Introducing ContraForce’s Microsoft Defender XDR Standalone Module: Hyperautomate XDR for MSPs and MSSPs

We are no strangers to the cybersecurity market's ever-changing landscape and the release of new products and services. Staying ahead of threats requires not just attentiveness but the right tools. The release of ContraForce’s new Microsoft Defender XDR standalone module marks a significant milestone for our MSP and MSSP partners.

Empowering SOC Analysts with Advanced Tools

Effective incident response and end-to-end investigations require Security Analysts to delve into raw logs and audit data. Our new module enables our partners to deploy Microsoft Defender XDR without the need for Microsoft Sentinel. This allows for advanced hunting queries across all end-customers and Microsoft Defender XDR workspaces directly from the ContraForce Portal. The result? A more accessible tool for a broader range of users and a reduction in cognitive load for Security Analysts.

Enhancing the Multi-Tenant/Customer Unified Investigation Experience

Our partners can now extend their unified investigation experience across their Microsoft Defender XDR customers. We’re excited to introduce new features and improvements:

• Microsoft Defender Incidents Page: Now generally available in both global and single-tenant views, this page provides a dedicated Portal interface for managing Microsoft Defender incidents, including their ownership, status, and comments.
• Content Management System: Automatically deploys and maintains the most current detection and response content for Microsoft Defender XDR and Microsoft Sentinel, reducing the time it takes to tune security content by days every month.
• Gamebook Response Actions for Microsoft Defender XDR: We’re excited to announce the extension of our Gamebook support to Microsoft Defender XDR, allowing Security Analysts to compile remediation plans in a few clicks and execute the desired actions in seconds.

We’re also introducing the general availability of the Microsoft Sentinel Incidents Page, the Microsoft Sentinel Advanced Hunting Page, and the Microsoft Defender XDR Advanced Hunting Page in both global and single-tenant views. These pages empower users to hunt for deeper event context by directly querying their respective workspace(s) with KQL.

Sustaining Trust and Security in the MSP and MSSP Supply Chain

As our own Tracey Pretorius aptly points out, the increasing vulnerability in MSP and MSSP supply chains to cyberattacks is a significant concern. This observation is a crucial starting point for us at ContraForce. We believe that developing advanced technologies to mitigate these risks is not just an option, but an imperative. This is one of our primary drivers to enhance Zero Trust Multi-Tenant Access (ZTMA) for MSPs and MSSPs.

By enhancing partner security capabilities, we can create a more resilient supply chain, safeguarding sensitive data against emerging cyber threats for MSPs and MSSPs. We’ve automated the post-onboarding downgrade of subscription-scoped Azure RBAC Owner Role for the ContraForce API service principal. This, along with the distribution of application permissions across multiple service principals designed for least-privilege access, underscores our commitment to maintaining the highest level of trust and security in the MSP and MSSP supply chain.

A Commitment to Innovation and Simplification

Ricky Melendez, Chief Technology Officer at ContraForce, shares, “At ContraForce, we’re committed to simplifying and strengthening cybersecurity management for our partners and customers. This update upholds our promise for innovation and our ongoing efforts to evolve as a company and deliver solutions that support our partners in the mission to better secure the customer.”

The release of the Microsoft Defender XDR module represents a significant stride in security operations management. For MSPs and MSSPs who use our platform, this is a game-changer. We’re excited to see how these advancements will shape the future of cybersecurity.