How we manage and monitor a multinational oil and gas exploration company’s Microsoft Defender for Endpoint estate

Trend Micro Apex Central vulnerability

Although licensed to use Microsoft Defender for Endpoint, not taking advantage of this technology led to unnecessary IT spend from a leading oil and gas exploration company.

A leading multinational oil and gas exploration company continued to subscribe to third party endpoint security products even though they were already licensed to use Microsoft’s credible Defender for Endpoint through their Microsoft E5 license.

As time went by, the company realised that their IT budget was not being used effectively. They concluded that if they didn’t begin utilising their Microsoft E5 license stack, they would continue to burn funds, leaving no IT budget to finance projects that directly advanced the organisation’s growth and innovation.

What was achieved?

A successful migration to Microsoft Defender for Endpoint across 2,500 desktops was completed and we helped to deliver secure endpoints in less than three months. Through this project, our team helped the client reduce their total cost of ownership, enhance overall user experience, and improve their ability to detect security threats.

During this project we:

  • Defined a detailed and robust testing criterion of Microsoft Defender for Endpoint against the existing security product.
  • Installed Microsoft Defender for Endpoint on sample desktops, laptops and servers to assess the impact of the migration.
  • Configured Microsoft Defender for Endpoint to address functions currently covered by the existing endpoint security product.
  • Configured Windows Bitlocker to address the functions currently covered by the existing encryption.
  • Carried out multiple functional and performance testing of Microsoft Defender for Endpoint and Bitlocker against the current security technologies used.

What were the benefits?

Improved end user experience

  • 2%-4% reduction in CPU and memory usage
    • Users experienced between 2% and 4% less CPU and memory usage whilst idle and scanning on all endpoints.
  • 15% decrease in server CPU usage
    • On average, our clients experienced a 15% decrease in CPU usage whilst scanning after migration.
  • 29% decrease in laptop CPU usage
    • On average, our clients experienced a 29% decrease in CPU usage whilst scanning after migration.
  • Less than 6 minutes to uninstall in the old agent
    • Once we complete all benchmarking and testing, it takes us less than six minutes to uninstall clients’ old endpoint agents.
  • 59 second improvement in agent loading time
    • Once the old build is uninstalled and Microsoft Defender for Endpoint is implemented on clients’ laptops, on average we see a 59 second reduction in the time it takes to load the agent from boot time.

Reduced the total cost of ownership for the customer’s IT estate

  • Helped the client leverage the Microsoft security features of their Microsoft enterprise license
  • Removed third party security agents, thereby simplifying their technology stack

Improved security visibility and threat detection

  • Integrated the customer’s Microsoft Defender for Endpoint estate with our Azure Sentinel-based ConnectProtect® platform
  • Automated threat detection rules with ConnectProtect® platform to rapidly identify threats and alert our 24×7 security operations centre (SOC)