News

Microsoft Defender Experts for Hunting Now Available

• By Kurt Mackie
• August 03, 2022

Microsoft Defender Experts for Hunting service has hit "general availability," according to an announcement made by the company on Wednesday.

This service is billed as something that organizations already having a "robust security operations center" would want. With it, Microsoft's security teams help organizations "proactively hunt threats using Microsoft Defender data," per the announcement.

"Our experts will hunt across your Microsoft 365 Defender data and investigate anything they find," Microsoft explained in this datasheet document. "Then, they will hand off validated alert information along with remediation instructions, so you can quickly respond."

The Microsoft Defender Experts for Hunting service offers threat hunting and analyses. Organizations get notifications about what's found, which gets published in the Microsoft 365 Defender portal. Microsoft also issues an overall summary report that's said to be "interactive." The service includes an "Ask Defender Experts" button in the Microsoft 365 Defender portal, which is used for getting advice from Microsoft's experts.

Customers get to talk with Microsoft security researchers, a Microsoft spokesperson clarified, via an Aug. 10 e-mail.

Microsoft also sells a "Microsoft Threat Experts -- Experts on Demand" service for chatting with Microsoft's security experts, which perhaps is unrelated to this product's Ask Defender Experts feature. However, the spokesperson clarified that "Defender Experts for Hunting adds to the original Experts on Demand feature to hunt across the ecosystem, providing detailed reporting throughout."

With the Microsoft Defender Experts for Hunting service, Microsoft looks for "malicious activity," including signs of human attackers. It's aided in this search, in part, by artificial intelligence to sort through "signals" information. Microsoft also investigates any threats found, and provides details regarding the "scope and method of entry" by an attacker.

There was no mention that Microsoft would fix software issues with this service. It seems to be an advisory service only.

The service offers proactive assistance to organizations, but exactly what's meant by that term wasn't described. However, the spokesperson clarified that it means 24 x 7 scanning.

Yes, the service proactively hunts for threats on a 24/7 basis. In working with customers, proactive threat hunting and specific expert advice were some of the top requested services from Microsoft.

Microsoft Defender Experts for Hunting is sold by Microsoft's sales teams, as well as partners. Pricing apparently isn't published.

Microsoft Defender Experts for Hunting is yet another new Microsoft Defender product that was released this week. Others include Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management, both of which also are commercially available as of this week.