10-11, 20:30–20:50 (America/New_York), Track 2 (206a)
Language: English
In this talk, we will explore key features of Microsoft Defender for Endpoint, with a focus on P2 offerings (which including everything in P1). I will be showing practical tips and tricks that can enhance our day-to-day security operations. Drawing from my experience and frequently asked questions, I'll highlight common pitfalls in deploying and configuring MDE, and provide solutions to avoid these mistakes. This session is designed to equip security professionals with the knowledge to optimize their use of MDE and strengthen their organization's cybersecurity posture.
Microsoft Defender for Endpoint (MDE) is a comprehensive solution specifically designed for endpoint protection, seamlessly integrating with Azure, Windows, and other Microsoft products. Given its popularity and extensive feature set, I aim to share some of the most valuable tips and insights that can help fellow security professionals and system administrators save time and perhaps reduce their caffeine intake.
This talk focuses exclusively on real-life practical guidelines for using and deploying MDE, no theory, no assumptions. For instance, did you know it's possible to automatically detect devices using the vulnerable Log4j2 library? Or that automatically resolved alerts may not always be visible, but using the action center can provide more comprehensive insights?
MDE is a robust product suite with a significant learning curve. It's not a "deploy and forget" solution. The default settings and policies require careful fine-tuning to meet your organization's specific needs. As security operations are an ongoing process, we must quickly adapt to the evolving threat landscape and adjust our security measures accordingly.
As Bruce Schneier famously said, "Security is a process, not a product."
James is currently a full time information security advisor in Montreal. Primary goal of work is to secure systems, threat hunting and automate boring stuff. He has worked in the field of both offensive and defensive security. Along the way, James has obtained various certifications such as KLCP, OSCP, CISSP, CBBH, etc.