Enterprise Threat Detection

ETD enables an enterprise to utilize agents built-in to the Windows operating system to monitor for attacks and threats. Windows error reports and malware telemetry are forwarded to our analysis team who can evaluate this information against Microsoft’s global sensor network. This enables the use of the infrastructure as a sensor to help determine if the network is under attack, vulnerable, and non-compliant.

How the Offering Works

Microsoft will work with you to configure your clients to send Windows error reports to one or more ETD collectors deployed on your network. This can all be performed through Active Directory and there is no software to deploy to clients. These collectors will in turn forward these reports to the ETD Analysis Center where our analysts will use advanced heuristics to analyze these error reports. This analysis can be used to detect attempted attacks, vulnerable systems, persistent malware, and unapproved applications.

Our analysts will also query malware telemetry gathered from Microsoft ForeFront, Security Essentials, Windows Defender, and the Malicious Software Removal Tool for telemetry coming from your network. The analyst team then interprets and synthesizes this information to provide actionable reports to your security staff.

The Offering consists of weekly, monthly and/or quarterly reports on findings that are not an imminent threat and “out of band” reporting on critical network threats such as an on-going attack or serious vulnerability.

Backed by Microsoft’s Unique Expertise

ETD is built using unique expertise that Microsoft has developed over the past ten plus years associated with recognizing malicious activities in crash dumps, performing root cause analysis of exploit failures, analyzing malware, tailoring operating systems and applications to make exploit failures more likely and stand out, along with our deep knowledge and understanding of the internal workings of our operating systems and applications.

Subscription Components

  • ETD is provided as an annual fixed-fee subscription service.
  • Architectural guidance on deploying ETD Collectors and enabling error report collection through Active Directory.
  • Customers are licensed to install as many ETD Collectors as required for the duration of the subscription.
  • Weekly, monthly and/or quarterly reports on findings that do not pose an immediate threat to your network.
  • Out-of-band reporting on immediate threats and active attacks once detected.
  • Quarterly executive updates to review high level trending over the course of the engagement.

Note: ETD subscription pricing does not include the cost of the collector hardware or required collector Windows operating system licenses. Pricing will vary based on number of Windows endpoints within the organization.

Microsoft Services

At Microsoft Services, we have a wealth of knowledge that comes from working with thousands of customers around the world in virtually every industry, as well as direct access to product groups. We utilize this knowledge and experience to help our customers adopt and deploy Microsoft technologies efficiently and cost effectively, reducing the time it takes customers to realize value from their Microsoft investments.

Contact your Microsoft Account Team to learn more.