If you were talking to someone whose organization is considering Microsoft Windows Defender, what would you say?
How would you rate it and why? Any other tips or advice?
Windows is a great tool that I have used. It has helped my organisation in achieving what it does daily and protected our data in a great way. I would recommend every user who has a computer or laptop to consider using Windows Defender since it is the best tool to safeguard your system from malware and attacks.
We are using the on-premises deployment solution. I would rate the solution seven out of ten.
I would say this is a good product. It's very intuitive, easy to use, and very good for people who don't have much experience in security. This a very good product because every time there is an update it corrects any issues. It can help an enterprise go up. I would rate it a nine out of ten.
We are using the public cloud deployment model of the solution. I would recommend the solution. I would rate it ten out of ten.
I would recommend the solution because I can confidently tell everyone that this product is working very well and it's stable. You are always sure that they are able to deal with a virus or something else that may interrupt your work. I would rate this solution nine out of 10.
The majority of the updates are really good. I would rate this solution eight out of 10.
I'd say the product rates about an eight out of ten as it currently stands. You have to implement the product — there's no choice. You can't use the exchange online protection or the advanced analytics or obscure identity IP protection without the APT being installed on the endpoint. Otherwise you're not getting into threat intelligence or the actions. You're not going to get the full response plan or activities that occurred. You cannot deploy without APT being installed on the desktops and have a full, defined solution for unified labeling. That has to be deployed and tested for unstructured data for at least six months with the AIP (Azure Information Protection) scan that's deployed with APT.
Defender by itself is not a solution. Defender is basically a functionality. We have some issues with reporting, but I think it's just the way we've integrated right now, again not using ATP. So, we just use STC MS management. Then it's limited in terms of reporting. From an operator's perspective, I think there are some policy detection issues where you've got a detection for a signature but how it translates into the FCCM dashboard where it doesn't really categorize that particular model. It picks something up as bad but it's just unknown. So, I think that's a known issue with this particular thing. Because it doesn't know what it is classified as it doesn't really do anything. For it to do something, the policy has to recognize the category of that number. It could be a trojan horse or whatever it is, but it doesn't really do that. It could be what they call an autonomous detection where the system categorizes it as not recognized and hence it blocks it, but it's not going to let you delete it instantly. Usually, you can say if it's detected you want to block it, that's the first step. The second step is to be able to delete the file or quarantine the file. But it doesn't recognize that, so it doesn't know what it needs to do. Instead, it just blocks it. It only blocks it because it doesn't recognize it as being Malware. I would rate this product a six out of ten.
For Windows Defender, there's no server edition for it. It's free. There is no additional cost. It's part of Windows, i.e. if you have issues with compatibility using other products. If you paid for Windows, it already comes with Windows Pro and Windows Enterprise automatically. It's better to go with it than pay the additional expense of deploying other solutions. On a scale from 1 to 10, I would rate this product a nine. It doesn't have all the features that it needs to be perfect.
My additional advice would be to create a test user group, deploy the software to those test users and then monitor those users as part of a log management operations center and run comparisons over several months. Comparing those users, against other users perhaps using a third-party product, like Symantec, would allow for calculation of performance and progress metrics. Based on that, a decision can be made as to whether to deploy the software across the organization or not. I'd give this tool a rating of 8 out of 10. It's got good detection rates, low on system resources, doesn't interfere or hamper workflows, and it's easy to use.