Microsoft announced the week before RSA 2020 that they were releasing Microsoft Defender for iOS and Android. The news comes as part of their announcement around Microsoft Threat Protection (MTP), with Microsoft aiming to protect all devices, regardless of operating system.
Naturally, there was a bit of mockery on social media from those who still consider Microsoft Defender (formerly Windows Defender) to be nothing more than a Windows AV product. Part of the issue was definitely around not enough information about it (all it got was a single line in the blog post).
So, I spoke with Rob Lefferts, Microsoft’s corporate vice president of product management for Microsoft 365 security and compliance, to learn a little more.
Microsoft Threat Protection
To better understand the Defender for iOS and Android news, we should look at Microsoft Threat Protection. As mentioned before, the Defender news was tucked into the announcement for Microsoft Threat Protection now in GA. With MTP, Microsoft wants to make it easier for organizations to visualize the entire kill chain to understand where someone entered an organization’s network and where they went from there and what they did. For example, maybe the attacker successfully phished a user, took their user account and logged into a corporate app and so on and so forth.
To do this, MTP connects to all the various Advanced Threat Protection (ATP) products Microsoft has offered for years to get access to all that data. Enterprises will get MTP if they have any of the ATP products. However, it won’t exactly be a "complete" product: Organizations need all ATP products to technically get the entire picture. That said, Microsoft doesn’t see it as enterprises needing to purchase all their ATP products, but rather using one ATP product as the start of their security journey and using that part of MTP, too. It also gives customers flexibility to decide what they need: Maybe the customer only needs Office 365 ATP to start, so they get MTP alongside of it and it helps them with where they are now.
Microsoft Defender for iOS and Android
Defender has been more than an AV offering for a long time now, but it apparently still needs to work on shedding that designation. (I personally find it better than many of the other consumer AV products.) Rob is particularly proud that it’s no longer a simple AV tool, but an endpoint protection product. But, what will it do on mobile devices?
Here's what we know so far. Defender will provide organizations with two things. One is that Defender provides data and signals for Microsoft Threat Protection, enabling MTP to provide a better kill chain visualization. The other aspect is user protection, particularly in regard to phishing. Microsoft recognizes that phishing is a plague from which we cannot hope to escape but should do our best to try. Rob says that Defender will help by scanning files and apps on the device using the same APIs and access that other MTD vendors have. We do know that apps are limited in what they can and can’t do on iOS and Android, and he did specifically note they weren’t doing anything special here other vendors can’t do, so it's not entirely clear how this will work. With Microsoft entering mobile threat defense, it’s time we did a deep dive into what can and can’t be done on these two mobile OSes—so expect that sooner rather than later.
Given that iOS is more locked down, Microsoft wants parity between the Defender for iOS and Android versions. That said, Defender might be able to scan a little deeper on Android. Defender is still a work in progress, so I expect we will learn more about it as its release date approaches.
Defender for iOS and Android is expected to be generally available later this year.
Per customer demand, or so says Rob, Microsoft has worked to evolve from only caring about securing Microsoft devices to securing all devices, regardless of OS. Defender went cross platform to Mac and Linux, so, now it’s time for it to appear on mobile devices. Microsoft wants organizations to be able to see the entire picture when investigating where attacks came from and what all happened and mobile devices are integral to that.
How do mobile threat defense vendors feel about Microsoft crowding into their end of the security sphere? Wandera’s Michael Covington told me he welcomes Defender and doesn’t really see it as Microsoft attempting to conquer their territory. Instead, Defender can bring about increased customer awareness and provide an entry-level MTD product to new customers looking for additional security products. He sees the opportunity for it to open up customer conversations for trying other MTD products in time that offer more.