I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.
Not sure how did they gave you that info! An average pricing structure as below
And security products straight from O365 admin portal subscriptions page:
These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.
But as mentioned - $15-20 per year is only for typical AV, not an ATP product.
And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:
malware protection, both behavioral and definition based
central management, either cloud or local
And a full forensics audit trail?
I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?
I'm having a hard time finding what the real price here is?
I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.
The above posts have a dozen different security things listed.
As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year
ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.
That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user
Also - is O365 E3 the requirement, or can you add ATP onto E1?
Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.
It is fair. What if you don't have O365 because you don't need it or use something else? Other AV don't force you to buy any extra services, you can get AV on a plain vanilla Windows machine.
From the document I got from Microsoft, E3 is minimum. It's O365 E3 or Windows 10 Ent.
If you're not in the O/M365 ecosystem already - then you likely wouldn't even consider this plan, you would likely look at another option... so yeah, it's not a fair comparison.
Now, you could decide, since you are looking at this solution, that you might want to change your other solutions at the same time since MS has these bundled together... but you don't just line item this entire cost all on the ATP project, you split it out.
Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.
All it takes is one absentminded click or drive-by that's completely shielded from us as we go about the day to day stuff and it's done. Game over. Say, "Bubbye".
There's always going to be that risk or one absentminded click.
Granted an Air-gapped PWA is a good way to handle it.... but so is not saving passwords in RDP files (I don't do this), and if you use an app like MobaXterm that can encrypt the files for you, use a good pass phrase.
However if your admin machine is owned, you have bigger issues to start with.
Well, the idea is that the air-gapped machine won't ever be in a situation to become compromised, is my guess. I haven't had a chance to look at the MS link Philip sent earlier.
There are several ways to implement with the simplest being the main machine having two VMs installed on it. One for day-to-day and one for client/systems management. Nothing is done on the machine itself with all designated tasks being done in their respective VM.
We have a number of laptops that came back from client refreshes. So, we're using them as our dedicated management machines. Asus makes a great external USB3 DisplayLink and DisplayPort external monitor that allows for two screens. That makes the work easier.
There is security leakage between VMs on a client machine for instance over clipboard.
NotPetya damages were in the 10 billion range. One enterprise I work for at times was down for weeks. Having backup is not enough - you need to be able to access your backup too. When everything is down you don't have any computers to access anything with. Sure you can reinstall but where are your image files? When you do have computers you have no DHCP, no DNS, no AD etc. You have no internet access, no email, no phones. Yeah, backup is not enough. You need an elaborate emergency plan.
Do you have some sort of intrusion detection service running right now? (Wazuh, OSSIM, or one of the paid for solutions?) If you do, between that and the ClamAV, you should be as well protected as you could possibly by.
Edit: I should specify to never skimp on user training! KnowB4 is a great tool.
Here is a batch file for anyone who wants to do this "lazily"
REM Vaccince for NotPetya/Petya/Petna/SortaPetya.
echo Administrative permissions required. Detecting permissions...
net session >nul 2>&1
if %errorLevel% == 0 (
if exist C:\Windows\perfc (
echo Computer already vaccinated for NotPetya/Petya/Petna/SortaPetya.
) else (
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dll
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dat
attrib +R C:\Windows\perfc
attrib +R C:\Windows\perfc.dll
attrib +R C:\Windows\perfc.dat
echo Computer vaccinated for current version of NotPetya/Petya/Petna/SortaPetya.
) else (
echo Failure: You must run this batch file as Administrator.
I mean I know it all sucks and it would be awesome if all the right people got all the right info and took all the right actions. but they don't and won't. So we need to push everyone that we can to do what they can. It's just what we have to work with.
I guess the reason the government cares about this is all FUD then?
Why else did you think that HIPAA has no real value. It doesn't require that things be even remotely secure and doesn't create any security practices that good IT and management would have been worlds beyond already. So given that its purpose clearly wasn't to secure data but to pretend to secure data, what else could it be for?