Ready for
a Demo
View Categories

Microsoft Defender Missing

Lucidum can help you accurately identify assets that are not running Microsoft Defender for Endpoint. Endpoint security is an important part of an organization’s security posture. Ideally, all endpoints in your environment run an endpoint security solution.

After Lucidum ingests data from your security solutions, Lucidum uses graph data, machine learning, and predictive analytics to detect and classify all assets and users, even those not detected by the solutions in your environment.

You can then create queries to find a list of all assets without Microsoft Defender for Endpoint, and then export the list, or create dashboards.

Prerequisites #

Connectors enable Lucidum to ingest data from your environment and discover, identify, and classify assets, data, and users.

Lucidum includes pre-built connectors for the most commonly used solutions for security, vulnerability scanning, cloud, data warehouse, identity management, logs, network, endpoint management, IP management, file sharing, and devops.

To configure a connector, you provide credentials that allow Lucidum secure, read-only access to the deployed solution. Lucidum then makes read-only API calls to ingest data from the solution.

To uncover all information in your environment, Lucidum recommends you configure Lucidum connectors for all of the solutions that you use, for example:

  • The directory solutions in your environment (For example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP,)

  • The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)

  • The SSO solutions and identify and access management solutions in your environment (for example, Okta, AWS IAM, PingOne, OneLogic, SecurAuth)

  • The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)

  • The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)

  • The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)

  • The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)

  • The Endpoint Protection solutions in your environment (for example, Microsoft Defender for Endpoint, Trellix Endpoint Security, Symantec Endpoint Protection, SentinelOne, Crowdstrike Falcon)

  • The Endpoint Detection and Response solutions in your environment (for example, SentinelOne, Falcon Crowdstrike, Trend Micro XDR, Check Point Harmony Endpoint, Cortex XDR)

  • The cloud security solutions in your environment for cloud assets (for example, Netskope, Illumio Core, Orca, Trend Micro Cloud One, Sophos Central)

  • The anti-virus solutions or vulnerability management solutions in your environment (for example, Burp Suite, Cycognito, Greenbone, Kenna, Microsoft Defender, Qualys, Rapid7, Tenable, Vulcan)

  • The SIEM solutions in your environment (for example, Splunk, Trellix, Exabeam, QRadar, Microsoft Sentinel)

After Lucidum ingests data from these systems, Lucidum uses graph data, machine learning, and predictive analytics to detect and classify all assets and users, even those not detected by the solutions in your environment.

You can then view prebuilt dashboards, query Lucidum databases, export query results, or create custom dashboards.

Finding Assets that are Not Running Microsoft Defender for Endpoint #

To find all the Azure VMs that are not running Microsoft Defender, we created a query like:

Data Sources match Azure Virtual Machine
AND
Data sources not match Microsoft Defender Machine

To find all the Windows assets that are not running Microsoft Defender, we created a query like:

OS and Version match Windows
AND
Data sources not match Microsoft Defender Machine

We can then create a dashboard like this:

assets_without_defender_dash1.png

This dashboard includes charts for:

  • Azure VMs. Total count of Azure virtual machines in the environment.

  • Azure VMs w/o Defender. Total count of Azure virtual machines not running Defender for Endpoint.

  • Azure VMs w/o Defender by Region. Azure virtual machines not running Defender for Endpoint, by region.

  • Azure VMs w/o Defender by User. Total count of Azure virtual machines not running Defender for Endpoint, by user.

  • Windows Assets. Total count of Windows assets in the environment.

  • Windows Assets w/o Defender. Total count of Windows assets not running Defender for Endpoint.

  • Windows Assets w/o Defender by Department. Windows assets not running Defender for Endpoint, by region.

  • Windows Assets w/o Defender by User. Windows assets not running Defender for Endpoint, by user.

  • Azure VMs w/o Defender by IP Address. Azure VMs not running Defender for Endpoint, by IP address.

  • Windows Assets w/o Defender by IP Address. Windows assets not running Defender for Endpoint, by IP address.

  • Azure VMs w/o Defender by OS Version. Azure VMs not running Defender for Endpoint, by OS Version.

  • Windows Assets w/o Defender by OS Version. Windows assets not running Defender for Endpoint, by OS Version.

What are your Feelings

Quick LInks

Linkedin Youtube X-twitter Facebook

@ 2024 Lucidum, Inc. 2024, Design By Sandman Studios

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library