Microsoft has announced support for macOS in its rebranded Microsoft Defender ATP product, taking this product from being an offering that could be considered an add-on for hardening its own operating system to a multiplatform security solution. While this is an early release, it is a clear signal of the investment Microsoft is making to be a security company and should not be ignored.
What Is The Efficacy Of The Microsoft Defender ATP Product?
This is a great question I’m being asked.
Recent AV-TEST Institute results show the antimalware detection capabilities are on par with the rest of the industry. I don’t put a lot of weight into these antivirus (AV) comparisons because generally all the vendors do extremely well in them, so I urge you to look at them as a benchmark rather than a straight comparison. Anecdotally, I personally rebuilt my father-in-law’s computer a few weeks ago and told him Windows Defender was sufficient for his AV needs . . . and when you are the only person in the world he trusts with his Ducati 939 SuperSport, you don’t want to be the one he blames for his computer issues.
From an endpoint detection and response (EDR) perspective, I’ve recently covered Microsoft’s performance in the MITRE ATT&CK evaluation and recommend you give that report a read. (If you’re not a Forrester subscriber, a quick search should turn up where you can download a licensed version for free if you’re willing to part with some personal data.) They provide excellent coverage, and when I had the opportunity to sit down with Microsoft at RSA, they communicated their focus on improving their time to detect (detection wasn’t a problem; it was just delayed).
On Windows platforms, the product clearly does what it’s supposed to do. The problem is that the product is still too new for there to be any efficacy data on macOS, and frankly, something that often gets ignored is that Windows and macOS have different binary file formats. This means that while the product might be just as good at detecting malicious Office macros, this is just one of many malware types to defend against — and we have no idea how good detection of malicious Mach-O files (the binary file format for macOS) is going to be.
What Is Forrester’s Call On Selecting This Product?
For Windows shops, this doesn’t change things for me. I still think it’s a good product that should be considered. Unfortunately, most large organizations are heterogeneous and have a stable of Windows, macOS, and Linux systems to protect. Looking at the road map announced in the analyst pre-brief, Microsoft will be rolling out EDR to the macOS agent in a few months. Even without seeing these dates slip, I’d still give the company at least six months to get bugs hammered out from the 1.0 on these systems — making it hard to recommend shortlisting these products before the second half of 2020.
How Much Of A Threat Is Microsoft In The Security Space?
Microsoft has the ability to hire and retain the best talent out there, and this announcement certainly demonstrates that it is making the necessary investments to be a multiplatform security vendor. The endpoint security industry has been put on notice: Microsoft is a security company now, and it’s coming for your business.