The Microsoft 365 Defender​suite is a recognized market leading Extended Detection and Response (XDR) solution for Microsoft 365 services that offers built-in, automated, and coordinated protection services that detect and block attacks across Microsoft 365 security products, and provide a unified portal for security operations (SOC) teams to manage, investigate, respond to, and remediate, security events and attacks in a holistic manner. The Microsoft 365 Defender product suite includes:
Microsoft 365 Defender (M365D) A coordinated, cloud-based, XDR-level detection and response platform that offers a unified security operations portal across all Microsoft 365 Defender portfolio products.


Microsoft Defender for Endpoint (MDE) A holistic, cloud-based endpoint security solution that supports all OS platforms and device form factors, offering behavior-based next generation endpoint protection, risk-based vulnerability management and assessment, security posture configuration, Endpoint Detection and Response (EDR), automatic remediation.

Microsoft Defender for Identity (MDI) A cloud-based User and Entity Behavioral Analytics (UEBA) solution across on-premises Active Directory, Azure Active Directory, and hybrid enterprises that identifies, detects, investigates and remediates advanced threats, compromised identities, and malicious insider actions.

Microsoft Defender for CloudApps (MDA) A Software as a Service (SaaS) monitoring, management, and protection solution that supports various deployment modes, including log collection, API connectors, and reverse proxy. It provides security teams with rich visibility (discovery), threat detection and control (data protection and compliance) for over 25K applications used by the enterprise users and applies sophisticated analytics to identify and combat cyberthreats across Microsoft and third-party cloud services.

Microsoft Defender Vulnerability Management (MDVM) A proactive, risk-based Vulnerability Management solution that helps you efficiently and holistically discover, assess, and remediate vulnerabilities and misconfigurations. Microsoft Defender Vulnerability Management offers continuous asset visibility, consolidated inventories, intelligent assessment tools, risk-based prioritization, and built-in remediation workflows.

Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response.
Microsoft Sentinel is your bird's-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames.

Microsoft Defender for IoT is a global Microsoft group delivering OT and IoT security. The group is comprised of top-notch engineers, product people, researchers and business developers. The group's solutions are deployed worldwide in every possible vertical, ranging from energy and manufacturing to smart spaces and standard enterprise environments, in which a plethora of IoT devices is used.

Microsoft Defender for Cloud (MDC) helps customers secure their public cloud workloads. It provides insights into the cloud security posture and recommendations for improving it, while also monitoring and detecting runtime security threats leveraging advanced AI and security research.
Defender for Cloud protects infrastructure and application resources, wherever they are, including Azure, on-premises, and other public cloud providers such as AWS and GCP.

Enterprise Security Posture Management integrates signals from across the entire security stack, including network, endpoint, cloud, and application security, and enriches it with context to give security teams a comprehensive view of their organization's security posture. Using this platform, security teams can more effectively detect and respond to threats, identify areas of vulnerability, and implement strategies to mitigate risk caused by the increasing attack surface. By bringing together data from a wide range of sources, the platform helps security teams make informed decisions and take proactive measures to protect their organization from cyber threats.

MSTIC-IL hunts, tracks and protects against threat signals as part of MSTIC (the Microsoft Threat Intelligence Center).MSTIC-IL also builds a platform Microsoft threat analysts use to collaborate on threat hunting and customer protection.

Red Sea, a revolutionary Secure Access Workstation (SAW/PAW). 
The initial solution aims to address both the usability and the cost of approach to SAW. It will be done by merging the IW workstation (Information Work) and SAW machine to a single machine, while providing the same security guarantees as a SAW only machine.  
Red Sea machines detect when a user requires secure access (privileged) and seamlessly and securely redirects local I/O to a trusted, separate compute unit which enables the user to interact with sensitive services.

Microsoft Entra Internet Access and Microsoft Entra Private Access comprises Microsoft's Security Service Edge (SSE) solution. Uniquely built as a solution that converges network, identity, and endpoint access controls so you can secure access to any app or resource, from anywhere while applying the core principles of Zero Trust to use least privilege, verify explicitly, and assume breach.
Microsoft Entra Internet Access secures access to Microsoft 365, SaaS, and public internet apps while protecting users, devices, and data against internet threats. Delivering best-in-class security and visibility, along with fast and seamless access to Microsoft 365 apps and secure access to public internet apps through the identity-centric, device-aware, cloud-delivered Secure Web Gateway (SWG).
Microsoft Entra Private Access provides your users - whether in an office or working remotely - secured access to your private, corporate resources, connecting across hybrid and multicloud environments, private networks, and data centers from any device and network without requiring a VPN. The service offers per-app adaptive access based on Conditional Access policies, for more granular security than a VPN.


BlueHat IL is home to the largest Infosec community in Israel. With a thriving local ecosystem that is globally renowned for its excellence, innovation and creativity, it isn’t surprising that Israeli companies have a huge impact on cybersecurity worldwide. Our community includes industry leaders, entrepreneurs, academia, government officials, independent researchers and hobbyists.

Every year, thousands of security professionals take part in our initiatives:

BlueHat IL conference - the biggest Israeli security research conference.
BlueHat Meetup - an open stage for casual gatherings and sharing knowledge.

Follow us on

Can you
hack it?