The name “Microsoft Defender” has gone from relating to an mediocre integrated antivirus program to being a brand for a large suite of security products. In this article we focus on Microsoft Defender products that keep computers safe (as opposed to applications like Defender for O365)
While Defender makes sense when you see it laid out in this graphic we built to explain the core products of the Microsoft Defender suite, it certainly can be overwhelming. Lets explain what the different Defender products do and how they relate to each other.
Brief History of Windows Defender
As 1994 was coming to a close, Microsoft announced it had acquired a pretty good antivirus and antimalware company named GIANT (yes, all capitalized). At the time they said they would not compete with third party antivirus companies like McAfee and Symantec and that it was primarily buying GIANT’s intellectual property (and employees) to provide Exchange mail servers with more than just basic protection. Well, time moved on and by 2006 Microsoft announced Windows Defender Antivirus could be downloaded for free on most Windows desktop operating systems like Windows XP and Vista.
By 2008 Microsoft had released Forefront to scan mail routed through MS Exchange Mail Servers which cost about $15 per user mail box (calendars and shared mail boxes were free).
Today Forefront products and Defender antivirus have been rolled up into the Defender line of products. If it relates to Microsoft security, it likely starts with the word Defender.
What is Microsoft Windows Defender AntiVirus?
Microsoft Windows Defender AntiVirus is a effective and well rated, but old-school, signature based antivirus program that comes pre-installed for free on all Windows Operating Systems since Windows Server 2019 and Windows 7 desktop.
Windows Defender mostly looks for known malware and stops it from installing or running. It does provide a very basic level of heuristics, meaning that it will also stop viruses and other malware based on their behaviors, but not provide any in depth protection from the actions of unknown malicious programs. In other words, it has basic algorithms that look for critical registry key changes, startup programs being added, or unusual changes to files, but in todays fast paced world it does little to stop what used to be highly advanced attacks that are now commonplace. For instance, if a program that is not on Defenders signature list of known malware programmatically uses Internet Explorer to FTP files to Russia in the background, it will do nothing to stop it.
Many corporations use System Center to manage Windows Defender AntiVirus. The SCCM module is named System Center Endpoint Protection (aka SCEP), but will likely be renamed something starting with the word Defender in the coming years.
What is Windows Defender For Endpoints?
Windows Defender For Endpoints is simply the combination of:
- Windows Defender Antivirus
- many very good control rules
- A.I. based pattern recognitions (i.e. something is encrypting your hard drive… and it is not you!)
- Management and configuration tools
- Reporting tools
to keep desktop computers safe. It does NOT include Windows Server (see below).
What is Windows Defender For Servers?
Windows Defender For Servers is actually two products:
- What is Windows Defender For Servers Plan 1? – Windows Defender for Endpoints that works on Windows Servers that costs about $5 per server per month
- What is Windows Defender For Servers Plan 2? – Windows Defender for Endpoints that works on Windows Servers plus a host of advanced features that costs about $15 per server per month.
See the table below for the details and a comparison of Windows Defender for Servers Plan 1 vs Plan 2.
Defender AntiVirus vs Defender For Endpoints, vd Defender to Servers Comparison
DEFENDER FOR FEATURE | DEFENDER ANTIVIRUS | DEFENDER ENDPOINTS | SERVERS PLAN 1 | SERVERS PLAN 2 |
End point detection & response (Windows Defender Antivirus) | Y | Y | Y | Y |
Hardening recommendations | Y | Y | Y | |
Vulnerability assessment using Microsoft Threat & Vulnerability Management | Y | Y | Y | |
Attack surface reduction | Y | Y | Y | |
Next generation antivirus protection | Y | Y | Y | |
Automated self -healing | Y | Y | Y | |
Log-analytics (500MB free) | Y | |||
Regulatory compliance assessment | Y | |||
Vulnerability assessment using Qualys | Y | |||
Network layer threat detection | Y | |||
Adaptive application controls | Y | |||
File integrity monitoring | Y | |||
Just-in-time VM access for management ports | Y | |||
Adaptive network hardening | Y | |||
What is Defender for Cloud?
Defender for Cloud is primarily an analytics tool that primarily uses information from all of the other Windows Defender products to not only keep your cloud computers safe from malware but also to proactively tell you what your should be doing to tighten security.
And while Windows Defender for Cloud if focused on Azure it can also work with Amazon Web Services (AWS), Google Cloud and your own hybrid cloud.
Windows Defender for Cloud even has the option to tie into Qyalis.
Are There More Microsoft Defender Products?
oooooh ya. There are lots more, here are just a few:
- Microsoft 365 Defender
- Microsoft Defender for Cloud
- Microsoft Defender Endpoint
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Microsoft Defender Vulnerability Management
- Microsoft Defender for Threat Intelligence
Defender For Servers Presentation Graphics
Here are some slides from a recent Microsoft presentation I participated in which focused on Microsoft Defender for Servers:
1 Comment
SOLVED: Missing Windows Server Agent Heartbeat – Check Azure Arc Status – Up & Running Technologies, Tech How To's · May 25, 2023 at 3:42 pm
[…] that Azure Arc enabled servers can be connected to Microsoft Sentinel and so this is often referred to as a Microsoft Sentinel service but it is actually Azure […]