The Microsoft 365 Defender​ suite is a recognized market leading Extended Detection and Response (XDR) solution for Microsoft 365 services that offers built-in, automated, and coordinated protection services that detect and block attacks across Microsoft 365 security products, and provide a unified portal for security operations (SOC) teams to manage, investigate, respond to, and remediate, security events and attacks in a holistic manner. The Microsoft 365 Defender product suite includes:
Microsoft 365 Defender (M365D) A coordinated, cloud-based, XDR-level detection and response platform that offers a unified security operations portal across all Microsoft 365 Defender portfolio products.

Microsoft Defender for Endpoint (MDE)​  A holistic, cloud-based endpoint security solution that supports all OS platforms and device form factors, offering behavior-based next generation endpoint protection, risk-based vulnerability management and assessment, security posture configuration, Endpoint Detection and Response (EDR), automatic remediation.

Microsoft Defender for Identity (MDI)​  A cloud-based User and Entity Behavioral Analytics (UEBA) solution across on-premises Active Directory, Azure Active Directory, and hybrid enterprises that identifies, detects, investigates and remediates advanced threats, compromised identities, and malicious insider actions.

Microsoft Defender for CloudApps (MDA)​  A Software as a Service (SaaS) monitoring, management, and protection solution that supports various deployment modes, including log collection, API connectors, and reverse proxy. It provides security teams with rich visibility (discovery), threat detection and control (data protection and compliance) for over 25K applications used by the enterprise users and applies sophisticated analytics to identify and combat cyberthreats across Microsoft and third-party cloud services.

Microsoft Defender Vulnerability Management (MDVM)​  A proactive, risk-based Vulnerability Management solution that helps you efficiently and holistically discover, assess, and remediate vulnerabilities and misconfigurations. Microsoft Defender Vulnerability Management offers continuous asset visibility, consolidated inventories, intelligent assessment tools, risk-based prioritization, and built-in remediation workflows.

Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. Microsoft Sentinel is your bird's-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames.

Microsoft Defender for IoT is a global Microsoft group delivering OT and IoT security. The group is comprised of top-notch engineers, product people, researchers and business developers. The group's solutions are deployed worldwide in every possible vertical, ranging from energy and manufacturing to smart spaces and standard enterprise environments, in which a plethora of IoT devices is used.

Microsoft Defender for Cloud (MDC) helps customers secure their public cloud workloads. It provides insights into the cloud security posture and recommendations for improving it, while also monitoring and detecting runtime security threats leveraging advanced AI and security research. Defender for Cloud protects infrastructure and application resources, wherever they are, including Azure, on-premises, and other public cloud providers such as AWS and GCP.

Enterprise Security Posture Management integrates signals from across the entire security stack, including network, endpoint, cloud, and application security, and enriches it with context to give security teams a comprehensive view of their organization's security posture. Using this platform, security teams can more effectively detect and respond to threats, identify areas of vulnerability, and implement strategies to mitigate risk caused by the increasing attack surface. By bringing together data from a wide range of sources, the platform helps security teams make informed decisions and take proactive measures to protect their organization from cyber threats.

MSTIC-IL hunts, tracks and protects against threat signals as part of MSTIC (the Microsoft Threat Intelligence Center). MSTIC-IL also builds a platform Microsoft threat analysts use to collaborate on threat hunting and customer protection.


BlueHat IL is home to the largest Infosec community in Israel. With a thriving local ecosystem that is globally renowned for its excellence, innovation and creativity, it isn’t surprising that Israeli companies have a huge impact on cybersecurity worldwide. Our community includes industry leaders, entrepreneurs, academia, government officials, independent researchers and hobbyists.

Every year, thousands of security professionals take part in our initiatives:

BlueHat IL conference - the biggest Israeli security research conference.
BlueHat Meetup - an open stage for casual gatherings and sharing knowledge.

Follow us on


Can you
hack it?