Site icon Infused Innovations

Budgeting for Microsoft Defender XDR and Zero Trust Security

Budgeting for Microsoft Defender XDR and Zero Trust Security 4

Building a Zero Trust Security framework with 20+ vendors has zero chance of success. This is why budgeting for Microsoft Defender XDR for Zero Trust Security must be at the forefront of a modern cybersecurity strategy for organizations of any size that are running Microsoft Windows or Office 365.

Microsoft Defender XDR allows you to consolidate over 27 security vendors into one integrated platform. That means one vendor for support calls, one single pane of glass to perform digital forensic analysis, and the entire suite is connected via the Microsoft Intelligent Security Graph. (Not to mention seamlessly built-in to the productivity suite that millions of you use every day.)

What is Microsoft Defender XDR?

 

Announced at Microsoft Ignite in 2020, Microsoft Defender XDR is a unified cyber defense platform that encompasses the entire Microsoft security stack. It spans both the Microsoft 365 E5 security products and what was previously called Azure Security Center. Many MD XDR services have been recognized by Gartner as industry-leading solutions. Some of the flagship products it includes are:

Microsoft 365 Defender

(previously Microsoft Threat Protection)

Azure Defender

These products are available for both cloud-only and hybrid deployments. Using services like Azure Arc allows you to manage servers anywhere, whether it’s AWS, GCP, or on-premises including both physical boxes or virtual guests on Hyper-V, VMware, or Citrix. 

 

One financial benefit of standardizing on the MD XDR stack is that all of the Microsoft 365 Defender logs are ingested into Azure Sentinel for free. For estimating additional log ingestion costs, visit our pricing guide for Azure Sentinel.


Attacker Kill Chain with Multiple Vendors


 

In this example, a desktop user opens an email containing malware. While the entire attack chain is covered, it requires seven vendors! The complexity of this security environment will lead to delays in detection time and a lack of automated response. Performing digital forensics across the entire attack chain will be a laborious, manual, and time-consuming process.


Attacker Kill Chain with Microsoft 365 Defender


 

The same attacker kill chain can be protected entirely with Microsoft 365 Defender. Each MD XDR product enhances the fidelity of the previous alert, creating a single incident in Azure Sentinel that covers the entire attack. Using the Security Orchestration Automation & Response (SOAR) and Automated Investigation & Response (AIR) tools inside of MD XDR, you can have an automated response triggered in seconds instead of hours.


Microsoft 365 Defender License Comparisons

Most likely, you will choose around three personas listed on our Complete Microsoft 365 Licensing Comparison so that you don’t have to purchase Microsoft 365 E5 for everyone. But let’s take a closer look at some of the different ways to get E5 Security without buying M365 E5.

 

  
 
Azure AD P2
Microsoft Cloud App Security
Defender for Identity
Defender for Office 365
Defender for Endpoint
AIP P2
Advanced Compliance
- Advanced Auditing
- Advanced Data Governance
- Advanced eDiscovery
- Customer Lockbox
Information Barriers
Audio Conferencing
Phone System
Power BI Pro

Microsoft 365 E3

$32
Monthly
Azure AD P2 : $9
Microsoft Cloud App Security : $3.50
Defender for Identity : $5.50
Defender for Office 365 : $5
Defender for Endpoint : $5.20
AIP P2
Advanced Compliance
- Advanced Auditing
- Advanced Data Governance
- Advanced eDiscovery
- Customer Lockbox
Information Barriers
Audio Conferencing : $4
Phone System : $8
Power BI Pro: $10

M365 E3 + E5 Security

$44
Monthly
Azure AD P2
Microsoft Cloud App Security
Defender for Identity
Defender for Office 365
Defender for Endpoint
AIP P2
Advanced Compliance
- Advanced Auditing
- Advanced Data Governance
- Advanced eDiscovery
- Customer Lockbox
Information Barriers
Audio Conferencing : $4
Phone System : $8
Power BI Pro: $10

M365 E3 + E5 Compliance

$42
Monthly
Azure AD P2 : $9
Microsoft Cloud App Security : $3.50
Defender for Identity : $5.50
Defender for Office 365 : $5
Defender for Endpoint : $5.20
AIP P2
Advanced Compliance
- Advanced Auditing
- Advanced Data Governance
- Advanced eDiscovery
- Customer Lockbox
Information Barriers
Audio Conferencing : $4
Phone System : $8
Power BI Pro: $10

Microsoft 365 E5

$57
Monthly
Azure AD P2
Microsoft Cloud App Security
Defender for Identity
Defender for Office 365
Defender for Endpoint
AIP P2
Advanced Compliance
- Advanced Auditing
- Advanced Data Governance
- Advanced eDiscovery
- Customer Lockbox
Information Barriers
Audio Conferencing
Phone System
Power BI Pro



Microsoft 365 E5 Security & E5 Compliance Add-ons



Microsoft 365 E5 Security and Microsoft 365 E5 Compliance can only be purchased with Microsoft 365 E3, or the combination of Office 365 E3 and EM+S E3.

Microsoft 365 E5 Security

Microsoft 365 E5 Security is a must-have swiss army knife of security products, allowing for end-to-end visibility of attack chains for a user or device anywhere in the world. A brief overview of the features includes with Microsoft 365 E5 Security include:

Microsoft 365 E5 Compliance

The Microsoft 365 E5 Compliance add-on will only be necessary in larger organizations or specific job roles for SMBs. For most SMBs, the basic eDiscovery and AIP functionality included with Microsoft 365 E3 will be sufficient. A brief overview of the features includes with Microsoft 365 E5 Compliance include:

Co-managed 24×7 SIEM with Azure Sentinel


 

A co-managed SIEM is where your log data resides in your Azure Tenant, and a managed security solutions provider (MSSP) correlates and triages your incidents. While Microsoft Defender XDR has plenty of built-in AI and automation, it’s not ready to detect sophisticated attacks, such as the SolarWinds supply chain attack. Human beings are still required to correlate incidents and hunt for threats.

Infused Innovations offers a globally staffed 24×7 Security Operations Center (SOC) that can assist with monitoring your Azure Sentinel environment and maturing your cybersecurity practice. US-based resources are available for organizations with strict regulatory compliance. Our pricing starts at $500/mo per 10 GB of logs, or $10/mo per device.

Microsoft Defender XDR Ninja Training Series

Beyond the security benefits of MD XDR, you can provide career path development for your internal IT team. The free resources at Microsoft Learn and Pluralsight offer employees pre-defined learning paths. Additionally, there are a few great “Ninja” training guides available too:

Closing Thoughts on Budgeting for Microsoft Defender XDR

 

A Zero Trust Security model integrates all available threat signals and assumes breach. Using a multi-vendor approach with zero trust security creates complexity, which can lead to data silos and delayed detection times. Microsoft makes it easy to adopt Zero Trust without having to look elsewhere. To assist with budgeting for Microsoft Defender XDR, take a look at the Total Cost of Risk Calculator to estimate savings against your current multi-vendor costs.

For folks that say “I don’t like the idea of putting all my eggs in one basket” keep in mind that many of the MD XDR security tools came from Microsoft acquisitions. Microsoft also invests $1 Billion a year in security R&D and employs over 3,500 cybersecurity engineers. (Which is larger than the entire employee counts at some of the alternative vendors, including their sales staff.)

If you are looking for a trusted Microsoft Gold Partner to assist with implementing Microsoft Defender XDR, Infused Innovations has the only end-to-end Zero Trust Security offer in the Azure Marketplace. Our Microsoft Defender XDR offerings are built on the following services:

Interested in hearing more about our services? Fill out the contact form below!

Exit mobile version