Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Defender for Endpoint Gets New Zeek Integration to Detect Network-Based Threats

Microsoft has partnered with Corelight to add a new Zeek integration to its Defender for Endpoint solution. The new integration helps to reduce the time required to detect sophisticated network-based threats in enterprise environments.

Zeek is an open-source tool that monitors network traffic packets to detect malicious activity within a network. Microsoft Defender for Endpoint can now inbound and outbound traffic with a new Zeek engine that can aggregate network protocol data across an entire TCP/UDP session.

According to Microsoft, these insights help to improve the detection of network-based attacks. It can also detect attacks on non-default ports and respond to emerging network-based threats such as Log4Shell and PrintNightmare.

“The integration of Zeek into Microsoft Defender for Endpoint provides a powerful ability to detect malicious activity in a way that enhances our existing endpoint security capabilities, as well as enables a more accurate and complete discovery of endpoints & IoT devices,” the company explained.

Microsoft Defender for Endpoint currently provides two Zeek-based detection capabilities for enterprise customers. The first feature allows IT admins to identify PrintNightmare exploitation attempts in their network. Moreover, Microsoft Defender for Endpoint can show alerts for proprietary password spray attacks.

Microsoft Defender for Endpoint Gets New Zeek Integration to Detect Network-Based Threats — PrintNightmare Alert

Microsoft Defender for Endpoint adds new device discovery enhancements

Additionally, Microsoft says that the latest update brings improvements to passive device discovery capabilities in Microsoft Defender for Endpoint. This release brings out-of-the-box support for several popular device discovery protocols such as NTLM, SSH, and FTP.

Microsoft notes that the new Zeek integration doesn’t replace traditional Network Detection and Response solutions. Instead, it serves as a complementary data source that provides network signals that would otherwise be overlooked. “Microsoft recommends that security teams combine both data sources – endpoint for depth, and network for breadth – to gain full visibility across all parts of the network,” Microsoft added.

by Rabia Noureen
Nov 28, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Mitigating Identity-Related Risks With Windows Hello for Business and Seamless Single Sign-On (SSO)

Jun 26, 2023
Implementing Access Controls using Microsoft Intune

Jun 28, 2023
How to Protect Windows Devices with Microsoft Defender for Endpoint

Aug 30, 2023
Sep 07, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.