[mrits]

Your statement would have been valid a few years ago. But now all AV providers also offer what you are talking about. AV+EDR with advanced threat hunting UI. So when you say AV today you should really think the other stuff as well.

[TA43]

They provide it but often not in the same product capacity, a common structure would be Sophos & CarbonBlack - two separate products by different companies. Additionally they'd need a third product to cover the *nix estate.

Defender, in its current state, rolls all of the above into one at a relatively competitive price point. Additionally, it receives new detections built off all the telemetry they get as a result of Windows Defender existing on almost every Win10 OS on the planet.

This leveraging of data on such a scale is letting Microsoft quickly become the market leader for threat detection & response.

[deadso]

Thanks for the info. Yeah, I'm not up to speed on the latest in the defense world. Good to know. I just felt like I had to bring it up because (at the time of posting) people were exclusively discussing the merits of an AV on linux (which is debatable) vs the value of EDR in a corporate environment.