- I-Defender ye-Endpoint idibanisa ukukhusela, i-EDR, i-automation, kunye nokulawulwa komngcipheko kunye nokufikelela kwi-multiplatform.
- Hlanganisa i-endpoint sensors kunye ne-analytics yefu kunye nobukrelekrele bosongelo kunye nokulungelelaniswa kwe-XDR.
- Isicwangciso se-1 sibonelela ngolawulo olubalulekileyo: i-ASR, ukunciphisa i-ransomware, ulawulo lwesixhobo, ukukhuselwa kwewebhu / inethiwekhi, kunye nokuphendula ngesandla.
- Ukudityaniswa ne-Defender XDR, i-Sentinel, kunye ne-Intune yomeleza ukubonakala kunye nempendulo elungelelanisiweyo kwinqanaba.
Ukuba uyazibuza ukuba yintoni kanye kanye iMicrosoft Defender ye-Endpoint, nantsi isikhokelo esipheleleyo, esithe ngqo, kunye nesithe ngqo. Sithetha ngeqonga lokhuseleko lokuphela kweshishini likaMicrosoft, eyenzelwe ukuthintela, ukubona, ukuphanda, kunye nokusabela kwizoyikiso eziphambili kwiikhompyuter kunye nezixhobo zanamhlanje.
Kwimeko apho uhlaselo luvela kwisantya sombane, ukuba nesisombululo esidibanisa ukukhuselwa kokuthintela, ukufumanisa ixesha langempela, kunye ne-automation ingundoqo. I-Defender ye-Endpoint ikhusela Windows, ii-macOS, Linux, Android, iOS kwaye yasebukhosi-, ngobukrelekrele belifu, uhlalutyo lokhuseleko, kunye nesakhono se-XDR sokumisa uhlaselo oluntsonkothileyo njenge-ransomware.
Yintoni iMicrosoft Defender ye-Endpoint?
Microsoft Defender for Endpoint (MDE) Sisisombululo sokhuseleko sokuphela kwelifu esibonelela ngokubonakala, uthintelo, ukubhaqwa, kunye nokuphendula kwi-cyberthreats kwishishini elinamaqonga amaninzi. Idibanisa ukhuseleko lwesizukulwana esilandelayo, i-EDR, ulawulo lobuthathaka, ukunciphisa indawo yokuhlaselwa, ukhuseleko lweselula, kunye nokukhangela okulawulwayo., zonke kwiqonga elinye kunye ingqiqo.
Kwilizwe loshishino, sicinga ukuba isiphelo siso nasiphi na isixhobo esidibanisa nenethiwekhi yenkampani. Imizekelo yokuphela ibandakanya Iipopu, iiPC, iifowuni kunye neetafile, kodwa kunye neendawo zokufikelela, ii-routers kunye ne-firewall; zonke ezi ngamasango kwidatha yakho kunye neenkqubo ukuba azikhuselwanga ngokufanelekileyo.
I-Defender ye-Endpoint inikwe amandla kubukrelekrele behlabathi be-Microsoft besoyikiso, ikwaziswa ngemiqondiso evela kwiindawo ezininzi kunye namaqela eengcaphephe. Iqonga lidibanisa izilumkiso (indlela yeXDR) yokuphazamisa ngokuzenzekelayo amaphulo antsonkothileyo, ngokugxila ngokukodwa kwizisongelo ezisasaza ngokukhawuleza ezifana ne-ransomware.
Ukuba ufuna ukuyivavanya kwindawo okuyo, kukho ulingo lwasimahla lwasimahla ekuvumela ukuba ulinge isisombululo ngedatha yokwenyani evela kumbutho wakho kwaye ulinganise impembelelo yayo ekubhaqweni kosongelo kunye nokuphendula.
Isebenza njani: Izinzwa, ilifu, kunye nobukrelekrele bezoyikiso
Intliziyo ye-MDE idibanisa i-telemetry kwisixhobo kunye ne-analytics esekelwe kwifu. Izinzwa zokuziphatha ezakhelwe ngaphakathi Windows 10 kwaye kamva uqokelele imiqondiso kwinkqubo yokusebenza., iguqulelwe kwiziganeko ezithunyelwa kumzekelo welifu ozimeleyo we-Microsoft Defender ye-Endpoint ukuze iqhutywe ngokukhuselekileyo.
Efini, Uhlalutyo lokhuseleko lusebenzisa idatha enkulu, ukufunda koomatshini, kunye nelensi yeMicrosoft kuzo zonke iiWindows, iinkonzo zeshishini (ezinje ngeOfisi 365), kunye nezixhobo ze-intanethi.Oku kuvumela iimpawu zokuziphatha ukuba zitshintshwe zibe ziziphumo ezisebenzayo kunye nezalathi kunye nokufumanisa kunye neengcebiso zokuphendula.
Konke oku kondliwa ubukrelekrele isoyikiso yenziwe ngamaqela e-Microsoft kwaye iqiniswe ngamaqabane, echonga izixhobo zabahlaseli, ubuchule kunye neenkqubo (TTPs). Xa ezi pateni zivela kwi-telemetry yesixhobo sakho, inkqubo yenza izilumkiso kwaye inokuqalisa iintshukumo zokuqulatha..
Ukongeza kwesi siseko setekhnoloji, IMicrosoft ibonelela ngezixhobo ezicacisayo kunye neevidiyo ukunceda amaqela okhuseleko aqonde kwaye asebenzise icandelo ngalinye leqonga ngaphandle kokulahleka kwiinkcukacha zobugcisa.
Izakhono eziphambili eziziswa liqonga
I-Defender ye-Endpoint idibanisa iindawo ezininzi ezisebenzayo ezigubungela umjikelo opheleleyo wokukhusela: ukuthintela, ukufumanisa, uphando, ukuphendula, kunye nokuphuculwa okuqhubekayo. Ezi ziziqwenga ezenza umahluko kwimo engqongileyo yokwenyani:
Ulawulo lobuthathaka
Isisombululo sibandakanya Ulawulo lobungozi obusekwe kumngcipheko wokubona, ukuvavanya, ukubeka phambili, kunye nokulungisa ubuthathaka kunye nokungalungelelanisi.Ungakuqonda ukuvezwa kwakho kokwenyani, ukubeka phambili ngempembelelo, kwaye usebenzise ngokufanelekileyo izilungiso kwisixhobo sakho sonke.
Kwimibutho efuna inqanaba eliphezulu leenkcukacha kunye nobuchule obuphambili, Kukho isongezo solawulo lobuthathaka kwiSicwangciso sesi-2, eyandisa ububanzi bovavanyo kunye nobunzulu beengcebiso.
Ukunciphisa indawo yokuhlaselwa
Olu seti yolawulo ngumgca wokuqala wokhuselo lwesitaki. Kubandakanya imigaqo-nkqubo kunye neendlela zokunciphisa ukuqina kwenkqubo, ukhuseleko lwenethiwekhi, kunye nokukhusela iwebhu., ngenjongo yokunciphisa amandla okuphumeza ii-vectors zokuhlasela eziqhelekileyo.
Las ukuhlaselwa kwemithetho yokunciphisa umphezulu Bajolisa kwiindlela zokuziphatha zesoftware ezinobungozi, ezifana nokusebenzisa imibhalo engacacanga okanye ukukhuphela izinto eziphunyeziweyo kwiinkqubo zeofisi. Nangona abanye apps Imithetho esemthethweni ingenza into efanayo, le mithetho ithintela iipateni ezisetyenziswa kakubi isoftwe nabachasi.
Ukukhuselwa kwisizukulwana esilandelayo
Ukhuseleko lwe-antimalware lwesizukulwana esilandelayo ludibanisa Ukufunyanwa okusekwe kwindlela yokuziphatha, i-heuristics, kunye nohlalutyo lwexesha lokwenyani. Ngombulelo kwinkonzo yelifu, iisignesha kunye neemodeli zihlaziywa ngokukhawuleza, ukufumanisa nokuthintela izoyikiso ezivelayo phantse ngoko nangoko.
Ukufunyanwa kweNgqiqo kunye neMpendulo (EDR)
Nge-EDR, amaqela okhuseleko angakwazi bhaqa, aphande, kwaye uphendule kwizoyikiso eziphambili eziluphepha ulawulo lothinteloIcandelo lokuZingela okuPhambili lenza imibuzo ekhawulezileyo ukuzingela imiqondiso yokungena kunye nokudala ubhaqo olulungiselelwe indawo yakho.
Uphando oluzenzekelayo kunye nolungiso
Ukuzenzekela kunciphisa kakhulu umthwalo we-SOC. I-MDE inokuphanda izilumkiso, imisele umda, kwaye isebenzise ngokuzenzekelayo isiqulatho okanye iintshukumo zokulungisa., ukunciphisa umthamo wezilumkiso ezifuna ukuphononongwa ngesandla kunye nokukhawuleza ixesha yempendulo.
Amanqaku okhuseleko lwezixhobo
La Microsoft Inqaku loKhuseleko lweZixhobo Inceda ukuvavanya ngokuguquguqukayo imeko yokhuseleko jikelele, ukuchonga iinkqubo ezingakhuselekanga kunye nokuphakamisa izenzo. Yikhampasi ecacileyo yokubeka phambili uphuculo olunciphisa ngokwenene umngcipheko..
Usongelo iingcali
I-Defender ye-Endpoint ibandakanya inkonzo ye ilawulwa ukuzingela isoyikiso ngoochwephesha beMicrosoft, bebonelela ngomxholo, ukubeka phambili, kunye nenkxaso ethe ngqo kumaziko okusebenza kokhuseleko. Injongo kukuchonga nokuyeka ukuhlaselwa ngokuchanekileyo kwaye ngokukhawuleza..
Ubumbeko obusembindini kunye nee-APIs
Ulawulo ludityanisiwe kwi Microsoft Defender portal, kunye nemigaqo-nkqubo ephakathi, isixhobo kunye nokubonakala kwesoyikiso, kunye nokuhamba komsebenzi wokuphendula. Ii-APIs zikuvumela ukuba uzenzele iinkqubo kwaye udibanise nezixhobo zakho. ukulungelelanisa isisombululo kwimisebenzi yakho.
Ukudityaniswa kwemveli kunye neMicrosoft Defender XDR
I-Defender ye-Endpoint idibanisa ngokuthe ngqo ne-ecosystem ye-Microsoft. IMicrosoft Defender XDR inikezela ngokhuselo olumanyeneyo ngaphambi nasemva kongenelelo., isiphelo esinxibelelanayo, isazisi, i-imeyile, kunye nemiqondiso yesicelo ukuzibona ngokuzenzekelayo, ukuthintela, ukuphanda, kunye nokuphendula.
Ukuhlanganiswa okuphawulekayo kubandakanya Microsoft Defender for Cloud, Microsoft Sentinel, Intune, Microsoft Defender for Cloud Apps, Microsoft Defender for Identity, kunye neMicrosoft Defender for Office. Nditsho neemeko ngeSkype yeShishini zineziqhagamshelo ukwandisa ukubonakala kunye nokulawula.
Oku kudityaniswa kuyakuvumela ukwakha ulwakhiwo lokhuseleko oluhambelanayo, ukunciphisa iindawo ezingaboniyo kunye nokukhawuleza ukuphendula ngokudibanisa izilumkiso, iziganeko kunye nezenzo ngendlela edibeneyo.
Izicwangciso kunye nokugxila kwi-Defender ye-Endpoint Plan 1
Microsoft inikeza ezimbini Defender for Endpoint izicwangciso, enamanqanaba ahlukeneyo okusebenza. Ngezantsi izakhono ezibandakanyiweyo kwiSicwangciso soku-1 eziluncedo ukwazi, ngakumbi ukwakha isiseko esiluqilima sokuthintela nokulawula.
Iintshukumo zokuphendula ngesandla kwizixhobo kunye neefayile
I-SOC inokuphumeza iimpendulo ngesandla Xa izoyikiso zifunyenwe, la ngamanyathelo aphambili aqukwe kwisicwangciso:
- Qhuba i-antivirus scan kwisixhobo esinokuba sesichengeni sokubona kunye nokunciphisa izoyikiso ezisebenzayo.
- Yahlula isixhobo ukusuka kuthungelwano lwenkampani ngelixa ugcina unxibelelwano kunye ne-MDE, ukuvumela ukubeka iliso kunye nokusebenzisa izenzo ezininzi ngaphandle komngcipheko wokusasaza.
- Cwangcisa iiflegi ukubhloka okanye ukuvumela iifayile; ibhloko ithintela ukufunda, ukubhala, okanye ukwenza izinto ezithile eziphunyeziweyo, kwaye ivumela ukuthintela okanye ulungiso oluyimpazamo.
Ezi mpendulo zifika ngexesha nceda ukubamba kwangethuba, ukuphepha ukunyakaza kwecala kunye nokunciphisa impembelelo yesiganeko.
Ulawulo lokunciphisa umphezulu womngcipheko
Isicwangciso sidibanisa ulawulo lothintelo olwaziwayo ngokusebenza kwalo mihla le. Injongo yayo kukuthintela izoyikiso eziqhelekileyo ukuba zingabonakali.:
- Imithetho yokunciphisa umphezulu ngokuchasene nokuziphatha okusemngciphekweni omkhulu (izikripthi ezifihlakeleyo, ukuphunyezwa kokubini okukhutshelweyo, iiautomations ezikrokrisayo).
- Ukunciphisa i-ransomware ngokufikelela kwifolda elawulwayo, ukuvumela kuphela izicelo ezithembekileyo ukuba zisebenze kwiindawo ezikhuselweyo.
- Ulawulo lwesixhobo for i-USB kunye nemidiya esuswayo, elawula ukuba zeziphi iiperipherals okanye iifayile ezivumelekileyo okanye ezivaliweyo.
- Ukukhuselwa kwiwebhu ngokuchasene nenkohliso, iisayithi ezingahlonelwayo, kunye nohluzo lodidi ukunqanda umxholo ongafunekiyo.
- ukhuseleko lwenethiwekhi ukuvala imimandla eyingozi enxulunyaniswa nobuqhophololo okanye ukusetyenziswa kobungozi.
- I-Firewall ibomvu kunye nemithetho echaza ukuba yeyiphi i-traffic egunyazisiweyo, exhasa ukukhuselwa kwedatha ebuthathaka kunye nokwahlulahlula.
- Ulawulo lwe-App ye Windows 10 okanye kamva, ivumela ukuphunyezwa kwekhowudi ethembekileyo kuphela kunye nokubini kwindlela yekernel.
Iqwalaselwe kakuhle, olu lawulo ukunciphisa kakhulu izinga lesiganeko Kwaye xa kukho into etyhutyhayo, zenza kube lula ukuba ezinye izakhono ziyibhaqe kwaye ziyiquke kwangexesha.
Ulawulo oluphakathi, i-RBAC, ingxelo, kunye nee-APIs
El Microsoft Defender portal igxininisa ukubonakala kwingozi, izehlo, kunye nolungelelwaniso. Nge I-RBAC (Ulawulo oluSekwe kwindima yoFikelelo) Unokulawula ngokucokisekileyo ukuba ngubani obona ukuba yintoni na amanyathelo anokuthi athathwe, kubandakanya ukufikelela kwi-portal ngokwayo kunye ne-Defender ye-Cloud.
Amava ingxelo ibandakanya iphepha laseKhaya elinamakhadi omngcipheko kubasebenzisi kunye nezixhobo, indawo yokunika ingxelo Iziganeko kunye nezilumkiso, un IZiko leentshukumo ngembali yolungiso kunye necandelo le Iingxelo ekuvumela ukuba ujonge ukuvela kwezisongelo kunye nokuma.
Kwelinye icala, i Public APIs I-Defender ye-Endpoint yamandla ikuvumela ukuba wenze ngokuzenzekelayo ukuhamba komsebenzi, ukudibanisa ne-SIEM / SOAR izixhobo, kunye nokulungelelanisa i-orchestration kwiimfuno zakho ze-SOC.
Ukudityaniswa kwemveli kunye neMicrosoft Defender XDR
I-Defender ye-Endpoint idibanisa ngokuthe ngqo ne-ecosystem ye-Microsoft. IMicrosoft Defender XDR inikezela ngokhuselo olumanyeneyo ngaphambi nasemva kongenelelo., isiphelo esinxibelelanayo, isazisi, i-imeyile, kunye nemiqondiso yesicelo ukuzibona ngokuzenzekelayo, ukuthintela, ukuphanda, kunye nokuphendula.
Ukuhlanganiswa okuphawulekayo kubandakanya Microsoft Defender for Cloud, Microsoft Sentinel, Intune, Microsoft Defender for Cloud Apps, Microsoft Defender for Identity, kunye neMicrosoft Defender for Office. Nditsho neemeko ngeSkype yeShishini zineziqhagamshelo ukwandisa ukubonakala kunye nokulawula.
Oku kudityaniswa kuyakuvumela ukwakha ulwakhiwo lokhuseleko oluhambelanayo, ukunciphisa iindawo ezingaboniyo kunye nokukhawuleza ukuphendula ngokudibanisa izilumkiso, iziganeko kunye nezenzo ngendlela edibeneyo.
Izicwangciso kunye nokugxila kwi-Defender ye-Endpoint Plan 1
Microsoft inikeza ezimbini Defender for Endpoint izicwangciso, enamanqanaba ahlukeneyo okusebenza. Ngezantsi izakhono ezibandakanyiweyo kwiSicwangciso soku-1 eziluncedo ukwazi, ngakumbi ukwakha isiseko esiluqilima sokuthintela nokulawula.
Iintshukumo zokuphendula ngesandla kwizixhobo kunye neefayile
I-SOC inokuphumeza iimpendulo ngesandla Xa izoyikiso zifunyenwe, la ngamanyathelo aphambili aqukwe kwisicwangciso:
- Qhuba i-antivirus scan kwisixhobo esinokuba sesichengeni sokubona kunye nokunciphisa izoyikiso ezisebenzayo.
- Yahlula isixhobo ukusuka kuthungelwano lwenkampani ngelixa ugcina unxibelelwano kunye ne-MDE, ukuvumela ukubeka iliso kunye nokusebenzisa izenzo ezininzi ngaphandle komngcipheko wokusasaza.
- Cwangcisa iiflegi ukubhloka okanye ukuvumela iifayile; ibhloko ithintela ukufunda, ukubhala, okanye ukwenza izinto ezithile eziphunyeziweyo, kwaye ivumela ukuthintela okanye ulungiso oluyimpazamo.
Ezi mpendulo zifika ngexesha nceda ukubamba kwangethuba, ukuphepha ukunyakaza kwecala kunye nokunciphisa impembelelo yesiganeko.
Ulawulo lokunciphisa umphezulu womngcipheko
Isicwangciso sidibanisa ulawulo lothintelo olwaziwayo ngokusebenza kwalo mihla le. Injongo yayo kukuthintela izoyikiso eziqhelekileyo ukuba zingabonakali.:
- Imithetho yokunciphisa umphezulu ngokuchasene nokuziphatha okusemngciphekweni omkhulu (izikripthi ezifihlakeleyo, ukuphunyezwa kokubini okukhutshelweyo, iiautomations ezikrokrisayo).
- Ukunciphisa i-ransomware ngokufikelela kwifolda elawulwayo, ukuvumela kuphela izicelo ezithembekileyo ukuba zisebenze kwiindawo ezikhuselweyo.
- Ulawulo lwesixhobo ye-USB kunye nemidiya esusekayo, ukulawula ukuba zeziphi iiperipherals okanye iifayile ezivumelekileyo okanye ezivaliweyo.
- Ukukhuselwa kwiwebhu ngokuchasene nenkohliso, iisayithi ezingahlonelwayo, kunye nohluzo lodidi ukunqanda umxholo ongafunekiyo.
- ukhuseleko lwenethiwekhi ukuvala imimandla eyingozi enxulunyaniswa nobuqhophololo okanye ukusetyenziswa kobungozi.
- I-Firewall ibomvu kunye nemithetho echaza ukuba yeyiphi i-traffic egunyazisiweyo, exhasa ukukhuselwa kwedatha ebuthathaka kunye nokwahlulahlula.
- Ulawulo lwe-App ye Windows 10 okanye kamva, ivumela ukuphunyezwa kwekhowudi ethembekileyo kuphela kunye nokubini kwindlela yekernel.
Iqwalaselwe kakuhle, olu lawulo ukunciphisa kakhulu izinga lesiganeko Kwaye xa kukho into etyhutyhayo, zenza kube lula ukuba ezinye izakhono ziyibhaqe kwaye ziyiquke kwangexesha.
Ulawulo oluphakathi, i-RBAC, ingxelo, kunye nee-APIs
El Microsoft Defender portal igxininisa ukubonakala kwingozi, izehlo, kunye nolungelelwaniso. Nge I-RBAC (Ulawulo oluSekwe kwindima yoFikelelo) Unokulawula ngokucokisekileyo ukuba ngubani obona ukuba yintoni na amanyathelo anokuthi athathwe, kubandakanya ukufikelela kwi-portal ngokwayo kunye ne-Defender ye-Cloud.
Amava ingxelo ibandakanya iphepha laseKhaya elinamakhadi omngcipheko kubasebenzisi kunye nezixhobo, indawo yokunika ingxelo Iziganeko kunye nezilumkiso, un IZiko leentshukumo ngembali yolungiso kunye necandelo le Iingxelo ekuvumela ukuba ujonge ukuvela kwezisongelo kunye nokuma.
Kwelinye icala, i Public APIs I-Defender ye-Endpoint yamandla ikuvumela ukuba wenze ngokuzenzekelayo ukuhamba komsebenzi, ukudibanisa ne-SIEM / SOAR izixhobo, kunye nokulungelelanisa i-orchestration kwiimfuno zakho ze-SOC.
I-Multiplatform coverage: Windows, macOS, Linux, mobile kunye ne-IoT
Elinye lamandla eqonga kukufikelela kwalo. I-MDE igubungela izixhobo zeWindows, iMacOS, kunye neLinux, kunye ne-Android kunye ne-iOS.Kwakhona kwandisa ukhuseleko kwiimeko ze-IoT, apho ukubonakala kunye nokwahlula kubaluleke kakhulu ekunciphiseni indawo yokuhlaselwa.
Olu bubanzi, ludityaniswe nemigaqo-nkqubo ehambelanayo, ivumela ulawulo olungaguquguqukiyo ukuba lusetyenziswe kuzo zonke iimeko ezingqongileyo ezahlukeneyo, ngengxelo emanyeneyo namandla okuphendula asebenza ngokulinganayo kwiinkqubo ezahlukeneyo.
Ukuphazamiseka kokuhlaselwa okuzenzekelayo, ukukhohlisa kunye nokuma kokhuseleko
Ngaphaya kokubhloka kunye nokulumkisa, i-MDE idibanisa izakhono zoku ukuphazamisa ngokuzenzekelayo uhlaselo oluqhubekayo, ukuxhomekeka kwiimodeli ze IA, imiqondiso ye-multi-domain kunye nobukrelekrele bezoyikiso. Ngoko, Amaphulo afana neransomware anokumiswa ngaphambi kokuba asasazeke.
Iqonga likwahambisa iindlela zokukhohlisa ezizenzekelayo eyenza imiphezulu yokuhlasela eyenziweyo. Injongo kukutsala kunye nokubona abangeneleli kumanqanaba abo okuqala., ukubonelela ngezibonakaliso eziphezulu zokunyaniseka ukuqalisa ukuthintela ngaphandle kwengxolo engadingekile.
Ngokuhambelanayo, i ulawulo lwesimo sokhuseleko Ichonga ubuthathaka besoftware kunye nolungelelwaniso olulambathayo, kunye neengcebiso eziphambili. Uhlalutyo lwendlela yokuhlaselwa inceda ukuqonda ukuba ubuthathaka obuninzi bunganxulunyaniswa njani ukufikelela kwidatha ebalulekileyo.
I-Microsoft Defender ye-Endpoint idibanisa uthintelo, i-EDR, i-automation, kunye nobukrelekrele kwisikali ukukhusela isiphelo kwiindawo zanamhlanje. Ukongeza udibaniso lwe-XDR, ulawulo lobuthathaka, kunye nolawulo lomphezulu, imibutho inokunciphisa imingcipheko, ikhawulezise iimpendulo, kwaye igcine ukuhlaselwa ngokukhawuleza kunye nobunzima.
Umbhali onomdla malunga nehlabathi le-bytes kunye netekhnoloji ngokubanzi. Ndiyakuthanda ukwabelana ngolwazi lwam ngokubhala, kwaye yile nto ndiza kuyenza kule bhlog, ndikubonise zonke izinto ezinomdla malunga nezixhobo, isoftware, ihardware, iindlela zetekhnoloji, kunye nokunye. Injongo yam kukukunceda uhambe kwihlabathi ledijithali ngendlela elula neyonwabisayo.