CI Security, a managed detection and response (MDR) services provider, has integrated Microsoft Defender Advanced Threat Protection (ATP) capabilities into its Critical Insight endpoint detection and response (EDR) solution, according to a prepared statement.The integration enables CI Security to monitor security events and alerts from Microsoft Defender ATP, the company said. It also allows CI Security to push tickets to security analysts for investigation and isolate machines based on playbooks developed with each customer.Critical Insight is intended for use by organizations in healthcare and other highly regulated industries, CI Security noted. It empowers these organizations with threat detection, investigation, response and recovery capabilities.
A Closer Look at Critical Insight
Critical Insight delivers agentless intrusion detection and response across Internet of Things (IoT) environments, CI Security stated. It is backed by security analysts who monitor network traffic, detect anomalies and investigate cyber threats.Furthermore, Critical Insight tracks cyber threats across SaaS applications and cloud solutions, including:- Amazon Web Services (AWS): Retrieves data from AWS Native Services, uses security findings from GuardDuty and ingests data from CloudTrail for infrastructure and authorization events and CloudWatch for security logs and instance-level data.
- Microsoft Azure: Uses the Microsoft Graph API to collect security data from Azure security services.
- Microsoft Office 365: Streams Office 365 logs in real-time to Office 365 Cloud Collector, which ingests them and compares them with other data sources.




