Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Recently named a leader in The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021, Microsoft Defender for Endpoint integrates with security information and event management (SIEM) and EDR/XDR solutions to increase efficiency and effectiveness while securing an organization’s digital estate.
VMRay’s integration with Microsoft Defender for Endpoint easily automates Tier 1 and Tier 2 malware alert triage tasks in high volume alert environments, with confident, automated responses to stop attacks before they happen. EDR alert validation can also dramatically reduce false positives and alert fatigue in the SOC, minimizing an organization’s reliance on human skilled Analysts, releasing them from more mundane, repetitive tasks to focus on more strategic business goals.
Augmenting Microsoft’s EDR/XDR solutions with VMRay provides SOC teams with the ability to automatically identify and mitigate malicious known and previously unknown risks. VMRay’s ability to quickly extract and categorize IOCs with MITRE ATT&CK mapping helps detection engineering teams to create signatures or policy rules to block current and future threats. Together, Microsoft and VMRay reduce the Mean Time To Detect (MTTD) and Mean Time To Resolution (MTTR), greatly enhancing the economy of SOC services.