We are excited to share that Microsoft has again been ranked number one in market share in the IDC Worldwide Modern Endpoint Security Market Shares, 2023: Evolving to Address New Work Modalities (doc #US52341924, June 2024).

And with more than 25.8% of the market share, Microsoft has the endpoint security solution more customers use to defend their multiplatform devices than any other vendor. As depicted in Figure 1, that’s a 40.7% increase in share over the previous year. Thanks to the invaluable partnership with organizations of all sizes around the globe, this distinction comes in addition to Microsoft being recognized as a Leader in the 2024 IDC MarketScape reports for Worldwide Modern Endpoint Security across all three segments—enterprise², midsize³, and small businesses⁴—the only vendor positioned in the “Leaders” category in all three reports. 

Microsoft Defender for Endpoint

Help secure endpoints with industry-leading, multiplatform detection and response.

Learn more

Disrupt ransomware on any platform

For enterprises, Microsoft Defender for Endpoint delivers AI-powered endpoint security with industry-leading, multiplatform threat detection and response across all devices—spanning client, mobile, Internet of Things (IoT), and servers. It is purpose-built to protect against the unique threat profiles per platform including Windows, macOS, Linux, Android, and iOS. It’s a comprehensive endpoint security platform that helps fend off known and emerging cyberattacks, with capabilities that include:

• Vulnerability management.
• Protections tailored to each operating system.
• Next-generation antivirus.
• Built-in, auto-deployed deception techniques.
• Endpoint detection and response.
• Automatic attack disruption of ransomware.

And with more than 78 trillion daily signals and insights from more than 10,000 world-class experts, you can quickly detect, protect, respond to, and proactively hunt for cyberthreats to keep intruders at bay.⁵ Plus, its automatic attack disruption capabilities stop sophisticated attacks with high confidence, so you can disrupt cyberthreats early in the cyberattack chain and block lateral movement of bad actors across your devices.

For small and medium-sized businesses (SMBs), Microsoft Defender for Business goes beyond traditional antivirus protection. Defender for Business delivers many of the enterprise-grade security features from Defender for Endpoint in a way that is easy for SMBs to use without requiring security expertise. 70% of organizations encountering human-operated ransomware attacks have fewer than 500 employees, so choosing the right endpoint protection is imperative.¹ Defender for Business is designed to help you save money by consolidating multiple products into one security solution that’s optimized for your business—and includes out-of-the-box policies that streamline onboarding, simplified management controls for security operations, and monthly security summary reports to help you understand your security posture.

Stay one step ahead of the evolving threat landscape

Defender for Endpoint is core to Microsoft Defender XDR, making it seamless to extend the scope of your organization’s cyberthreat detection to include other layers of your security stack with incident-level visibility across the cyberattack chain. Disrupt advanced cyberattacks and accelerate response—across endpoints, IoT, hybrid identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.

Built-in, security-specific generative AI with Microsoft Copilot for Security makes it easy for security analysts to rapidly investigate and respond to incidents and help them learn new skills such as quickly reverse-engineering malicious scripts, getting guided response actions, using natural language to do advanced hunting, and more. Copilot is now embedded in Microsoft Defender XDR for Copilot customers.

Learn more

If you are not yet using Microsoft Defender for Endpoint, learn more on our website. If you a regular user of Microsoft Defender for Endpoint, please review your experience on Gartner Peer Insights™ and get a $25 gift card.

If your organization has less than 300 users, we also encourage you to explore Microsoft 365 Business Premium and Defender for Business.  

Learn how to supercharge your security operations with Microsoft Defender XDR.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2023.

²IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2024 Vendor Assessment (doc #US50521223, January 2024).

³IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024).

⁴IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses 2024 Vendor Assessment (doc #US50521424, March 2024).

⁵Microsoft Threat Intelligence.

The post Microsoft again ranked number one in modern endpoint security market share appeared first on Microsoft Security Blog.

IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons. 

Microsoft Defender for Endpoint is a comprehensive enterprise endpoint security platform that helps organizations secure their digital estate across Linux, macOS, Windows, iOS, Android, and Internet of Things (IoT). It provides AI-powered, industry-leading endpoint detection and response that is core to Microsoft Defender XDR that enables organizations to build a holistic approach with full visibility and signal correlation across security domains. Built on the industry’s broadest threat intelligence informed by more than 65 trillion daily signals and over 10,000 security experts, Defender for Endpoint empowers security teams to fend off sophisticated threats. With the scale and sophistication of enterprise device security in mind, these are some of the ways Defender for Endpoint uniquely empowers analysts:  

• Automatically disrupt ransomware: Terminate sophisticated cyberthreat campaigns like ransomware, business email compromise and adversary-in-the-middle early in the kill chain with automatic attack disruption — an industry-first, Microsoft-patented capability that helps you outmaneuver attackers.  
• Move at machine speed with Security Copilot: Use the industry’s first generative AI security product, embedded in Defender for Endpoint, that enables analysts to use natural language to speed up daily tasks such as investigating and responding to incidents, prioritizing alerts, and upskilling. 
• Put security posture into action: Your best offense is a secure defense, made possible with built-in vulnerability management capabilities like Microsoft Secure Score. Improve the collective security configuration state of your devices with in-console, prioritized recommendations optimized to reinforce best practices across the application, operating system, network, accounts, and controls. Validate your ideal configuration levels against benchmarks collected from vendors, security feeds, and Microsoft Security’s research teams. 
• Catch adversaries early on: Create early-stage, high-fidelity signals that force adversaries to be correct 100% of the time with built-in deception techniques and automatically generate and disperse decoys and lures at scale that resemble real users and assets in your organization. 

Small and medium businesses (SMBs) face an even more challenging landscape—with increasing cyberthreats, coupled with even more limited security staff or expertise. Built on the principle that SMBs need a similar level of protection as enterprises, Microsoft Defender for Business brings many enterprise-grade capabilities from Defender for Endpoint in a simplified and affordable package for organizations with 1-300 employees. Key capabilities for Defender for Business include endpoint detection and response (EDR) with industry first attack disruption, vulnerability management, attack surface reduction (ASR), next-generation antivirus, and automated investigation and response. It supports platforms such as Windows, MacOS, Android, iOS, and Linux. Many features have been optimized for SMBs and include: 

• Quickly and easily onboard your devices: Wizard-based onboarding gets you up and running quickly with out-of-the-box security policies that are “on by default” and a simplified management experience makes it easy for even non-technical users to manage security operations.  
• Get peace of mind with automatic attack disruption: AI-powered attack disruption helps automatically contain ransomware attacks by limiting lateral movement from compromised users or devices. This capability is on-by default, so it is easy for SMBs to stay protected. 
• Protect mobile devices from one solution: You can onboard iOS and Android onto Defender for Business without requiring additional device management solutions or costly add-ons. 
• Share security insights in a simple format: Monthly security summary reports help you better understand the security status of your identity, devices, data, and applications by seeing threats prevented and detected and recommendations to strengthen your security posture. 

Defender for Business is available as a standalone and as part of the Microsoft 365 Business Premium suite. Microsoft 365 Business Premium brings together Office apps, Microsoft 365 services and Teams, with comprehensive security. In addition to ransomware protection with Defender for Business, other key security capabilities include identity and access protection with Microsoft Entra ID Plan 1, safeguarding against phishing attacks and malware in email, OneDrive and Teams with Defender for Office 365, data protection with Microsoft Purview Information Protection, and device management with Microsoft Intune.  

Many SMB customers also rely on Managed Service Provider (MSP) partners to secure their environments. In recognition of the key role that partners play in serving SMB customers, Microsoft has made product investments to help enable partners to deliver security services at scale:

• Manage multiple customers in one place with Microsoft 365 Lighthouse: View security incidents and alerts, create and apply security baselines across all customers, and configure customized email alerts for delivery to users, groups, or third-party ticketing systems such as Professional Services Automation (PSA) systems. 
• Build out your security services: Use streaming APIs to stream device events for advanced hunting and attack disruption.  
• Integrate with 3rd party Managed Detection and Response services: Many MSPs do not have the in-house security resources to build their own security operations center (SOC). Integrate with leading Managed Detection and Response (MDR) services such as Blackpoint Cyber and ConnectWise.   

Learn More

Read more about our comprehensive set of security solutions for enterprise, midsize, and small business.  

• Microsoft Defender for Endpoint, Microsoft’s industry-leading, cloud-powered endpoint security solution offering vulnerability management, endpoint protection, EDR, and mobile threat defense. Sign up for a free trial today. 
• Microsoft Security solutions for SMBs, including Microsoft Defender for Business and Microsoft 365 Business Premium, offering enterprise-grade endpoint protection powered by AI—designed especially for businesses with up to 300 employees.  
• Partners can learn more about building managed services with Microsoft Defender for Business and Microsoft 365 Business Premium through our MDB Partner Kit and BP Partner Playbook. 
• Watch to see how Defender for Business and Microsoft 365 Business Premium can protect your business. 

You can also download the excerpts of the following reports for more details: 

[2]- IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2024 Vendor Assessment (doc #US50521223, January 2024) 

[3]- IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024) 

[4]- IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses 2024 Vendor Assessment (doc #US50521424, March 2024)  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

Reference 

[1]- Microsoft Digital Defense Report, Microsoft. 2023. 

2 Likes

 Like

The post ​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 appeared first on Microsoft Security Blog.

Attacks are quickly becoming more automated through AI-assisted tools. They are also increasing exponentially—the number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second.¹ Plus, the annual cost of cyberattacks continues to grow. According to the FBI Internet Crime Complaint Center’s (IC3) latest research, reported total losses grew from USD6.9 billion in 2021 to more than USD10.2 billion in 2022.² Such losses are even greater on a global scale. If organizations continue to operate within a fractured security state and only utilize what’s worked in the past, they will leave gaps in their security posture.

Now there is a unique opportunity to harness the power of AI in combination with an end-to-end security solution to build a resilient security posture with defenses that rapidly adapt. There has never been a more important time for specialized cybersecurity expertise, and our partners are critical to preparing customers for the era of AI. According to a Forrester Total Economic Impact study, Microsoft Security partners are realizing a significant increase in their business with more than 14 percent year-over-year growth.³ In small and medium businesses (SMBs), partners are seeing even more dramatic demand with more than 37 percent market expansion just this last year.

Today at Microsoft Inspire 2023, we will discuss AI-powered security during the “Springboard customers into the era of AI with end-to-end security” session. Also, you’ll have an opportunity to ask your most pressing questions at the expert Q&A.

Register for Microsoft Inspire to hear more details on our latest exciting announcements listed in this blog.

Microsoft Inspire 2023

Elevate your business by joining us for Microsoft Inspire, July 18 and 19, 2023, and learn how to accelerate AI transformation in your security practice.

Register now

Coming soon: Microsoft Security Copilot Early Access Program

We are extremely encouraged by the excitement and positive feedback we have received from customers and partners since we announced Microsoft Security Copilot—one of the first generative AI products in the security industry—in March 2023. This fall, we will open our Early Access Program and invite more customers and partners to experience Security Copilot. To help us focus our learning, customers who use Microsoft Defender for Endpoint will be prioritized for early access. Those who also use Microsoft Sentinel will get even more benefit from the program. Security Copilot is designed to work with a broad range of Microsoft and third-party tools, and we will expand the program as we learn.

Our preview is well underway, and the feedback from our preview customers shows that there’s every reason to be excited about the massive potential of this technology to help protect at machine speed and scale:

“Microsoft is spearheading a transformative shift in security operations center (SOC) processes and operations at a truly remarkable speed. By fully integrating these cutting-edge AI technologies, they are pioneering a leap so momentous that by December 2024, SOC operations from 2021 may seem prehistoric in comparison. The surge in productivity could be unparalleled. At Bridgewater, we are thrilled to be helping Microsoft on this voyage, collaboratively propelling Security Copilot’s full potential to the forefront of the industry.”

—Igor Tsyganskiy, President, Bridgewater

New: Security Copilot design advisory council

Today, we are officially kicking off our partner engagement to help you build your own solutions and services powered by Security Copilot. If you are a Microsoft partner, you can start today by helping customers deploy Microsoft Defender for Endpoint and Microsoft Sentinel so that they are prepared to adopt Microsoft Security Copilot. We are excited to join forces with our partners, including members of the Microsoft Intelligent Security Association. Here’s what a couple of our partners have shared already:

“When it comes to cybersecurity, threat actors are increasingly using AI to carry out sophisticated attacks, so why aren’t defenders? We are operating in an era where fighting AI with AI is non-negotiable. By partnering with Microsoft Security Copilot, we can help level the playing field for defenders together. Much of the AI universe sits behind Cloudflare, and acting as the intermediary to allow businesses to harness the power of this technology in a safe way is critical.”

—Matthew Prince, Chief Executive Officer, Cloudflare

“We believe that generative AI will be truly revolutionary and will allow us to become more effective and efficient, by orders of magnitude, in protecting our customers. We expect to see productivity increases from our SOC analysts using Security Copilot when dealing with scenarios like incident response and threat hunting and believe there is potential for upskilling effects, allowing any analyst to complete more advanced tasks quicker than ever before. We are proud to be on this journey with Microsoft and remain excited as they continue to add more compelling capabilities to Security Copilot.”

—Brian Beyer, Chief Executive Officer, Red Canary

“Building on our recent investment to expand and scale our AI offerings, we’re excited to team with Microsoft on bringing Security Copilot to our joint customers, augmenting their ability to predict—prevent—and rapidly respond to security threats. This will help empower all of our customers and provide new opportunities leveraging the responsible use of generative AI.”

—Sean Joyce, Global Cybersecurity and Privacy Leader, PwC

If you are interested in learning how to engage with your customers now to take full advantage of these new AI technologies, we invite you to sign up to receive communications and to be considered for our new Security Copilot design advisory council.

Investments in the managed security service provider community

According to Gartner®, “by 2025, 60 percent of organizations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30 percent today.”⁴ 

To help meet the anticipated demand for these services, we are actively working to recruit more Managed Extended Detection and Response (MXDR) partners alongside our first-party offering. Microsoft is deeply committed to our partner community, and partners will always be the primary path for customers to get the services they need. We are increasing our overall investments for security partners by nearly 50 percent this coming year. A great example of this continued investment is the Microsoft engineering verified MXDR solution status that we launched for partners last year.

Making it easier to better protect small and medium businesses

Small and medium businesses are seeing more cyberattacks, with 82 percent of ransomware attacks targeting small businesses.⁵ Due to a lack of internal security specialists, these businesses often look to IT partners to help secure their IT environments.

We are making it easier for partners to deliver security services to their customers:

• For partners who want to build their own SOC or managed detection and response (MDR) service, we are pleased to announce streaming APIs from Microsoft Defender for Business to enable advanced hunting and attack detection. Available in preview in Defender for Business standalone and as part of Microsoft 365 Business Premium.
• With a 3.4 million-person global shortage in the cyber workforce, partners face staffing challenges as much as their customers do.⁶ For those partners who want to resell security services but do not have the resources to invest in an in-house SOC, we are pleased to announce integrations with leading MDR providers. For example, Blackpoint Cyber now offers both a round-the-clock cloud response MDR service for Microsoft 365 environments, including Microsoft 365 Business Premium, and a managed endpoint detection and response (EDR) service for Defender for Business customers. 
• We’re extending mobile protection to SMB customers who may not have a mobile device management solution with Mobile threat defense for standalone Defender for Business customers—now generally available. The new Defender for Business monthly summary report will show threats prevented, current status from Microsoft Secure Score and recommendations, and will help partners to show value to customers.

For details on our SMB-focused announcements, read our Tech Community blog post.

Expanding comprehensive security with product innovations

We continue to offer one of the most comprehensive security solutions in the market and power it with world-class global threat intelligence. Today we announced the following innovations:

• Microsoft Sentinel: To simplify budgeting, billing, and cost management, the Microsoft Sentinel price now includes the Azure Monitor Log Analytics price. To learn more, read the announcement blog.
• Microsoft Defender Experts for XDR: A new managed service gives customers step-by-step guidance to respond to incidents, receive expertise when they need it, and stay ahead of emerging threats.
• Microsoft Purview Insider Risk Management: With the new bring-your-own-detections capabilities, partners can help their customers create custom indicators by bringing in detections from non-Microsoft sources, such as a customer relationship management system like Salesforce or a developer tool like GitHub.
• Microsoft Defender for Cloud Apps: The new open app connector platform makes it easier for partners to plug their solutions into our platform. New API connectors include the preview of Asana and Miro as well as the general availability of software as a service security posture management capabilities for DocuSign, Citrix, Okta and GitHub.
• Microsoft Defender for Endpoint: The settings management experience is now natively embedded into Microsoft Defender for Endpoint for Windows, Linux, and macOS, removing dependencies on Microsoft Intune and the need to switch between portals.
• Microsoft Defender Threat Intelligence: Graph APIs now enable simple exporting and ingestion of data to Microsoft Defender, Microsoft Sentinel, and third-party applications.
• Microsoft Purview eDiscovery: Now generally available, the Microsoft Graph eDiscovery Export API will enable external applications and partners to integrate the eDiscovery export function through scripting.
• Microsoft Purview Information Protection: With this update, confidential and highly sensitive Excel files that are labeled and protected by Microsoft Purview Information Protection can continue to be protected when imported into Microsoft Power BI datasets and reports throughout their lifecycle. Additionally, documents in SharePoint and OneDrive now support labeled and encrypted documents with user-defined permissions. Co-authoring for Word, Excel, and PowerPoint apps now enables document owners to define permissions for people who can have access to shared sensitive documents that are encrypted.
• Microsoft Purview Data Loss Prevention: Microsoft Purview Data Loss Prevention introduces a new capability to allow security teams to create policies that prevent their users from pasting sensitive data to specific websites or web applications.
• Microsoft Defender for External Attack Surface Management: With External Attack Surface Management, you can leverage new data connections to seamlessly integrate your attack surface data into other Microsoft solutions, including Azure Data Explorer and Log Analytics. These data connections will help you supplement workflows with new insights, which will enable you make informed security decisions based on more comprehensive information.

We have been innovating rapidly across the entire Microsoft Security portfolio. In case you missed them, here are a few of our most recent announcements.

• Two new Security Service Edge solutions: Microsoft Entra Internet Access helps protect access against malicious traffic and threats from the open internet. Microsoft Entra Private Access helps secure access to private apps and resources from any device and network.
• Microsoft Azure Active Directory is now Microsoft Entra ID: To unify our product family, we changed the name of Microsoft Azure Active Directory to Microsoft Entra ID.
• Microsoft Intune Suite: In March 2023, we launched the Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The suite’s AI-powered automation empowers IT and security teams to move simply and quickly from reactive to proactive in addressing security challenges.
• Adaptive Protection in Microsoft Purview: In early 2023, we launched Adaptive Protection in Microsoft Purview. This new capability dynamically updates data loss prevention controls and policies, turning them to individual users and helping customers identify and mitigate the most critical risks. This saves security teams valuable time while ensuring better data security. Learn more about the features and benefits of Adaptive Protection.
• Microsoft Sentinel reduces investigation time by 88 percent: This year, we unveiled a new context-focused incident investigation experience for Microsoft Sentinel that enables security analysts to reduce their investigation time by up to 88 percent.⁷ We also delivered the ability to automatically disrupt in-progress attacks in Microsoft 365 Defender to help customers prevent devasting breaches. 

2023 Security Partner of the Year Awards

We are excited to announce our 2023 Security Partner of the Year Award winners.

Security Partner of the Year: BDO Digital

BDO Digital is a global company that offers detection, automation, and reduction of overall cybersecurity risks. Many of BDO’s clients’ legacy tools were not equipped to deal with modern infrastructure, and internal security teams did not have the bandwidth to monitor and triage security events. BDO helped improve its clients’ cybersecurity posture by reducing actionable alerts by over 50 percent.

Compliance Partner of the Year: Epiq

Epiq offers advanced data security technology solutions, such as a unique Chat Connector for Microsoft Teams that allows legal teams to effectively assess data for relevant and privileged content. 

Building securely together

As we all consider what we can accomplish with AI now and in the future, I cannot overstate the importance of end-to-end security. This is exactly where we recommend you start with your customers. Help them strengthen their security posture now so that when they deploy AI, they are not vulnerable to attacks. AI solutions will only ever be as strong as their underlying security.

As with any product design, we hold ourselves to high security standards when building, developing, and deploying AI-powered solutions from platforms to applications to processes. We maintain rigorous responsible AI practices, aimed at understanding and mitigating harms, measuring the quality of responses, and fostering a continuous learning environment from customer feedback. A cornerstone of these standards is our commitment to developing solutions that are “secure by design and secure by default.” However, it is important to note that the robustness of security is significantly enhanced when users actively manage and maintain it. Our focus extends to ensuring robust control over data, meaning it won’t be used to train AI models without explicit permission. We advocate for our partners to adhere to these benchmarks while crafting and implementing AI-based offerings for customers—whether the aim is to enhance productivity, automate a business process, or safeguard against threats.

Connect with us at Microsoft Inspire 2023

Microsoft Inspire 2023 is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. If you haven’t registered, there’s still time to reserve your complimentary spot. There, you’ll hear strategies to prepare your organization for AI with comprehensive security and security posture. Hope to see you in these sessions!

• “Springboard customers into the era of AI with end-to-end security” (FS106): This session will spotlight how AI will transform technology for our customers and their security practices. You can also join a live Q&A with the experts.
• “Investments Microsoft is making to accelerate your security business” (ODBRK117): Learn the latest opportunities to expand the offerings of existing customers over the next 12 months with Microsoft Security.
• “Take advantage of the expanding opportunity with end-to-end security” (OD130): Explore how Microsoft Security’s end-to-end solution helps you get ready and get your customers to fully leverage the massive opportunity in the security market.  
• “Securing the channel: protecting customers’ digital transformation” (OD131): Find out more about Microsoft’s vital role in addressing increasing cyberattacks in hybrid and remote work environments, while also hearing of the role of partners in proactively securing customers’ digital transformation.
• “Bridging the cybersecurity gap: security training for partners” (OD132): In this Level 400 session, you’ll experience a new gamified learning simulation that makes Microsoft Security solutions real for you and your teams through interactive scenarios. 
• “Build Your Security Practice” (OD142): Explore how partners can grow revenue and profitability with managed security services with Microsoft 365 Business Premium and Microsoft Defender for Business. We will discuss key SMB trends, new product innovations, and resources to help partners develop successful security service offerings.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft internal data.

²Internet Crime Report, Federal Bureau of Investigation. 2022.

³The Partner Opportunity For Microsoft Security, Forrester. July 2023.

⁴Gartner® Market Guide for Managed Detection and Response Services, Pete Shoard, Al Price, Mitchell Schneider, Craig Lawson, Andrew Davies. February 14, 2023. 

⁵The Devastating Impact of Ransomware Attacks on Small Businesses, Quinn Cleary. April 4, 2023.

⁶2022 Cybersecurity Workforce Study, (ISC)². 2022.

⁷The Total Economic Impact™ Of Microsoft SIEM And XDR, Forrester. August 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

The post Microsoft Inspire: Partner resources to prepare for the future of security with AI appeared first on Microsoft Security Blog.

Microsoft Defender for Endpoint is a comprehensive endpoint security platform that provides extended detection and response (XDR) capabilities, and much more with support across Windows, Linux, macOS, as well as iOS and Android devices. If your organization has less than 300 users, Microsoft launched Microsoft Defender for Business for small and medium businesses, which brings many of the enterprise capabilities in an easy to use and affordable solution.

Today, we are proud to share that Microsoft is ranked number one in market share in the IDC Worldwide Corporate Endpoint Security Market Shares report, 2022.¹ More customers choose and trust Microsoft Defender for Endpoint to defend their multiplatform devices than any other vendor. We are grateful to our customers and partners for choosing Microsoft as the most trusted endpoint security provider worldwide.

Microsoft Defender for Endpoint

Discover and secure endpoint devices across your multiplatform enterprise.

Learn more

As shown in Figure 1, IDC estimates that Microsoft has the highest market share of 18.9 percent in 2022 with an increase of 7.2 percentage points over 2021, making it the market share leader in endpoint security for 2022.

Microsoft believes that offering customers tailored endpoint security offerings and product experiences to meet their unique needs is critical in empowering defenders. That is why our portfolio spans from offerings for enterprise to small and medium businesses (SMBs).

Microsoft Defender for Endpoint is an enterprise endpoint protection platform that enables security teams to gain a holistic view into their device estate across multiplatform endpoints, servers, as well as enterprise Internet of Things (IoT) devices, and mitigates threats with key capabilities including:

• Endpoint detection and response (EDR).
• Vulnerability management.
• Attack surface reduction.
• Next-generation protection.
• Auto investigation and response.

While prevention capabilities and vulnerability management are critical for endpoint security solutions, protection capabilities are key for defenders to help keep their organization safe. That’s why Defender for Endpoint protection goes far beyond traditional antivirus technologies. Our next-generation protection combines machine learning models trained on cloud-scale data and behavior-based detection to protect in real-time against malware, polymorphic threats, and other malicious activity. 

Defender for Endpoint is available through two plans, with Plan 1 (P1) delivering endpoint protection focused on prevention and Plan 2 (P2) adding EDR capabilities and more.

Along with larger customers, SMBs are facing an increasing volume and sophistication of cyberattacks, with 82 percent of ransomware attacks now targeted at small businesses.² However, SMBs often lack access to the right resources and tools—with advanced solutions being either too complex, too expensive, or both. With the launch of Microsoft Defender for Business in 2022, Microsoft brought many of the enterprise-grade capabilities from Defender for Endpoint in an easy-to-use and affordable solution to SMB customers and their partners. The full set of capabilities maps to the National Institute of Standards and Technology (NIST) Cybersecurity Framework as well as several cyber insurance frameworks. Over the last year, we have also introduced several new innovations in Defender for Business and Business Premium including server protection and mobile threat defense for standalone customers who may not have a mobile device management solution.  

Microsoft leads the way in EDR

Endpoint detection and response capabilities are critical in keeping up with the quickly evolving threat landscape. They empower defenders to continuously monitor their environments, and automatically correlate related signals and alerts while helping automate the response for an effective defense, where AV protection is no longer sufficient. Defender for Endpoint and Defender for Business provide advanced attack detections that are near real-time and actionable, so security analysts can prioritize alerts effectively and take response actions to remediate threats. The effectiveness of the Microsoft solution is validated by MITRE in the latest attack evaluations that showcased:

• Industry-leading protection: Microsoft’s industry-leading capabilities quickly identified suspicious activity and offered real-time containment to rapidly stop the attack.
• Superior detection and protection on Linux: Microsoft Defender for Endpoint blocked everything on Linux, providing exceptional detection, protection, and visibility that comprehensively captured Linux file server activity.
• Excellent detection and visibility across the attack chain: Our world-class security operations experience and Microsoft 365 Defender capabilities showed the full attack story across domains and quickly correlated all activity down to two incidents.

Go beyond EDR with extended detection and response

While endpoint security remains critical, email and identity remain the prevalent entry points for attackers. So while endpoint security is essential to any security strategy, XDR enables organizations to build a holistic approach with full visibility and signal correlation across security domains.

Microsoft 365 Defender is a leading XDR solution that delivers a unified investigation and response experience and provides native protection across endpoints, hybrid identities, email, collaboration tools, and cloud applications with centralized visibility, powerful analytics, and automatic attack disruption. With Microsoft 365 Defender, organizations can gain a broader set of protections including email security and identity and access management as critical preventative solutions, benefit from auto-healing capabilities for common issues, and scale security operations center teams with XDR-automated disruption to protect against ransomware and other advanced attacks more effectively while safeguarding organizations’ business continuity.

Learn more

If you are not yet using Microsoft Defender for Endpoint, learn more on our website or start a free trial today.

If your organization has less than 300 users, we also encourage you to explore Microsoft 365 Business Premium and Defender for Business.  

Learn how to supercharge your security operations with XDR.

Cybersecurity and AI news

Discover the latest trends and best practices in cyberthreat protection and AI for cybersecurity.

Get the latest resources

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹IDC, Worldwide Corporate Endpoint Security Market Shares, 2022: Pace of Growth Accelerated Through 2022, doc #US49349323. June 2023.

²The Devastating Impact of Ransomware Attacks on Small Businesses, Quinn Cleary. April 4, 2023.

The post Microsoft Defender for Endpoint is ranked number one in market share in the IDC Worldwide Corporate Endpoint Security Market Shares report, 2022 appeared first on Microsoft Security Blog.

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with ramsac Founder and Managing Director Rob May, who gave a TED Talk called “Your Human Firewall: The Answer to the Cyber Security Problem.” The thoughts below reflect Rob’s views, not the views of Rob’s company or Microsoft, and are not legal advice. In this blog post, Rob talks about security operations (SecOps) challenges and how automation can address them, and shares phishing attack protection strategies.

Brooke: What are the biggest challenges in SecOps?

Rob: SecOps is the team responsible for the security of an organization’s IT infrastructure, and for monitoring and responding to security threats and implementing security controls. One challenge for SecOps professionals is keeping up-to-date on the latest trends and tactics used by cyberattackers because threats to security are constantly evolving.

Another challenge is alert fatigue. Security teams are bombarded with alerts from their monitoring tools, and this can make it difficult to identify and respond to real threats. Many of the alerts that security teams receive are false positives that waste time and resources that could be better spent responding to real threats. In the industry, we talk about the utopia of having a single pane of glass that we can look through and get a view of everything. The reality is, in lots of organizations, they are not achieving that.

Balancing security with business needs is always a challenge. Security measures can sometimes conflict with the needs of users in the business, such as usability and accessibility. Professionals have to balance security needs with business needs so that security measures do not get in the way of productivity. Security teams often lack the resources to do their jobs effectively, and that might be budget, staffing, tools, or incident response training.

When a security incident occurs, SecOps professionals have to act quickly to investigate and contain the threat. Organizations are subject to a whole range of regulatory requirements depending on their geography and industry, and that can be complex and time-consuming to maintain. A SecOps professional has to think critically, work under pressure, and stay up-to-date with the latest trends and technologies in order to be successful in their role.

Brooke: Can automation help address any of these challenges?

Rob: Definitely. Automation is a powerful tool in SecOps that helps reduce the workload on the team and improve the efficiency and effectiveness of SecOps generally. An automated incident response system can detect unusual activity on the network and take action to contain and remediate that threat. Or it might detect an impossible activity, such as if you spent the day in the office in London and half an hour later, it appears that you are trying to log in in Russia.

Vulnerability management automation can be used to identify vulnerabilities, systems, and applications, prioritize them based on risk, and recommend remediation actions. Threat intelligence can help gather, analyze, and act on threat intelligence data from various sources, including open-source feeds, dark web forums, internal security logs, and compliance monitoring.

We can help ensure compliance with regulatory requirements and internal security policies by continuously monitoring systems and applications for compliance violations and security testing. We can use automation to conduct regular security tests such as penetration testing and vulnerability scanning to identify potential vulnerabilities and weaknesses.

Automation is not a replacement for human expertise and judgment. They go hand in hand. Automation helps improve the efficiency and effectiveness of security operations, and experienced SecOps professionals interpret what it is saying and act on the data provided by the tools.

Brooke: Have you seen a change in sentiment towards automation in the industry?

Rob: If you leave everything to automation, it has more potential to go wrong. For instance, if it detects something and blocks someone out of their account, and there is no human getting involved for a sanity check, all it is going to take is somebody in the C-suite not being able to do their job when they need to for them to think, “Oh, this is rubbish.”

Of course, it is not rubbish. It is an incredibly powerful tool. We just need to be able to interpret that as well. If I look at my own business and how we use something like Microsoft Sentinel, it is a positive thing, but we have used automation to take all the legwork out of it. A very large number of data incidents can be looked at to flush out a much smaller number that then is then investigated. There is no way you could do that without automation. Without a doubt, it is a game-changer.

Brooke: What does it mean to be a “human firewall?” 

Rob: The human firewall is the collective efforts, behaviors, and habits of the people within an organization. Many commentators say that when it comes to cybersecurity, people are our weakest link. My view is that it is essential that we also consider the flip side of that coin, which is that people are also our greatest strength. We need to ensure that we give everyone the right training, awareness, tools, and policies to stay as safe as possible. If your people are not cyber-resilient, neither is your business.

Brooke: What is the real cost of cybercrime? 

Rob: This question can be answered in a number of different ways. In terms of monetary value, the numbers are huge. I read one report recently that suggested that if the worldwide cost of damages caused by cybercrime was a country (measured in gross domestic product), it would be the third largest economy in the world after the United States and China.

The other way of answering the question is to look at all the associated impacts of cybercrime. This includes the direct costs of responding to an attack, including the investigation, remediation, and repair. Then, there are indirect costs, such as lost business, loss of productivity, reputational damage, emotional harm experienced by the Chief Information Security Officer and company officers, and other things like the resultant increase in insurance premiums (which can be significant).

Brooke: What variants are you seeing with phishing attacks today? How are they getting smarter and how can people and organizations protect themselves from these attacks? 

Rob: Phishing attacks come in many different forms, but common variants include:

• Spear phishing: This is a targeted attack that is tailored to a specific person or organization. The attacker may use personal information or other details to make the message seem more legitimate.
• Whaling (chief executive officer phishing): This is a type of spear phishing that targets high-level executives (the “big fish”) and other high-profile individuals within an organization.
• Pharming: This is an attack that redirects users to a fake website that looks like a legitimate site but is designed to steal their login credentials or other sensitive information.
• Vishing: This is a form of phishing that involves voice solicitation, such as phone calls or voicemails, instead of email.
• QRishing: This is phishing through QR codes. If you open a QR code on your device, it is no different from clicking on a link in an email.

Cybercriminals are using more sophisticated tactics for their phishing attacks to make their messages seem more legitimate. For example, attackers may use social engineering techniques to create a sense of urgency or to create a false sense of trust. They may also use advanced malware and other tools to bypass security measures and gain access to sensitive information.

To protect against phishing attacks, individuals and organizations should take a number of steps:

• Use strong passwords and multifactor authentication.
• Be wary of emails or other messages that ask for personal information or login credentials.
• Check the URL of any website that asks for login credentials or other sensitive information to make sure it is legitimate.
• Use antivirus and antimalware software to protect against malicious software.
• Educate employees and other members of the organization about the risks of phishing attacks and how to recognize and avoid them.
• Make sure your computer and devices have the latest software and firmware updates.
• Use anti-ransomware detection and recovery and turn on controlled folder access on the desktop.

By taking these steps, people and organizations can protect themselves against the growing threat of phishing attacks.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How automation is evolving SecOps—and the real cost of cybercrime appeared first on Microsoft Security Blog.

Small businesses like yours rely on technology to streamline operations, respond to customer needs, and communicate with employees. You’re being asked to do more with less, and unfortunately, attackers often have the advantage; they need to find only one exploitable weakness.¹

While the growing threat of cybercrime can seem bleak, we are committed to taking it on and constantly innovating to deliver security solutions that protect small and medium-sized businesses from cyberattacks. I’m excited to share some of the features we’ve introduced to tighten your security and ease your mind.

Last year, we introduced Microsoft Defender for Business, aimed at safeguarding endpoints for businesses with up to 300 employees. To further extend our security capabilities, we announced Defender for Business in Microsoft 365 Business Premium, providing comprehensive productivity and security solutions on a single platform. In November 2022, we launched server security features built into Defender for Business, with enhanced protection for both Windows Server and Linux servers through the Microsoft Defender for Business server add-on.²

The continued evolution of Defender for Business

But we’re not stopping there. In fact, we’ve made major strides in simplifying our comprehensive security approach with Defender for Business with the following updates:

• Simplified insights with improved security summaries to help you better understand how secure you are across identity, devices, information, and apps. The report shows threats prevented by Defender for Business, current status from Microsoft Secure Score, and recommendations, all designed to help you increase security in key areas.
• Protect mobile devices without the need for device management or add-ons by using new capabilities built into a single integrated Defender for Business experience. The standalone device security solution now includes a preview release of mobile threat defense that provides iOS and Android devices with OS-level threat and vulnerability management, web protection, and app security to help you and your employees stay secure on the go.

We also recognize that managed service providers (MSPs) play a crucial role in securing small businesses at scale, as they provide the expertise and resources needed to protect against an ever-evolving threat landscape.

To support their efforts, we’re excited to announce that MSPs enrolled in the Cloud Solution Provider program can now manage multi-customer device exposure more effectively within Microsoft 365 Lighthouse. Partners can use the exposure score to discover which customers’ devices are most at risk because of vulnerabilities to active threats. It helps them to reduce customer exposure by providing patch recommendations for at-risk devices to make them current with the latest updates. They can also proactively improve customers’ device security in Defender for Business and Microsoft 365 Business Premium tenants.

Security for mobile devices at your fingertips

Mobile devices have become an essential part of small business strategy, increasing communication and collaboration, enhancing responsiveness, reducing operational costs, and making it much easier to work productively from anywhere.

However, this increased reliance on mobile devices has made small businesses vulnerable to cyberattacks, with their attack surfaces expanding in ways they may not realize. About 45 percent of small and medium-sized businesses said they had suffered a compromise involving a mobile device in the previous 12 months. Businesses with a global presence were even more susceptible, with 61 percent compromised.³

Many small businesses may not have the budget or experience to deploy device management technologies, even though it is the best way to secure mobile devices. Basic security typically protects against 98 percent of attacks but mobile device hygiene becomes a problem when the latest updates are not applied soon after release.⁴ It is increasingly urgent to adopt minimum standards to counter the rising level of threats in the digital ecosystem. This is especially true since 50 percent of small and medium-sized businesses say they let employees use unmanaged personal mobile devices to access work data.⁵

Defender for Business now simplifies security for mobile devices, protecting small businesses from threats such as malware and ransomware on iOS and Android—without the need for device management. This new Defender for Business capability, called Mobile Threat Defense, is now in public preview.

Mobile Threat Defense provides three key features that offer you peace of mind when managing mobile device security: operating system (OS) level threat and vulnerability management, web protection, and app security.

• Threat and vulnerability management can track mobile OS vulnerabilities to help IT professionals make sure devices are patched with the latest updates and help prevent active threats in the wild. 
• Web protection helps protect against phishing attacks and blocks unsafe websites that come through email, text messages, or apps.
• App security will alert when it detects a malicious app on the device that could steal data or disrupt the device.

Microsoft 365 Business Premium has included security for mobile devices since its launch as it uses Microsoft Intune for device management and security for iOS and Android devices.

Defender for Business spans the National Institute of Standards and Technology (NIST) cybersecurity framework of identifying, protecting, detecting and responding, and recovering.⁶ By adding device security to our standalone Defender for Business solution today, we deliver comprehensive device security for Windows, macOS, and now iOS and Android devices. This goes far beyond the capabilities of traditional antivirus solutions, which typically only protect a fraction of your business.

Simplified insights demonstrate the value of cybersecurity

Cyberthreats are not slowing down. That’s why it’s more important than ever for you to continue investing in cybersecurity and protect against the financial, operational, or reputational damage that can result from an attack. However, it can be difficult to understand the status of your business security.

We’re excited to bring new security summaries to Defender for Business, giving you insights into your security investments through Microsoft Secure Score. This summary enables you to make informed decisions about how to improve security in your environment and continuously improve your security status. By leveraging these report insights, small businesses can showcase the status of security, close gaps, and instill confidence in stakeholders.

See how Microsoft Defender for Business can help your business

Let us ease your worries about securing your business. Try Defender for Business as a standalone device security solution. You can also try Microsoft 365 Business Premium for a comprehensive productivity and security solution to see how it can benefit your company or reach out to your managed service provider for more information. You’ll also find more details on our TechCommunity blog. We encourage partners to learn more by joining our upcoming webinars.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Global Cybersecurity Outlook 2023, Insight Report, World Economic Forum, Accenture. January 2023.

²Server security made simple for small businesses, Jon Maunder, Microsoft Tech Community. November 8, 2022.

³2022 Mobile Security Index, Verizon. May 2022. 

⁴Microsoft Digital Defense Report 2022, Microsoft. 2022.

⁵Security in the new working environment, Microsoft Research. May 2022.

⁶Cybersecurity Framework, National Institute of Standards and Technology, US Department of Commerce.

The post Microsoft continues to innovate to help secure small businesses appeared first on Microsoft Security Blog.

With that kind of commitment, your business can almost feel like a second home. And just like you protect your physical home with an up-to-date security system and sturdy locks, it’s critical to modernize cybersecurity for your business. Forty-three percent of all cyberattacks now target small businesses, and sadly, 60 percent of those businesses will permanently close their doors within six months of the attack.¹ Those are staggering statistics, and they’re why we chose to include Microsoft Defender for Business with every subscription to Microsoft 365 Business Premium—because every business deserves access to enterprise-grade comprehensive security.

It’s always our ambition to make technology an equalizer, to enable a small business to compete with a larger business with the power of technology and close that gap.

—Brad Smith, Vice Chair and President at Microsoft

As part of Cybersecurity Awareness Month, Microsoft President Brad Smith joined the Administrator of the United States Small Business Administration (SBA), Isabella Casillas Guzman, at the inaugural Small Business Cyber Summit in October 2022 for an intimate fireside chat. The two discussed how small and medium-sized businesses (SMBs) can strengthen their cybersecurity capabilities on a limited budget. With that goal in mind, I’d like to extend an invitation for a free security evaluation consultation to learn where your business might be able to increase protection. In addition, this blog presents five simple actions that can help any business protect against cyberattacks—starting today.

1. Monitor everything around the clock with Microsoft Cloud capabilities

During his talk with Administrator Guzman, Brad Smith highlighted how moving to cloud-based security gives your business an edge in terms of making protection one less thing to worry about. “If everybody’s just trying to run their software on their own hardware in their own four walls, it means you have to do everything to maintain that hardware,” Brad Smith explained. “Whereas if you move to the cloud, that becomes our problem.”

The Microsoft Cloud currently tracks and analyzes 43 trillion threat signals daily.² That includes 35 ransomware families, and more than 250 unique nation-states, cybercriminals, and other threat actors. That enormous breadth and depth of protection are built into Microsoft 365 Business Premium. It delivers enterprise-grade protection against viruses, spam, unsafe attachments, suspicious links, and phishing attacks. You’ll also get constant protection against ransomware and malware attacks across your devices, along with antivirus and endpoint detection and response capabilities built in. That way, you can focus on making your business a success rather than chasing down cyberthreats.

2. Update the locks with Defender for Business

Break-ins in the neighborhood often give us the push we need to replace any worn-out locks or add a security light (or two). Similarly, protecting your business from cyberattacks starts with one simple step—updating your existing systems. Microsoft and other technology companies release updates on Patch Tuesday (the second Tuesday of each month, beginning at 10:00 AM PT), or whenever vulnerabilities are detected. “These [updates] are available free of charge,” Brad Smith emphasized. “But make sure your computers are configured so that they’re downloaded. That’s one of the most important things that people can do to protect themselves.”

Also, make sure your business maintains an up-to-date IT inventory. With the move to remote and hybrid work, the phenomenon of bring-your-own-device (also referred to as “BYOD”) is now common. Using more devices, especially from home networks, creates a larger attack surface with more endpoints and potential vulnerabilities. As part of Microsoft 365 Business Premium, Defender for Business has threat and vulnerability management built-in, allowing you to secure multiple devices with a single tool.

Businesses can further protect themselves with regular data backups. Ransomware attacks increased by 300 percent in 2021.³ The phenomenon of ransomware as a service (RaaS) shows that bad actors are now confident enough to take their operations retail, much like a legitimate business.⁴ But ransomware attacks against your business data can be thwarted by regularly creating backup copies of your important files. Automating your backups according to a set schedule can help your business maximize limited resources while avoiding potential human errors.

3. Hide your keys well with multifactor authentication

Most of us keep a spare house key hidden under a rock or potted plant, but everyone knows better than to put the key under the mat. It’s the same way with passwords: if it’s easy, someone will find it. “It shouldn’t be ABC123,” as Administrator Guzman summed it up. But a recent survey found that among the most common passwords still in use, “password” and “Qwerty” are at the top of the list.⁵ In every cybercriminal’s toolkit today is a kind of brute force attack known as password spray.⁶ Simply put, an attacker acquires a list of accounts and runs through a long list of common passwords attempting to get a match. Since most businesses have a naming standard for employees (for example, firstname.lastname@company.com), adversaries can often get halfway in your door just by using the information found on your website.

Popular internet browsers such as Microsoft Edge come with a built-in password generator that will create—and remember—a secure password for you. Or your business may choose to eliminate passwords entirely with a solution like Windows Hello or FIDO2 security keys that let users sign in using biometrics or a physical key or device. Short of going passwordless, multifactor authentication, also known as two-factor authentication, is your best bet to generate secure access for your business. Multifactor authentication requires users to verify their identity through an additional factor, such as a one-time password (OTP) sent over email or text message. Other verification factors include answering personal security questions or using face or voice recognition.

4. Don’t open the door to just anyone, defend against phishing

There’s a reason for the popularity of video doorbells—it’s simply unwise to open the front door without knowing who’s on the other side. For the same reason, every business should stay up-to-date on the latest phishing scams and social engineering scams that bad actors use to seek entry into your business. In 2022, the most common causes of cyberattacks are still malware (22 percent) and phishing (20 percent).⁷ Threat actors have figured out that people are the weak link—85 percent of breaches now involve a human element—and are ramping up the frequency and sophistication of their attacks.⁸ However, most phishing emails still rely on recognizable “hooks” that we can all learn to spot, such as:

• Request for user credentials or payment Information. Never click the link. Instead, type the business’ URL into your browser and go to your account directly.
• An unfamiliar tone or greeting. Phishing emails are often created offshore, so look for irregular syntax or tone that’s too formal, too familiar, or an odd mix of both.
• Grammar and spelling errors. Legitimate businesses take time to proofread their emails before sending them.
• Inconsistent email address or a “lookalike” domain name. A phishing email address or domain will usually be slightly off (for example, microsotf.com instead of microsoft.com).
• Threats or a sense of urgency. Scammers often try to scare you into clicking the link with headlines like: “Update your account information now or lose access!” If in doubt, type the URL in your browser and go to the site directly.
• Unrequested attachments. If you weren’t expecting an email from this sender, don’t click the attachment. Instead, open a new email (don’t respond) and inquire if the email and attachment are genuine.

When you receive a phishing email (we all do), remember to report it. In Microsoft Outlook for business, just select the suspicious message and choose Report from the top ribbon, then select Phishing. This will remove the message from your inbox and help us block more suspicious emails. Both Defender for Business and Microsoft Defender for Office 365 Plan 1 provide protection against advanced phishing, malware, spam, and business email compromise.⁹ Both come with built-in policies to get you up and running quickly, including simplified wizard-based onboarding for your Windows devices, servers, and apps.¹⁰

5. Stay informed about how to prevent break-ins with SMB security trainings

Local police and neighborhood watch groups often work together to educate residents about break-ins and how they can better protect their homes. No matter the size of your business, there are cybersecurity resources available to you as well.¹¹ The SBA offers best practices for preventing cyberattacks,¹² including a cybersecurity planning tool¹³ and ongoing virtual and in-person cybersecurity events¹⁴ for your area. Even if your only employee is yourself, cybersecurity training shouldn’t be looked upon as a one-and-done task. Threat actors are constantly learning and updating their skills, and so should we. 

Microsoft virtual security training for SMBs and the Microsoft Small Business Resource Center help SMBs arm themselves with the knowledge to prevent phishing attacks, safeguard remote devices, and protect against identity theft. Our SMB security trainings also present strategies for how to stay safe when working on-site and from home, including how to collaborate with colleagues more securely. As Brad Smith put it during his talk with Administrator Guzman, “At the end of the day, [cybersecurity] becomes a little bit like a seatbelt: we know it saves lives, but you do have to put it on.”

Microsoft is here for you

The underlying theme of Brad Smith’s talk for SMBs can be summed up in a few words—Microsoft has your back. Small businesses represent more than 99 percent of the United States economy, so we’re all in this together.¹⁵ Be sure to take advantage of Microsoft’s free security consultation, which includes actionable, data-driven insights into the security vulnerabilities in your environment. 

To learn more about cost-effective, easy-to-use security solutions, visit Security for your small or medium-sized business and find out how a Microsoft 365 Business Premium subscription can provide comprehensive security that’s optimized for SMBs (up to 300 users), or get Microsoft Defender for Business as a standalone device security solution. Both solutions integrate with Microsoft 365 Lighthouse; that way, Microsoft Cloud Solution Provider (CSP) partners can easily view security incidents across tenants in a unified portal. Whatever your budget and wherever your vision leads, we’re here to help you move forward—fearlessly.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Why small businesses are vulnerable to cyberattacks, Linda Comerford, May 25, 2022.

²Cyber Signals: Defend against the new ransomware landscape, Microsoft. August 22, 2022.

³DHS secretary warns ransomware attacks on the rise, targets include small businesses, Luke Barr. May 6, 2021.

⁴Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself, Microsoft. May 9, 2022.

⁵These are the 20 most common passwords leaked on the dark web—make sure none of them are yours, Tom Huddleston Jr. February 27, 2022.

⁶Protecting your organization against password spray attacks, Microsoft. April 23, 2020.

⁷50 Phishing Stats You Should Know In 2022, Caitlin Jones. September 7, 2022.

⁸Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know, Chuck Brooks. June 3, 2022.

⁹Microsoft launches Defender for Business to help protect small and medium businesses, Microsoft. May 2, 2022.

¹⁰Server security made simple for small businesses, Jon Maunder. November 8, 2022.

¹¹Shields Up guidance for all organizations, CISA.

¹²Strengthen your cybersecurity, SBA.

¹³Cyberplanner, FCC.

¹⁴Find cybersecurity events, SBA.

¹⁵How Small Businesses Drive The American Economy, Martin Rowinski. March 25, 2022.

The post Secure your business like you secure your home: 5 steps to protect against cybercrime appeared first on Microsoft Security Blog.

This week, as we join our partners at Microsoft Inspire, much of our conversation is focused on how, together, we can help our customers prioritize their security initiatives while getting the most out of the solutions they already have.

Security services are a critical need for the year ahead

Every year I am so energized by the expertise and creativity of our partners. Much of what we learn comes from them, so we commissioned a Total Economic Impact™ from Forrester Consulting to better understand the high-level trends driving their security, compliance, and identity opportunities. It’s incredible to see that the Microsoft Security partner opportunity grew 21 percent year-over-year across the board in Microsoft 365 security, cloud security, compliance, and identity:

• With the shift to hybrid work, workplace security has seen the most growth. It’s exciting to see that customers are taking advantage of the expanded security capabilities we’ve added to Microsoft 365, and enlisting partners to help them protect frontline workers, implement data discovery for Microsoft Teams, and activate more Microsoft 365 workloads securely. With many organizations struggling to staff their in-house security teams, partners are creating and delivering managed services built on top of Microsoft Sentinel for security information and event management (SIEM) and extended detection and response (XDR), as well as management, monitoring, and remediation across Microsoft 365.
• There’s also an incredible demand for cloud security services—particularly multicloud. The rapid shift to cloud services has created an ever-evolving threat landscape, driving the need to better protect cloud resources, workloads, and applications. Without the expertise or resources to do that, customers are looking to partners to help with secure cloud migrations, managed services for the security operations center (SOC), and security management of all levels of cloud-based infrastructure.
• Compliance-related managed services are the newest and fastest-growing area for most partners. More partners are starting to expand their general security services to include compliance, typically starting with information protection, communications governance, and insider risk, which are natural extensions of security practices. A trend we’re seeing is an increase in very large information protection deployment opportunities, as well as governance advisory services, which are central to the successful adoption of Microsoft compliance solutions.
• As the foundation for all the previously mentioned points, our identity solutions are also fueling significant partner growth. Securing access for every identity—human and non-human—is critical in today’s connected world. Partners are capitalizing on these investments with repeatable identity-specific security solutions, off-the-shelf connectors, and managed services. Identity-first implementations of Zero Trust continue to be key areas of interest for security decision-makers, and partners serve a critical role in collaborating on plans, priorities, and architecture decisions.

Microsoft Security partners are expanding their existing offerings and creating new offerings in all these areas, packaging their unique experience, expertise, and IP for effective and efficient service delivery. Security deployment, advisory, solutions development, and managed services are needed now more than ever. In fact, within the USD247 billion cybersecurity market, security services spending is projected to reach USD77 billion by the end of 2022.³

Optimization through consolidation

Given the breadth of challenges our customers are facing, and recent economic headwinds, many organizations are looking to consolidate their security portfolios to optimize costs and reduce complexity. In fact, 78 percent of chief information security officers (CISOs) have 16 or more tools in their cybersecurity vendor portfolio, and according to Gartner®, “most organizations recognize vendor consolidation as an avenue for more efficient security, with 80 [percent] executing or interested in a strategy for this.”⁴

Microsoft integrates more than 50 different categories across security, compliance, identity, device management, and privacy—and most customers save 60 percent on average by leveraging Microsoft’s comprehensive security solutions compared to a multi-vendor strategy. All Microsoft Security product families work together as one comprehensive solution across clouds and across platforms, helping customers to reduce tool sprawl, maximize value out of what they already have, and reduce complexity. With recent announcements of Microsoft Entra and Microsoft Purview, we’ve also aligned our product portfolio with how our customers view the totality of their security challenges.

Consolidation isn’t just about tools—the lines between security workloads are blurring as well. Virtually every customer scenario includes elements of secure infrastructure, threat detection and response, identity management and secure access, compliance, and privacy—in fact, 90 percent of the Fortune 100 companies use four or more of these solutions. Our partners agree, and many are moving beyond their core specialty to provide a wider range of services to customers, creating new revenue streams and expanding their expertise as a result.

Maximizing the value of current investments

Assisting customers to deploy and fully leverage products they already own is one of the strongest ways our partners can deliver customer value. This week, Microsoft is announcing an entirely new partner investment to help partners drive customer success and product usage. Starting October 1, 2022, partners who help customers deploy their untapped security capabilities within Microsoft 365 E5 and Microsoft Azure will be eligible for up to USD25,000 per account. Microsoft is excited to provide this co-investment to ensure partners remain competitive in their offerings.

Once security products have been deployed, customers often need assistance analyzing and triaging security data to monitor their ecosystem. Microsoft is seeing a surge in organizations looking for a trusted managed detection and response (MDR) partner to help offload time-consuming work and augment their existing in-house security teams. Gartner estimates that 50 percent of organizations will be using MDR services by 2025, and with more than 785,000 customers currently using Microsoft’s advanced security products, the partner opportunity is tremendous. To meet this need, Microsoft has recently announced investments in our managed XDR partner community, including working with them to verify their XDR solutions for use with Microsoft products. Partners with a verified XDR service will have increased access to co-marketing funding to support their business and direct integration with Microsoft field sellers through co-sell opportunities. Partners can learn more about investing in managed XDR partner success.

At Microsoft, we are continually looking for ways to deliver more value with our solutions—and to make it easier for our partners to do the same. For example:

• Most organizations don’t have IoT security at all, and those that do often need help integrating it into their broader SIEM and XDR programs. Microsoft Defender for IoT positions partners to solve both problems for customers. With new native integration with Microsoft 365 Defender that enables you to see vulnerable IoT devices in the Microsoft 365 Defender console and complete coverage across IoT, enterprise IoT, and operational technology (OT) devices, Defender for IoT can now secure all endpoint types, correlate incidents across the entire kill chain, and provide faster detection and response for attacks that previously may have been left undiscovered.
• Despite facing similar risks as enterprises, small to medium-sized businesses (SMBs) often lack the same level of resources. Microsoft Defender for Business provides next-generation protection, endpoint detection and response (EDR), threat and vulnerability management, and automated investigation and remediation—all in a cost-effective package that’s easy to implement and use. Server support is now available in preview. Integration with Microsoft 365 Lighthouse and Remote Monitoring and Management (RMM) solutions enable Microsoft Cloud Solution Provider (CSP) partners to build on that value by delivering a fully managed service. Partners can learn more with the Microsoft Defender for Business partner kit.
• Simplifying the cloud for the public sector and government entities empowers them to accelerate their digital transformation journey. Azure Confidential Computing now helps customers encrypt their data while it’s in use, so trusted partners can now migrate customer applications that handle sensitive data to Azure without rewriting them, and public sector customers can have confidence that their data is protected. And, to empower public sector customers to take advantage of the full power of the cloud while respecting their digital sovereignty, Microsoft Cloud for Sovereignty provides a means to build, move, and operate data and workloads in the cloud while meeting legal, security, and policy requirements.

Recognizing our partners of the year

Microsoft recently announced a simplified and more flexible way to be identified as a Microsoft Security Solution Provider. If you’ve historically been a silver or gold security partner or Enterprise Mobility Management partner, you now have the opportunity this coming year to be recognized through the Microsoft Cloud Partner Program (MCPP) as a security solution partner. 

Once identified, Microsoft offers a wide variety of co-marketing opportunities you can take advantage of in your own programs and in collaboration with Microsoft to differentiate your business, not the least of which is the opportunity to be recognized by Microsoft as the Security or Compliance partner of the year.

I’d like to congratulate Ernst and Young as the 2022 Security Partner of the Year in recognition of the use of the Zero Trust framework that fully leverages Microsoft Azure Active Directory (Azure AD) and Microsoft Azure Key Vault. I’d also like to recognize Edgile as the 2022 Compliance Partner of the Year for their integration of a comprehensive security framework that extends the capabilities of enterprises to also measure the maturity of their data governance. I want to congratulate these partners for their incredible work, as well as all the winners of the 2022 Microsoft Security Excellence Awards. I also want to express my gratitude to our entire partner community for all you do to advance our shared mission of security and to make the world a safer place.

Top takeaways for our partners

Microsoft partners have an amazing opportunity to showcase their security proficiency, drive new growth, and create real-world impact. We invite all our partners to download our commissioned Forrester report to spur ideas on how to differentiate and expand their business. I’ll close with a few ideas:

• If you don’t have a security practice yet, now is the time! Explore a managed security services practice, such as managed XDR.
• If you’re already offering your customers security services, you should consider going bigger! Lean into governance, risk management, and compliance and privacy with Microsoft Purview and Microsoft Priva.
• Bolster security for small and medium-sized businesses with our Microsoft Defender for Business partner kit.

Be sure to check out our sessions at Microsoft Inspire that go deeper into these topics as well:

• Microsoft Sentinel and Microsoft Defender—Protect customers and grow your business
• Unlock new opportunities for modern access with Microsoft Entra
• Microsoft Purview and Microsoft Priva Platforms—Opportunities for partner ecosystem

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Report: Pretty much every type of cyberattack increased in 2021, Brandon Vigliarolo. February 17, 2022.

²(ISC)² Cybersecurity Workforce Study, (ISC)². 2021.

³Worldwide information security services spending from 2017 to 2022, Justina Alexandra Sava. April 27, 2022.

⁴Smarter with Gartner, The Top 8 Security and Risk Trends We’re Watching, November 15, 2021.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post How Microsoft Security partners are helping customers do more with less appeared first on Microsoft Security Blog.

Increased security concerns with the changing SMB landscape

Microsoft surveyed more than 150 small and medium businesses in the United States in April 2022 to better understand the changing SMB security needs.³

More than 70 percent of SMBs said cyberthreats are becoming more of a business risk. With nearly one in four SMBs stating that they had a security breach in the last year, they have reason to be concerned. In fact, there has been a more than 300 percent increase in ransomware attacks, of which more than half were directed at small businesses.⁴

Despite facing similar risks as enterprises, SMBs often lack access to the right resources and tools. Many SMBs still rely on traditional antivirus solutions for their security. Although 80 percent of SMBs state they have some form of antivirus solution, 93 percent continue to have concerns about the increasing and evolving cyberattacks—with phishing, ransomware, and data protection being top of mind.  

What makes SMBs particularly vulnerable is that they often have fewer resources and lack specialized security staff. In fact, less than half of the SMBs surveyed have a dedicated IT security person in-house, and SMBs cite a lack of specialized security staff as their top security risk factor. Sophisticated enterprise security solutions are often prohibitively complex or too expensive—or both.

Delivering on security for all to help protect SMBs

At Microsoft Ignite, we shared our vision for security for all, believing that small and medium businesses should have affordable access to the same level of protection as enterprises. Today, we’re excited to take that vision a step further with the general availability of the standalone version of Microsoft Defender for Business. Defender for Business brings enterprise-grade endpoint security to SMBs, including endpoint detection and response (EDR) capabilities, with the ease of use and the pricing that small business customers and their partners expect.

Microsoft Defender for Business is already included as part of Microsoft 365 Business Premium, our comprehensive security and productivity solution for businesses with up to 300 employees. Customers can now purchase Defender for Business as a standalone solution. Server support will be coming later this year with an add-on solution.

Enterprise-grade security to protect against ransomware and other cyberthreats

To protect against the increasing volume and sophistication of cyberattacks such as ransomware, SMBs need elevated security. Many SMBs still rely on traditional antivirus, which provides only a single layer of protection by matching against signatures to protect against known threats. With Defender for Business, you get multi-layered protection, detection, and response, spanning the five phases of the National Institute of Standards and Technology (NIST) cybersecurity framework—identify, protect, detect, respond, and recover—to protect and remediate against known and unknown threats. Let’s look at the capabilities in detail:

Identify

• Threat and vulnerability management helps you to prioritize and focus on the weaknesses that pose the most urgent and highest risk to your business. By discovering, prioritizing, and remediating software vulnerabilities and misconfigurations, you can proactively build a secure foundation for your environment.

Protect

• Attack surface reduction options help to minimize your attack surface (like the places that your company is vulnerable to cyberattacks across your devices and applications), leaving bad actors with fewer ways to perform attacks.
• Next-generation protection helps to prevent and protect against threats at your front door with antimalware and antivirus protection—on your devices and in the cloud.

Detect and respond

• Endpoint detection and response provides behavioral-based detection and response alerts so you can identify persistent threats and remove them from your environment.

Recover

• Auto-investigation and remediation help to scale your security operations by examining alerts and taking immediate action to resolve attacks for you. By reducing alert volume and remediating threats, Defender for Business allows you to prioritize tasks and focus on more sophisticated threats.

Built for SMBs, easy to use, and cost-effective

We designed Defender for Business keeping the needs of SMBs in mind.

Because IT admins for SMB customers and partners are often juggling many roles at once, we wanted to provide a solution that was easy to set up and could detect and remediate threats automatically so you get time back to focus on running your business. Defender for Business comes with built-in policies to get you up and running quickly. We’ve also included a simplified wizard-based onboarding for Windows devices. Additional simplification for macOS, Android, and iOS is on the roadmap.

With automated investigation and remediation, we do the type of work handled by a dedicated Security Operations (SecOps) team by continuously detecting and automatically remediating most threats.

For Martin & Zerfoss, an independent insurance agency, security was top of mind. Partner Kite Technology Group recommended Defender for Business: “With Microsoft Defender for Business, we’re able to bring enterprise-grade security protection to our small and midsize business customers. We can now meet their current security requirements and prepare them for whatever comes tomorrow,” said Adam Atwell, Cloud Solutions Architect, Kite Technology Group.

He adds, “Automated investigation and remediation is a huge part of the product [because] it’s just happening in the background. Microsoft Defender for Business makes our security so simple.”

Benefits of Defender for Business for partners

SMBs often turn to partners for securing their IT environments, and rightly so. We recognize that securing SMB customers often means providing partners with tools to help them secure their customers efficiently.

Defender for Business and Microsoft 365 Business Premium give partners new opportunities to help secure customers at scale with value-add managed services. Both solutions integrate with Microsoft 365 Lighthouse, made generally available on March 1, 2022, so Microsoft Cloud Solution Provider (CSP) partners can view security incidents across tenants in a unified portal. WeSafe IT, a CSP partner from Sweden, was an early adopter of Defender for Business in Business Premium with Microsoft 365 Lighthouse. The company found that the integrated solution brought it comprehensive customer value and the ability to increase automation and earnings.

“We’ve found no other solution like Microsoft 365 Business Premium that manages such a complete span of functionality for small- to medium-sized businesses at anywhere near the cost or flexibility,” said Martin Liljenberg, Chief Technology Officer and co-founder, WeSafe. “From a partner perspective, it’s intuitive and effortless to apply to customer environments. MSPs that take advantage of Defender for Business can increase automation and earnings while providing their SMB customers better security and service.”

We’re also pleased to announce integrations of Remote Monitoring and Management (RMM) tools that managed service provider partners often use to secure their customers at scale. Datto RMM’s integration with Microsoft Defender for Business is now available for partners. ConnectWise RMM integration with Microsoft Intune and Microsoft 365 Business Premium is coming soon.

Microsoft Defender for Business and Microsoft 365 Business Premium are available from a variety of Microsoft Cloud Partners, including some of the most recognized names in the industry, such as ALSO, Crayon, Ingram Micro, Pax8, and TD Synnex.

For more details on the partner opportunity and benefits of Defender for Business and Microsoft 365 Business Premium, see our partner blog post.

See how Microsoft Defender for Business can help your business

If you work for a small or medium business, try Defender for Business for yourself to see how the solution can benefit your company or reach out to your partner for more information. You’ll also find more details in our TechCommunity blog. Partners can check out the Microsoft Partner blog and join our webinar on May 5, 2022.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹National Small Business Week, U.S Small Business Administration.

²Small and Medium Enterprises (SMEs) Finance, The World Bank.

³April 2022: Microsoft Small and Medium Business quantitative survey research: Security in the new environment.

⁴May 2021, Alejandro Mayorkas, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, in an interview.

The post Microsoft launches Defender for Business to help protect small and medium businesses appeared first on Microsoft Security Blog.

The IDC MarketScape recognized Microsoft’s commitment to cross-platform support with Microsoft Defender for Endpoint, noting that “As telemetry is the rocket fuel for AI- and machine learning-infused endpoint security solutions, Microsoft’s breadth and volume are unequaled geographically and across customer segments (enterprise, small and midsize businesses, and consumer). With the support of macOS, iOS, and Android, Microsoft’s telemetry pool is expanding and diversifying. Microsoft’s expanded platform support also chips away at the long-standing advantage of endpoint security independent software vendors (ISVs).”

Microsoft’s vision for XDR was also cited as a differentiator, as Microsoft Defender for Endpoint is a key component of Microsoft 365 Defender, extending protection from devices to a single, integrated solution across all assets. “Microsoft’s strategic vantage point is more than its Windows operating system. Directory service of Active Directory, web browser of Microsoft Edge, and the ubiquitous business productivity apps of Office 365 provide Microsoft native visibility and control across common endpoint attack vectors. These security building blocks available through Microsoft licensing agreements (E3 and E5) and as standalone options have contributed to Microsoft’s market strength and momentum in modern endpoint security.”

Security for all

Everyone expects hackers to target big, lucrative targets. Modern endpoint security is a key component for any XDR strategy for enterprise security teams, along with identity, email, application, and cloud security protection. However, small businesses are also a popular target even if they are less prevalent in the headlines.

According to a recent SMB cybersecurity report, 55 percent of SMBs have experienced a cyberattack. Many SMB companies hold valuable information that can be exploited, such as customer and employee personal information, payment information, and more. Next-generation threats, like human-operated ransomware, are a danger to organizations of all sizes but are too rarely addressed by traditional endpoint protection platform (EPP) solutions.

As part of our commitment to security for all, Microsoft has renewed its pledge to bring enterprise security to SMBs and nonprofits, boosting cloud security programs and expanding intrusion prevention and detection tech to cover Amazon Web Services (AWS).

With the launch of Microsoft Defender for Business, Microsoft delivers capabilities such as antivirus, threat and vulnerability management, and endpoint detection and response (EDR), across a broad range of desktop and mobile platforms, including Windows, macOS, Android, and iOS.

Built on the foundation of Microsoft Defender for Endpoint, SMBs will be able to focus on addressing weaknesses that pose the highest risk to their environments, as well as to reduce attack surface with application control, ransomware mitigation, network and web protection, and firewall. The solution also provides next-generation protection (on devices and in the cloud) and automated investigation and remediation, while also allowing admins to automate workflows and integrate security data into existing solutions.

Defender for Business doesn’t require special security knowledge to install and use, and it comes with a simplified client configuration with recommended security policies enforced from the get-go

“We need to have security for all, security that protects everything,” said Vasu Jakkal, Corporate Vice President for Security, Compliance, and Identity. “Security is a team sport, after all.”

Learn More

Read more about Microsoft Defender for Business, which offers enterprise-grade endpoint protection that’s cost-effective and easy to use—designed especially for businesses with up to 300 employees.

Readers seeking complete endpoint security can learn more about Microsoft Defender for Endpoint, Microsoft’s industry-leading, cloud-powered endpoint security solution offering vulnerability management, endpoint protection, EDR, and mobile threat defense. Sign up for a free trial today.

You can download the excerpts of the following reports for more details:

• IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2021 Vendor Assessment
• The IDC MarketScape: Worldwide Modern Endpoint Security for Small and Midsize Businesses 2021 Vendor Assessment

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

We thank our customers and partners for being on this journey with us.

¹IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2021 Vendor Assessment, Doc #US48306021. November 2021.

²The IDC MarketScape: Worldwide Modern Endpoint Security for Small and Midsize Businesses 2021 Vendor Assessment, Doc #48304721. November 2021.

The post Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for Enterprise and Small and Midsize Businesses appeared first on Microsoft Security Blog.