Technological partners of Microsoft Defender XDR
Applies to:
- Microsoft Defender XDR
- Microsoft Defender for Endpoint
- Microsoft Defender for Vulnerability Management
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.
Microsoft Defender XDR supports third-party integrations to help secure users with effective threat protection, detection, investigation, and response, in various security fields of endpoints, vulnerability management, email, identities, cloud apps.
The following are the solution's categories:
- Security information and event management (SIEM)
- Security orchestration, automation, and response (SOAR)
- Breach and attack simulation (BAS)
- Threat intelligence
- Network security/ DNS security
- Identity security
- Cross platform
- Business cloud applications
- Threat and vulnerability management
- Secure service edge
- Other integrations
Supported integrations and partners
Security information and event management (SIEM)
| Product name | Vendor | Description |
|---|---|---|
| Microsoft Sentinel | Microsoft | Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. |
| Splunk | Splunk | The Microsoft Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk. |
| ArcSight | Micro Focus | ArcSight allows multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management. |
| Elastic Security | Elastic | Elastic Security combines SIEM threat detection features with endpoint prevention and response capabilities in one solution. |
| IBM Security QRadar SIEM | IBM | IBM Security QRadar SIEM enables centralized visibility and intelligent security analytics to detect, investigate and respond to your critical cybersecurity threats. |
| AttackIQ Platform | AttackIQ | AttackIQ Platform validates whether MDE is configured properly by launching continuous attacks safely on production assets. |
Security orchestration, automation, and response (SOAR)
| Product name | Vendor | Description |
|---|---|---|
| Microsoft Sentinel | Microsoft | Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. |
| ArcSight | Micro Focus | ArcSight provides multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management. |
| Splunk SOAR | Splunk | Splunk SOAR orchestrates workflows and automates tasks in seconds to work smarter and respond faster. |
| Security Incident Response | ServiceNow | The ServiceNow® Security Incident Response application tracks the progress of security incidents from discovery and initial analysis, through containment, eradication, and recovery, and into the final post-incident review, knowledge base article creation, and closure. |
| Swimlane | Swimlane Inc | Automates your incident response capabilities with Swimlane (SOAR) and Microsoft Defender. |
| InsightConnect | Rapid7 | InsightConnect provides security orchestration, automation, and response solution that accelerates incident response and vulnerability management processes. |
| Demisto, a Palo Alto Networks Company | Palo Alto Networks | Demisto integrates with Microsoft Defender for Endpoint to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response. |
Breach and attack simulation (BAS)
| Product name | Vendor | Description |
|---|---|---|
| SafeBreach | SafeBreach | SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and uses contextual insights to highlight remediation efforts. With its Hacker's Playbookâ„¢, the industry's most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data. |
| Extended Security Posture Management (XSPM) | Cymulate | Cymulate's Extended Security Posture Management enables companies to challenge, assess, and optimize their cybersecurity posture. |
| Vulnerability Control | SkyBox | Develops a vulnerability program strategy that accurately analyzes exposure risk across hybrid attack surface and prioritize the remediation. |
| Attack Path Management | XM Cyber | Attack Path Management is a hybrid cloud security company providing attack path management changing the ways organizations approach cyber risk. |
| Better Mobile Security Platform | Better Mobile Security Inc. | Provides solution for Threat, Phishing, and Privacy Protection and Simulation. |
Threat intelligence
| Product name | Vendor | Description |
|---|---|---|
| ArcSight | Micro Focus | Provides multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management. |
| MineMeld | Palo Alto Networks | Enriches your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender for Endpoint using MineMeld. |
| MISP (Malware Information Sharing Platform) | MISP | Integrates threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender for Endpoint environment. |
| ThreatConnect | ThreatConnect | Alerts and/or blocks on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender for Endpoint indicators. |
Network security/ DNS security
| Product name | Vendor | Description |
|---|---|---|
| Aruba ClearPass Policy Manager | Aruba, a Hewlett Packard Enterprise company | Network Access Control applies consistent policies and granular security controls to wired and wireless networks |
| Vectra Network Detection and Response (NDR) | Vectra | Vectra applies AI & security research to detect and respond to cyber-attacks in real time. |
| Blue Hexagon for Network | Blue Hexagon | Blue Hexagon built the industry's first real-time deep learning platform for network threat protection. |
| CyberMDX | CyberMDX | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender for Endpoint environment. |
| HYAS Protect | HYAS | HYAS Protect utilizes authoritative knowledge of attacker infrastructure to proactively protect MDE endpoints from cyber attacks. |
| Better Mobile Security Platform | Better Mobile Security Inc. | Provides solution for Threat, Phishing, and Privacy Protection and Simulation. |
| Vulnerability Control | Skybox security | Global security posture management leader with solutions for vulnerability management and network security policy management. |
Identity security
| Product name | Vendor | Description |
|---|---|---|
| Illusive Platform | Illusive Networks | Illusive continuously discovers and automatically remediates identity vulnerabilities, and it detects attacks using deceptive controls. |
| Silverfort | Silverfort | Enforces Microsoft Entra Conditional Access and MFA across any user system and environment on-premises and in the cloud. |
Cross platform
| Product name | Vendor | Description |
|---|---|---|
| Corrata Mobile Security | Corrata | Corrata is an immune system for mobile devices and tablets that detects & protects mobile devices from the full spectrum of security threats like phishing, malware, man-in-the-middle attacks, and data loss. |
| Better Mobile Security Platform | Better Mobile Security Inc. | Provides solution for Threat, Phishing, and Privacy Protection and Simulation. |
| Zimperium Mobile Threat Defense | Zimperium | Extends your Microsoft Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense. |
| Bitdefender | Bitdefender | Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats. |
Business cloud applications
| Product name | Vendor | Description |
|---|---|---|
| Atlassian | Atlassian | Atlassian provides collaboration, development, and issue tracking software for teams. |
| Azure | Microsoft | Microsoft Azure provides tools and services to help you reach and scale to a global audience with cloud gaming services. |
| AWS | Amazon | Amazon Web Services provides information technology infrastructure services to businesses in the form of web services. |
| Box | Box | Box is an online file sharing and cloud content management service offering unlimited storage, custom branding, and administrative controls. |
| DocuSign | DocuSign | DocuSign is an Electronic Signature and Agreement Cloud enabling employees to securely send, sign and manage agreements. |
| Dropbox | Dropbox | Dropbox is a smart workspace company that provides secure file sharing, collaboration, and storage solutions. |
| Egnyte | Egnyte | Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization. |
| GITHUB | Microsoft | GitHub is a code hosting platform for collaboration and version control. It allows developers to work together on their projects right from planning and coding to shipping the software. |
| Google Workspace | Alphabet | Google Workspace plans provide a custom email for your business and includes collaboration tools like Gmail, Calendar, Meet, Chat, Drive, Docs, Sheets, Slides, Forms, Sites, and more. |
| Google Cloud Platform | Alphabet | Google Cloud Platform is a set of modular cloud-based services that allows you to create anything from simple websites to complex applications. |
| NetDocuments | NetDocuments | NetDocuments enables businesses of all sizes to create, secure, manage, access, and collaborate on documents and email anywhere, anytime. |
| Office 365 | Microsoft | Microsoft Office 365 is a subscription-based online office and software services suite, which offers access to various services and software built around the Microsoft Office platform. |
| OKTA | OKTA | Okta is a management platform that secures critical resources from cloud to ground for workforce and customers. |
| OneLogin | OneLogin | OneLogin is a cloud identity and access management solution that enables enterprises to secure all apps for their users on all devices. |
| Salesforce | Salesforce | Salesforce is a global cloud computing company that offers customer relationship management (CRM) software & cloud computing for businesses of all sizes. |
| ServiceNow | ServiceNow | ServiceNow provides cloud-based solutions that define, structure, manage, and automate services for enterprise operations. |
| Slack | Slack | Slack is an enterprise software platform that allows teams and businesses of all sizes to communicate effectively. |
| SmartSheet | SmartSheet | Smartsheet is a cloud-based work management platform that empowers collaboration, drives better decision making, and accelerates innovation. |
| Webex | Cisco | Webex, a Cisco company, provides on-demand applications for businesses to conduct web conferencing, telework, and application remote control. |
| Workday | Workday | Workday offers enterprise-level software solutions for human resource and financial management. |
| Zendesk | Zendesk | Zendesk is a customer service platform that develops software to empower organization and customer relationships. |
Threat and vulnerability management
| Product name | Vendor | Description |
|---|---|---|
| Attack Path Management | XM Cyber | Hybrid cloud security company providing attack path management changing the ways organizations approach cyber risk. |
| Corrata Mobile Security | Corrata | Corrata is an immune system for mobile devices and tablets that detects & protects mobile devices from the full spectrum of security threats like phishing, malware, man-in-the-middle attacks, and data loss. |
| Zimperium Mobile Threat Defense | Zimperium | Extend your Microsoft Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense. |
| RiskAnalyzer | DeepSurface Security | DeepSurface RiskAnalyzer helps quickly and efficiently discover, analyze and prioritize cybersecurity risk. |
| Vulnerability Control | Skybox security | Global security posture management leader with solutions for vulnerability management and network security policy management. |
| Vulcan Cyber risk management platform | Vulcan Cyber | Vulcan Cyber gives you the tools to effectively manage the vulnerability and risk lifecycle for all your cyber assets, including application, cloud, and infrastructure. |
| Extended Security Posture Management (XSPM) | Cymulate | Cymulate's Extended Security Posture Management enables companies to challenge, assess, and optimize their cybersecurity posture. |
| Illusive Platform | Illusive Networks | Illusive continuously discovers and automatically remediates identity vulnerabilities, and it detects attacks using deceptive controls. |
| ServiceNow vulnerability response | ServiceNow | Use the Microsoft Threat and vulnerability management integration to import third-party scanner data about your assets and vulnerabilities. You can then view reports about vulnerabilities and vulnerable items on the Vulnerability Response dashboards. |
Secure service edge
| Product name | Vendor | Description |
|---|---|---|
| Zscaler Internet Access | Zscaler | Zscaler Internet Access is a cloud native security service edge (SSE) solution that builds on a decade of secure web gateway leadership. Offered as a scalable SaaS platform from the world's largest security cloud, it replaces legacy network security solutions to stop advanced attacks and prevent data loss with a comprehensive zero trust approach. |
Additional integrations
| Product name | Vendor | Description |
|---|---|---|
| Morphisec | Morphisec | Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into Microsoft Defender XDR dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information. |
| THOR Cloud | Nextron systems | Provides on-demand live forensics scans using a signature base focused on persistent threats. |
Recommended content
Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn
Partner applications in Microsoft Defender for Endpoint|Microsoft Docs
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.