Microsoft Defender Antivirus suffers from a perception problem. For the first decade of its existence, starting with its 2006 release, Defender was a much-maligned piece of software that no business would use to protect its endpoints. That’s no longer the case. Defender has today evolved into a competent and competitive endpoint security platform backed by one of the world’s largest companies. This improvement didn’t happen by accident.
Since 2016, Microsoft invested at least $1 billion per year into cybersecurity research — much of which has gone directly into upgrading and maintaining Windows Defender. The results are easy to spot. To take one example, Microsoft's incredibly rapid patching of a significant vulnerability in 2017 shows the capability that an organization as big as Microsoft can bring to the table when it comes to endpoint security. Since then, investment continues to improve Microsoft's no-cost OS native endpoint protection product. As a result, users now rate Defender among the top antivirus solutions available — on par with any paid alternative.
Enterprises undoubtedly underutilize Windows Defender. A recent ESG survey of IT professionals found that only 9 percent of organizations have deployed Defender as a standalone antivirus/anti-malware endpoint security control. Meanwhile, only 46 percent use it in conjunction with third-party endpoint protection control, and 45 percent of enterprises do not use Windows Defender at all. This less than enthusiastic uptake is likely because of the legacy of a poor reputation.
However, as well as poor perception, the key functional issue standing in the way of more widespread adoption of Windows Defender is visibility, or lack thereof. Unless an organization is also using Microsoft Defender for Endpoint and its Security Center, security teams need to build custom policies and withdraw event logs to a central system to get an enterprise-wide picture of Defender AV alerts. That said, it’s easy to avoid this particular weakness with the addition of a solution that enables greater visibility into and control over Windows Defender.
While Windows Defender is an excellent endpoint security solution, we still don't recommend that enterprises rely solely on its defense capabilities. To be fair, we don’t recommend that you rely solely on any endpoint protection solution. This is because, ultimately, no antivirus solution is capable of fully protecting enterprises from advanced threats. Even though endpoint protection solutions have a vital role in providing security against known malware, they fail to protect enterprises against modern fileless or evasive attacks.
Next-generation malware, launched through fileless and in-memory attacks, invalidates the signature- and algorithm-based approach to protection that AV and NGAV solutions rely on. This means that paying for expensive third-party tools is at best just purchasing a false sense of security and, more often, a costly drain on human resources and finances. Ultimately, no AV solution, or combination of AV solutions (no matter how "next-gen"), will provide adequate security against modern malware that incorporates evasive techniques.
As enterprises realize that the difference in protection between expensive third-party endpoint protection solutions and Windows Defender is almost nil, the opportunity for reducing expense without compromising security becomes clear. Replacing legacy antivirus tools with embedded Microsoft Defender AV on Windows 10 machines is an immediate way to save money and reduce the human cost of maintaining different systems. Operational efficiency is also improved because Windows Defender naturally creates a conflict-free running environment. The protection Defender offers works seamlessly with Microsoft cloud services too, making it an ideal solution for enterprises transitioning into hybrid cloud environments.
At the same time, integration with a tool like Morphisec Guard can offset Microsoft Defender's lack of comprehensive reporting. Enterprise IT teams can use Morphisec's dashboard to get a consolidated view of any attacks occurring across enterprise networks and negate any visibility issues. Combined with Morphisec, Windows Defender gives users a simple, effective security stack. Because Morphisec provides a virtual patch to vulnerable devices, this set up also reduces the chances of exposing vulnerabilities through lags in patching — a factor responsible for most data breaches.
Instead of using effective, free endpoint security solutions, too many enterprises have bought into overly complex security tools, thinking they are increasing their protection. As a result, millions of dollars and thousands of working hours are wasted every year maintaining a complex stack of solutions that don't provide any more protection than costless alternatives.
To achieve real security, enterprises need to stop misdirecting their cybersecurity budgets towards expensive tools while still leaving themselves open to fileless attacks (a type of attack that’s forecast to grow by over 40% this year).
While Defender has some limitations, these are either common with all other endpoint protection solutions or easily rectifiable by leveraging Defender with a solution like Morphisec. For enterprises looking to increase protection without straining budgets, the rise of Windows Defender makes one thing clear — no business needs to pay for antivirus software.