Solving The Microsoft E5 Security Conundrums: What’s the Solution?By: George Anderson
Good news: Microsoft's E5 license now includes bundled security functions, including its Defender suite. The bad news is these bundled functions aren't a complete solution to your cybersecurity needs.
So as a cybersecurity leader committed to E5 licensing, you face two critical conundrums:
- Closing the gap between E5-bundled security and your total cyber defense needs - efficiently.
- Leveraging the E5-bundled security you've already paid for most – effectively.
To close those gaps and optimally leverage your E5 license, you must consider:
- How to expand vigilance across all your environments — not just Microsoft investments
- How to successfully defend your environment despite severe limitations in staffing and skilling
- How to ensure that you can keep pace with the relentlessly evolving tactics of global threat actors
Managed Detection and Response (MDR) built on Secureworks' Taegis™ Extended Detection and Response (XDR) platform is the definitive solution to your E5 security conundrum because of the business, operational, security and skills transfer benefits that only the Secureworks Taegis platform provides.
Taegis MDR extends your defenses beyond your endpoints — and beyond your Microsoft estate, too.
Threat actors will exploit any vulnerability in your defenses, meaning there's likely more to worry about than just your Microsoft ecosystem. With Taegis-based MDR, you'll be able to detect and respond to anomalous behaviors wherever they occur — including your non-Microsoft deployments.
Taegis MDR fully integrates with Azure, Microsoft Defender Suite and Office 365
Microsoft 365 Defender provides four key security features for your hybrid environment:
- Defender for Endpoint: unified endpoint protection with EDR and NGAV
- Defender for Office 365: security for your e-mail environment
- Defender for Identity: on-premises Active Directory security monitoring and investigation tool
- Defender for Cloud Apps: cloud access security broker with Microsoft and 3rd party integrations
The Taegis platform captures and analyzes Defender alerts and telemetry—including those from endpoints, cloud, identity, and Office365. So, you retain the full value of your investment in E5 licensing even as you achieve the full coverage you need.
Taegis MDR for Microsoft E5 - better together
While there are many managed solutions based upon Microsoft Sentinel, as it is one of the most advanced cloud based SIEM solutions on the market, those solutions come with challenges, like lengthy and complex on-boarding, unpredictable and costly licensing and relying on many highly custom and adapted use cases.
The truth is most organizations lack the resources to handle their security engineering, threat intelligence, monitoring and analysis, incident response, forensics, and threat hunting activities. If they did, then maybe MS Sentinel might be a perfect solution for them — but many organizations can't perform all these functions in-house.
Instead, Taegis MDR covers all these activities and more. It's built on a native XDR platform leveraging the unmatched global threat intelligence that makes Secureworks® a Gartner Magic Quadrant leader 11 years in a row. Our Global Security Operations team is staffed by hundreds of highly experienced specialists — guaranteeing access to the help you need in 90 seconds or less.
With Taegis MDR, you benefit starting day one from built-in, state-of-the-art threat detection, constantly enriched and actionable threat intelligence, automated playbooks, and other SIEM/SOAR-like features. Together, these features enhance your Microsoft E5 based deployments and use telemetry and alerts from Azure, Defender suite and Office 365 while encompassing your entire hybrid/multi-vendor security ecosystem as needed.
Taegis MDR offers the broadest set of Microsoft integrations available including - Azure AD; Activity Logs; Office 365; Defender for Endpoint; Graph Security API; Windows Event IDs (Snare); MS DNS; MS DHCP; MS IIS; Azure Collector (Syslog). This is matched by a deep range of standard Microsoft expertise and services as part of Taegis and the better together detection efficacy of adding the AI threat analytics, additional threat intelligence and context to make the most of Microsoft telemetry, alerting and events.
Taegis MDR for Microsoft E5 delivers straightforward deployment and constant support
CISOs want to generate rapid business, operational and security value and expect fast time to ongoing benefit. This is reflected in Secureworks approach to onboarding and continuously delivering security value to all our customers. With thousands of Secureworks MDR customers around the globe, we have developed efficient and straight-forward deployment support that includes the ingestion of your Microsoft and Azure based tools.
We have heavily invested in ongoing enablement through Governance and Service Lifecycle support via our Customer Success Team and Threat Engagement Managers. Together, these teams and services ensure your security goals are met by overseeing the correct utilization and coverage of your IT environments. Regular reviews with our teams take you through key security findings and make recommendations on security maturity and guide the process maintaining and appropriately heightening your security posture.
Taegis puts less strain on your SecOps
Perhaps the most critical advantage of Taegis-based MDR is how quickly and easily it enables your SecOps team to get vigilant and stay vigilant. It takes a lot of work in KQL (Kusto Query Language) and Azure Logic Apps to convert Sentinel's SIEM/SOAR data into useful threat detection. You'll also have to make a variety of design and configuration decisions related to multiple Log Analytics Workspaces.
In stark contrast, Taegis-based MDR delivers thousands of high-relevance out-of-the-box detections and advanced TTP and MITRE ATT&CK detections that: require no additional configuration, and dramatically reduce false positives. The result being analysts spending their time actively defending your environment and little wasted time in fruitless investigations or trying to get multiple security tools up and running properly.
Taegis MDR remains constantly current with threat actors' evolving tactics.
There's a reason Secureworks has maintained its leadership in cybersecurity for more than 20 years: a proven commitment to continuous threat research and a proven ability to rapidly convert that research into actionable cyber defense for our customers. Remember: Without precise, complete, and fully current insight into threat actors' tactics and behaviors, even the most advanced cybersecurity software is just a bunch of expensive code.
The bottom line: If your organization has bought into Microsoft's E5 license bundling, great, you're halfway there. Now look at how extended MDR built upon Secureworks Taegis XDR best complements and optimizes the security value of that decision by completely solving those Microsoft E5 Security Conundrums.
For more insight into how extended MDR with XDR helps modernize security operations you can download this ESG e-book here.