Microsoft Defender for Endpoint EDR Implementation for ATB-Market

Realizing that EDR is important, yet insufficient to ensure full-scale protection against the evolving cyber threats, Infopulse encouraged ATB-Market to consider the implementation of an Extended Detection & Response (XDR) solution. Our team offered to test Microsoft Defender for Endpoint – an integrated endpoint security platform that features advanced ML-driven behavioral analytics, powerful digital forensics, and smart automation.

The project started with an introductory workshop where Infopulse familiarized the client with Microsoft Defender for Endpoint and its key capabilities. Consequently, our experts conducted a brief PoC on their laptops to demonstrate the solution in action and confirm that it meets the client’s business needs.

The next stage involved a series of test cases to verify whether Microsoft Defender for Endpoint complied with the expected technical requirements. In close cooperation with ATB-Market, Infopulse formed a test group of users with corporate devices and designed numerous test cases to assess the solution performance on Windows 10/11, macOS, and Linux. In addition, our team designed a test case for the automated deployment of the solution on Microsoft Intune – cloud-based mobile device management (MDM) service.

Besides executing conventional test cases, Infopulse performed a set of simulated cyberattacks to assess the established endpoint defense system, showcase the full scope of XDR capabilities in practice, and help the client prevent potential cyber risks by demonstrating real-life attack scenarios.

After successfully completing all the testing, ATB-Market had no doubts that Microsoft Defender for Endpoint was the best fit for their business case and Infopulse proceeded with the full-scale implementation of the solution for the retail chain. As a result, the client received a cutting-edge XDR platform with a broad spectrum of valuable features:

• Two possible operational modes for laptops, tablets, and smartphones – agentless for Windows 10/11 and agent-based for macOS, Linux, iOS, and Android
• Comprehensive user behavior analytics that rapidly uncovers anomalous activities, such as unauthorized access attempts, hidden scripts, or corrupted files
• Digital forensics that collects, processes, and investigates complex malicious patterns, including fileless threats launched in random-access memory (RAM)
• Full-scale automation of different security workflows, including threat intelligence, file checks, transfer to quarantine, blocking of compromised communication channels, etc.
• Semi-automatic mode, where the solution automatically performs security analytics and reports the findings to the respective experts prior to blocking a file or process
• Web content filtering and control via category-based URL blocking
• Network hardening capabilities and an integrated network vulnerability scanner – Qualys
• Vulnerability assessment of any software installed on endpoints, including notifications about important security patches/updates.

To further reinforce the client’s security perimeter, our specialists offered to integrate Microsoft Defender for Endpoint with the client’s SIEM tool – IBM QRadar. As a result, the combination of XDR and SIEM empowered ATB-Market with centralized, real-time threat detection across all attack vectors.

Moreover, to flatten the learning curve for the client’s security experts, Infopulse hosted multiple training sessions to help them configure and master digital forensics, reporting, and other functionalities.