Blog

Tailor your organisation’s cyber defences: it’s smarter than relying on an off-the-peg solution

""
by
Richard Jackson

Implementing cloud security solutions without configuring them correctly might mean missing out on features that boost your organisation’s resilience and save on costs.

Two college staff looking at a laptop.

The UK Government’s cyber security breaches survey 2024 makes painful reading. It summarises the scale of the threat to businesses, the public sector and education organisations and shows 86% of FE organisations identified a breach or attack last year and 97% of HE institutions experienced a cyber-attack.

Thanks to robust efforts in the sector many of these were repelled or minimised, and in Jisc’s cloud security team we’re working with members to keep improving defences against a threat that is still escalating.

Security reviews

One key aspect of our approach is security reviews against leading cloud tenancies, including Microsoft 365 (M365). It is a highly popular choice in UK education organisations, and in our M365 security reviews we often see customers have deployed Microsoft Defender XDR.

Why Microsoft Defender XDR?

Microsoft Defender XDR is a unified pre- and post-breach enterprise defence suite that natively coordinates detection, prevention, investigation and response across endpoints, identities and communications platforms including email and cloud applications to give integrated protection against sophisticated attacks.

It is a highly effective product that can help security teams protect their organisations by using information from other Microsoft security products, including:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender Vulnerability Management
  • Microsoft Defender for Cloud
  • Microsoft Entra ID Protection
  • Microsoft Data Loss Prevention
  • Microsoft app governance

Too often, though, we find organisations haven’t optimised the configuration. Out of the box, many of the product’s valuable features and capabilities aren’t enabled. The result is that customers are paying for features they aren’t using. Their security posture is not as strong as it could be– and they may even be paying a third party for solutions they already have access to in Microsoft Defender XDR.

Optimising Microsoft Defender XDR

Many organisations don’t realise that their Microsoft Defender XDR deployment isn’t fully optimised. Valuable security features often remain disabled, meaning organisations might not be getting the full protection they’re paying for. A properly configured Defender XDR setup can significantly enhance threat detection, investigation, and response while reducing reliance on third-party tools.

Based on our work across the sector, we’ve identified key areas where organisations can improve their security posture:

  • Endpoint security: ensuring Defender for Endpoint is tuned to detect, investigate, and respond to advanced threats effectively.
  • Email protection: strengthening defences against phishing and collaboration-based threats using Defender for Office 365.*
  • Cloud application security: gaining visibility and control over cloud applications through Defender for Cloud Apps.
  • Identity protection: identifying and mitigating Active Directory-based threats with Defender for Identity.*
  • Cloud workload security: enhancing protection for cloud and on-premise workloads using Defender for Cloud.**

(*Requires Microsoft A5/E5 licences)
(**Requires Microsoft Azure subscription)

Through security reviews, we’ve seen first-hand the difference that optimising Defender XDR can make.

For example, we’ve worked with colleges and universities to identify quick wins, such as meeting the prerequisites for automatic attack disruption and enabling features like honeytokens in Defender for Identity. Both are relatively straightforward to configure but can significantly enhance an organisation’s detection and response capabilities. By flagging features that are not enabled by default, we help institutions make the most of their XDR platform- with clear improvements to their overall security posture as a result.

Another common misconfiguration we encounter involves the deployment of Attack Surface Reduction (ASR) rules. These rules effectively act as a host-based intrusion prevention system and are a key feature of Microsoft Defender for Endpoint (MDE). ASR can be challenging to implement, but our reviews highlight any gaps and areas for improvement to ensure each endpoint is properly secured. This is particularly important for reducing the risk and impact of ransomware and other common malware techniques, tools, and procedures.

Security is an ongoing process, and organisations should regularly review their configurations to ensure they are keeping up with emerging threats. By making informed adjustments, institutions can strengthen their resilience and maximise the value of the tools they already have.

Starting points: Defender Review and Defender Optimizer services

To assist organisations in optimising their Microsoft Defender XDR configurations, Jisc offers two tailored services:

  • Defender Review: this service provides a comprehensive assessment of your current Defender XDR setup, identifying misconfigurations and areas for enhancement to bolster your security posture.
  • Defender Optimizer: building upon the insights from the Defender Review, this service offers hands-on support to implement recommended configurations, ensuring your Defender XDR deployment is fully optimised for maximum protection.

Both services are designed to help you make the most of your existing Microsoft licensing, enhancing security while potentially reducing costs.

More information

For more information please contact your Jisc relationship manager, make a customer enquiry here, or email us at customer.support@jisc.ac.uk.

About the author

""
Richard Jackson
Head of cloud security, Jisc