In early 2023, Microsoft launched Defender for Identity, a replacement for their former Advanced Threat Analytics (ATA) feature, which aims to offer visibility by helping to identify threats and provide actionable reports on attacks. This product is meant to provide great insight into where threats are coming from, but it doesn’t immediately stop the attack from happening and doesn’t keep sensitive information from leaving your company.
While this is a step in the right direction, it certainly isn’t a catch-all solution, much like Microsoft 365's security is not completely adequate for the modern enterprise and must be augmented by other solutions like Clearswift's Secure Email Gateway appliance and Data Loss Prevention solutions. From a security standpoint, a defense-in-depth strategy has always been held up as the way to go…and that is still true today. New threats give rise to new solutions, but it doesn’t mean the old threats go away.
Why Defender for Identity Is Not Ultimate Protector
Counter to what it purports to do, Defender for Identity has the potential to leave a gaping hole in security – sensitive information may be pulled off the network while the security threat profile is being identified. And behavioral analysis technologies like those in MDI can be extremely tricky to implement and take a long time to deliver impactful information.
Analytics take time to build a baseline to compare data to, and if nefarious activity is happening during the time when the baseline is being conducted, that activity may be considered “normal” moving forward. It can also be very difficult to account for anomalies in behavior with analytics technologies, like reporting, that may occur at intervals such as the end of the month, end of quarter, or end of the year. There is no doubt that things are improving, but they are still far from being reliable. When it comes to protecting critical information, reliability is key.
Security breaches are almost a daily occurrence, and as workforces continue to diversify and cloud storage and collaboration tools become the norm the trend is becoming worse rather than better. This makes data loss prevention a top priority in our evolving workplace. MDI is meant to address the issues presented by increased cloud collaboration with products like Microsoft 365 or Dropbox, the rise of BYOD, and the changing work environment. Unfortunately, without data loss prevention as part of the Defender for Identity solution, supplemental products are needed to address specific data loss threats.
Why Defender Needs Protection of a SEG on the Reg
While it can be used along with the rest of the M365 security portfolio (such as Defender for Endpoint) to cross-analyze domain threat data in one dashboard, only when it's paired with DLP solutions can MDI provide a more complete solution that keeps critical information where it should be, protecting businesses against both inadvertent and malicious data loss.
While Defender for Identity mainly focuses on external attacks, according to recent statistics from Tech Report, approximately 31% (or nearly one-third) of all data breaches in 2022 were caused by insider threats–whether that be an insider, contractor, or employee.
This is where Clearswift's Adaptive Redaction technology comes in. This complementary solution prevents the loss of sensitive information immediately and effectively without disrupting the flow of business. So when combined with MDI or other solutions, Adaptive Redaction provides the perfect integrated approach to security.
Unlike traditional “stop and block” DLP solutions, Adaptive Redaction doesn’t stop the flow of business, it simply removes the precise information that breaks policy, by stripping it out of emails, and documents, leaving the rest to continue on, allowing you to continue without the hassle of emails stuck in quarantine pending IT approval. It’s simple, effective and powerful in protecting your data.
Advances in security are always welcome. We commend Microsoft for expanding their product to provide added security features, but we caution users and businesses against using MDI on its own. It’s important to make sure companies have all aspects of security covered, and analytics can only go so far. We recommend businesses make sure to do their due diligence in researching security solutions and look for products or combinations of products that can actively safeguard critical data in real time.