Automate phishing simulations and reduce third-party security costs through AI integration
What is our primary use case?
My main use cases for Microsoft Security Exposure Management involve using a third-party tool called Infosec for all security aspects, including monitoring attacks from external sources and implementing phishing simulation training. Recently, we have also started using Microsoft Security and Defender internally. I lead this effort, and I automate sending phishing emails monthly, along with conducting annual training. It has been really great. We receive good feedback because we can customize it, and it is very trustworthy and secure. Additionally, regarding the security part, when looking at Entra ID, we consider conditional access, MFA, and the dashboard that shows our score based on 100%. Initially, our company was at 30% out of 100%, but when I joined, I was able to bring it up to 60%, which our team is very proud of. Following their recommendations, the remediation, and the detailed explanations on the dashboard is very helpful. You do not need to know a lot because they explain everything clearly and guide you through it, making it very easy to understand.
What is most valuable?
I consider integrating AI into our system to be one of the most valuable features of Microsoft Security Exposure Management because, as I mentioned, humans get tired and cannot work 24/7. AI can store more knowledge than a human brain. Therefore, using and integrating AI into our system is going to help us become more secure and improve our scores faster, in my opinion.
My impression of Microsoft Security Exposure Management's ability to provide unified security insights across multi-cloud, SaaS, identity, OT, IoT, and non-Microsoft tools is quite positive. I was very impressed with the keynotes and the session about the new Security Copilot and cloud agents. I feel this will change the IT perspective significantly. People will start thinking about how to use AI and integrate it to make our environment more secure and work more efficiently, allowing us to focus on more innovative tasks. You do not have to sit down all the time; you can let the agent run automatically and follow a more secure path. I believe this is going to be a really great innovation.
I evaluate the impact of Microsoft Security Exposure Management on our SOC operations efficiency from pre- to post-breach protection positively. We utilize a third-party security platform named Recon, which helps us monitor external attacks. However, we also have Microsoft Defender as a secondary secure layer. We receive notifications when users access untrusted websites or download large amounts of data from untrusted apps. As soon as we receive a notification, we contact our third party, Recon. With the changes I learned, I feel we no longer need a third-party tool. We can build an agent just like Recon did, and integrate it into our system to handle all the work, which means saving tons of money for the company, making everyone happy.
The critical asset management feature of Microsoft Security Exposure Management helps in tagging and prioritizing high-value assets significantly. We also use a third-party organization for managing critical vulnerabilities and utilize the HPS dashboard. They provide us with monthly patches since Microsoft has a monthly update cycle. They show us pending updates or indicate if there are updates several months behind, highlighting critical vulnerabilities we must address. However, integrating Microsoft vulnerability management with the agent will be very beneficial. We can eliminate third-party tools and utilize the agent correctly, inputting the necessary knowledge that will save us a lot of money.
What needs improvement?
I see potential for improvement in Microsoft Security Exposure Management, specifically in how they present their agent features during keynotes. They mention the agent will assist you, but you do not realize its value until you try it out yourself. Once you engage with it, issues may become apparent. For now, I trust its functionality, but until I truly test it, I consider it a very undetermined situation.
For how long have I used the solution?
I have been using Microsoft Security Exposure Management for about two years.
What do I think about the stability of the solution?
Regarding Microsoft Security Exposure Management's stability and reliability, I occasionally experience false positive notifications and alerts. When I reach out to my third-party company, they often indicate that Defender is issuing false positives. They inform me that these alerts are sometimes triggered by simple logins to our website, which can be confusing. While this does happen, it is reassuring that we are being protected, even if it occasionally means receiving a false positive alert. It is good to know that they are committed to safeguarding our company.
What do I think about the scalability of the solution?
Microsoft Security Exposure Management is scaling well with the growing needs of my company, even though the pace is slow. I handle a lot, and although we are not racing ahead, we are progressing and improving as a team. I am optimistic that we will reach our goals eventually. Nothing is perfect, but we will learn from our mistakes along the way.
How are customer service and support?
I have used Microsoft support quite a bit, but I do find the process a bit cumbersome. However, it is a free service. When I reach out, they usually get back to me and ask the standard questions about my organization, ID, the problem, and my username. Even when I explain that everything seems done and we need to move forward, they still follow the established steps, which can take longer than anticipated. Nonetheless, I appreciate that they are making an effort to assist in resolving issues.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Prior to adopting Microsoft Security Exposure Management, I was unsure if I was using another solution to address similar needs. I had been engaged in a lot of manual work before joining these conferences, mainly monitoring security alerts. I would look at every single security notification weekly, Entra risk sign-ins, and MFA prompts failing from different locations. The process of identifying potential attacks involved manually clicking through details and reaching out to users. With the insights from this conference and the new agent, I believe I can now fully automate most processes, provided I have the right agent integrated into our system.
What was our ROI?
I have definitely seen a return on my investment from using Microsoft Security Exposure Management. With the new agent deal, we are set to eliminate all third-party tools once we are ready. This change will save us at least $100,000 per year. Although it will take time to build the agent effectively, once we implement it correctly, we will cease reliance on external tools and all operations can be managed internally. So, even on the day I leave, the agent will still be operational and well-documented for the next person who joins the company, ensuring a smooth transition.
What's my experience with pricing, setup cost, and licensing?
I find the pricing, setup costs, and licensing for Microsoft Security Exposure Management a bit confusing because they do not clearly communicate what licenses are needed to access all features. Personally, I visited them and asked, 'Do we need an E5? Entra Plan 1 or Plan 2? How does this work? Can we just have a premium license? Can we add this feature?' If they included a session specifically discussing licensing detail in their keynote, I believe it would greatly benefit all Microsoft users and admins by helping them understand pricing structures, which would facilitate appropriate budget planning and feature implementation.
Which other solutions did I evaluate?
Before selecting Microsoft Security Exposure Management, we did not consider other solutions. Upon joining, our company already had a Microsoft system in place, but we were not really focused on security. Our focus was primarily on automation, onboarding, and utilizing autopilot. Initially, we had only two members in our team, but after I joined, I was able to progress by integrating more Microsoft tools such as Defender, Microsoft Purview, Viva, and Microsoft Forms. We never felt the need to explore other tools in AWS or Google Cloud, knowing that Microsoft would perform efficiently.
What other advice do I have?
I describe my experience with visualizing attack paths and the blast radius in Microsoft Security Exposure Management in relation to preventing security compromises as somewhat preliminary. I attended a session about Defender, where they demonstrated detailed path visualizations. I am not fully there yet because, as they noted, you need to sit down to grasp and read through all the paths. I have not had time to do that. However, with the integration of an agent into Defender, I believe that the agent can assist me by managing another part, allowing me to spend more time understanding the attack path using the dashboard shown to us. I am very interested and excited to invest time into that while the agent manages other tasks for us.
Microsoft Security Exposure Management's dashboards should help me gain insights into endpoint exposure, but I have not really engaged deeply with them yet. I also noticed new features that offer more detailed and simplified options, where the agent can assist in building a dashboard for visualization. I plan to spend time focusing on these new features that I learned about during Ignite. Overall, I would rate my experience with this product as an 8 out of 10.
