[wcchandler]

Yes, you are offbase. This is a fairly well written article that highlights and summarizes a few of their most recent gaffs. We recently re-evaluated our EDR solution and Microsoft was in the final 3. We didn't move them past the RFI process because of these recent incidents, on top of a very poorly packaged product (Defender). Microsoft has been really pushing the notion they're a security company (and my 401k would love it if that were true), but the sad reality is they continue to fall short in every possible way. I'll likely share this article with my peers when challenged on why we didn't move forward with them in our EDR project.

[gjsman-1000]

Microsoft Defender was, and is, an inexcusably poorly thought through product.

Just the branding - the name and logo is exactly the same as Windows Defender. It even puts an icon in the taskbar tray, resulting in two identical logos for two identically named products that do completely different things.

No idea what they were thinking there. It seems they thought that the separation in consumers’ minds between “Microsoft” and “Windows” was strong, which it absolutely is not.

[emsixteen]

This comment is the first indication to me that they're actually separate products.

[bombcar]

Especially since they just rebranded Office365 to Microsoft365.

Microsoft branding is so bad.

[panzi]

When I google for Windows Defender I only get hits for Microsoft Defender. What is it? I don't use Windows anymore.

[gjsman-1000]

Microsoft Defender for Individuals:

https://www.microsoft.com/en-us/microsoft-365/blog/2022/06/1...

Windows Defender aka Windows Security:

https://support.microsoft.com/en-us/windows/stay-protected-w...

Microsoft Defender XDR (completely different thing, previously known as Microsoft Defender for 365):

https://www.microsoft.com/en-us/security/business/siem-and-x...

Microsoft Defender for Endpoint (also a different thing, basically XDR lite):

https://www.microsoft.com/en-us/security/business/endpoint-s...

[patmorgan23]

Don't forget Defender for Cloudapps which is a CASB

[csmpltn]

> "We didn't move them past the RFI process because of these recent incidents"

I find it odd that you'll reject Microsoft based on "recent incidents", as if security incidents don't happen with the competitors?

[lesuorac]

Which incidents happened at AWS, GCP, Oracle?

And were those incidents detected by the competitor or a client?

> One of the more damaging findings was that Microsoft learned of the attacks only because the State Department had set up an internal alert system after purchasing a G5 license from the company.

Although I mean the lack of on-prem really should be a nonstarter for a lot of large companies. Having a defense in depth where you need to be on the VPN before you can actually authenticate to the services does help. Or in the case of governments; they can run private fiber lines between buildings and then you can't even attack the server from the public web.

[csmpltn]

> Which incidents happened at AWS, GCP, Oracle?

I'm not following you here. Surely you could just look them up yourself?

Just look at this enormous list of CVEs in Oracle products (which also includes cloud products), as one example: https://www.oracle.com/security-alerts/public-vuln-to-adviso...

[IshKebab]

Those are bugs in their products, not breaches in their clouds. I'm not aware of a single breach in GCP or AWS. Certainly nothing on the scale of either of Microsoft's.

[csmpltn]

> Those are bugs in their products, not breaches in their clouds

Sure, but you do realize that all of those bugs in their products may have been exploited in their clouds in different ways?

[lesuorac]

And we're asking you for the list of those incidents.

"May" is not what the article linked at the top of the page is talking about.

[0xfae]

I find it odd that you wouldn't factor the severity of recent security incidents into your vendor choices.