilities. That said, 10-20% of any organization’s laptops and workstations are not under management, so as great as EDR is, it’s only situationally useful. Let’s take a look at how XDR improves upon this situation.

 

 

Cloud Workloads Require a Different Type of Endpoint Monitoring

An endpoint is traditionally understood to be an end user computing device such as a laptop or workstation. Unfortunately, this ignores another important endpoint if we’re to view network communication using the middle-school definition of a line segment, connecting two endpoints. As cloud technologies such as containers and serverless become more prevalent, it’s essential that we be able to monitor these endpoints with the same confidence we have in our end user computing environment. This critical next step toward a full-fledged XDR product enables a unified view across the endpoints within your environment, regardless of system function.

 

Let’s Not Forget How the Network Ties It All Together

Network telemetry serves three critical functions in an XDR environment: 

  1. Detecting compromise of unmanaged assets. 
  2. Providing application-layer anomaly detection where some attacks may never compromise the system itself. 
  3. Correlating events across systems to enable triage of alerts as a single incident across your environment. 

While the first two objectives are advantages of having a network detection and response (NDR) solution, only by leveraging XDR can you accomplish the third to greatly reduce not only the frequency of alerts but the time to triage and investigate them.

 

Why Are You Still Shopping for a Traditional EDR Product?

XDR extends all the benefits you expect from a traditional EDR product by further stitching together telemetry from non-endpoint sources to provide better detection and a bigger picture of what’s going on in your environment for your security operations team. Organizations without XDR invest tons of time and money sending traditional EDR data into their SIEM in an attempt to achieve the same benefits an XDR solution will give you out of the box. Don’t invest in the last generation of endpoint security products with traditional EDR, extend your team by unifying your threat detection capabilities with XDR.

To learn more, contact us today. 

 

Introducing New Cloud-based Admin Capabilities to help you better service Microsoft 365 Apps

 

The work of the IT admin community over the last few months has been nothing short of heroic. It’s always been the role of IT to build secure and resilient infrastructures, but practically overnight you became leaders in enabling an entirely new way of work for your organizations.

As remote work becomes the new norm, you will continue to play a critical role by applying the right technology to deliver a flawless user experience, reduce costs, and digitally transform. We’re proud to announce the preview of new cloud-based capabilities within the Microsoft 365 Apps admin center to help you manage Office apps as a service and better manage your IT costs. Three pillars work together to bring this new service to life:

  • Intelligent insights, including Apps Inventory, Add-In Inventory, and Security Currency, to give you a deep view into your environment to help you act quickly if you find problems.
  • Servicing automation with controls, including Servicing Profile that delivers not only comprehensive servicing automation but also gives you the necessary precision controls to deliver updates based on metrics, optimize network utilization and streamline processes for less business disruption.
  • Microsoft 365 Apps health, including alerting and reporting to help you increase the performance, and reliability of Office apps.

 

Intelligent insights

 

We’re enabling you to get quick answers to frequently asked questions about your Office environment with these additions. Using Office Inventory, you can drill into detailed views of devices running Office apps in your environment to understand which Office client versions and Office add-ins are running. You can also see which servicing channel each device belongs to: Beta Channel, Current Channel, Monthly Enterprise Channel, or Semi-Annual Enterprise Channel. This helps you act quickly to manage unsupported Office build versions and add-ins to ensure your environment is secure and compliant. You can easily export these results to create reports for internal or external audits.

 

The Security page in the Microsoft 365 Apps admin center provides a dashboard view of your security update compliance. You can see the latest patch date and percentage of Office apps in your environment that are up to date. You can also see which devices and apps have failed to update and determine what actions to take next. To help manage security updates for Office apps, you can set a goal time and goal percentage to specify when devices should be updated after a security patch is released. In the Servicing action center in the Microsoft 365 Apps admin center, you can easily specify a Target version to change the update channel for devices by user or Azure Active Directory group. This way, you can ensure that specific devices receive updates only when you’ve chosen. You can also easily roll back updates for certain users or groups.

 

Servicing automation with controls

 

Streamlined and automated Microsoft 365 Apps servicing helps you reduce the burden of manual deployments and accelerate the rollout of the latest productivity features and security patches without adding extra effort and costs. Our new Servicing Profile feature can associate devices in your organization to automate the delivery of monthly Office app updates from the Office CDN. Updates are throttled using our wave algorithm, which is helpful if you have users receiving updates in areas where network congestion or bandwidth is an issue.

You can view the Servicing Profile by device and easily pause and resume updates as needed. If you learn that users are experiencing issues with an update, you can pause updates until issues are resolved. You can also restore updates easily to a previous version in the event you experience unforeseen issues after a rollout.

Through the Servicing Profile, you can also specify exclusion date periods when Office apps updates should not run, such as during company town halls, board meetings, or holiday seasons. This can be scheduled once, or on a recurring basis, based on your business’s needs. To help ensure compliance with Office apps updates, you can choose either to let users install updates at their own pace, or you can force updates to happen by a particular deadline.

 

Servicing Profile high ress v2.PNG

Microsoft 365 Apps Servicing profile

 

Microsoft 365 Apps health

 

Innovations in app health give you insights not just during, but also between deployments. From the Microsoft 365 Apps health dashboard in Microsoft 365 Apps admin center, you can view the overall health of your tenant at a glance at any time to help you understand which Office apps updates your devices are running and actions to take to increase performance and reliability. You can monitor trends in performance and reliability in your organization and assess how many users are reporting diagnostics to help you discover issues. Microsoft 365 Apps health also shows advisories to inform you about issues occurring in your environment with information about which Office apps and update channels are experiencing the problems. We are also bringing you high-level insights into the health of the Office apps, such as currency through Productivity Score. Learn more about accessing and using the Microsoft 365 Apps health dashboard to help you optimize Office clients in your tenant.

 

Microsoft 365 Apps health - high res.png

Health status of Microsoft 365 Apps in the Microsoft 365 Apps admin center

We’ve also enabled a more efficient end-user feedback process and faster response to issues to help you better understand user sentiment and reduce your IT support burden. When you must roll back an update to a previous build, you can report blocking issues to Microsoft. These will be escalated quickly to the Office Product Team. You can view the progress of issue resolution and see when a fix will be available in a future build.

 

The value of the up-to-date Microsoft 365 Apps

 

In May, we announced the new Monthly Enterprise Channel as the first capability in this wave of innovation to help you modernize servicing of Microsoft 365 Apps. Today we are happy to share some evidence from our customers, as they are finding benefits of both a faster cadence to deliver productivity and security value and the predictability the new channel brings along.

We like the guarantee of only one update per month with a faster cadence for features and bug fixes. I believe we will be able to expand upon the success we have already seen and deploy Monthly Enterprise Channel to a much wider audience. – Dawn Wentner, Senior Systems Analyst, Chevron

The reasoning for choosing Monthly Enterprise Channel is that our users like the predictability the new channel offers, knowing that they are going to receive updates once a month. This also helps us stay current with security features while allowing us ample time to do testing with other apps, macros, add-ins that use Office.“ – Basith Raheem, End User Technology Analyst, Mars

 

The new servicing profile gives us great visibility into the device inventory and the update status within few hours of the update release, without us even managing the updates. Transition to the new Monthly Enterprise Channel went smoothly and completed without impacting any end-user productivity, the overall experience is a huge value add.” – Sunila Chugh, Consultant, Workstation Engineering, Avanade

Backed up by all the new servicing capabilities that give you deep insights while leaving you in control, Current Channel (our recommendation) provides your users with the newest Office features as soon as they are ready. If you would benefit from additional predictability for when new Office features are released each month, we recommend the Monthly Enterprise Channel. 

 

To learn more on Microsoft 365, contact us