Technological partners of Microsoft Defender XDR

Applies to:

Note

Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.

Microsoft Defender XDR supports third-party integrations to help secure users with effective threat protection, detection, investigation, and response, in various security fields of endpoints, vulnerability management, email, identities, cloud apps.

The following are the solution's categories:

  • Security information and event management (SIEM)
  • Security orchestration, automation, and response (SOAR)
  • Breach and attack simulation (BAS)
  • Threat intelligence
  • Network security/ DNS security
  • Identity security
  • Cross platform
  • Business cloud applications
  • Threat and vulnerability management
  • Secure service edge
  • Additional integrations

Supported integrations and partners

Security information and event management (SIEM)

Product name Vendor Description
Microsoft Sentinel Microsoft Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response.
Splunk Splunk The Microsoft Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk.
ArcSight Micro Focus ArcSight allows multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management.
Elastic Security Elastic Elastic Security combines SIEM threat detection features with endpoint prevention and response capabilities in one solution.
IBM Security QRadar SIEM IBM IBM Security QRadar SIEM enables centralized visibility and intelligent security analytics to detect, investigate and respond to your critical cybersecurity threats.
AttackIQ Platform AttackIQ AttackIQ Platform validates whether MDE is configured properly by launching continuous attacks safely on production assets.

Security orchestration, automation, and response (SOAR)

Product name Vendor Description
Microsoft Sentinel Microsoft Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response.
ArcSight Micro Focus ArcSight provides multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management.
Splunk SOAR Splunk Splunk SOAR orchestrates workflows and automates tasks in seconds to work smarter and respond faster.
Security Incident Response ServiceNow The ServiceNow® Security Incident Response application tracks the progress of security incidents from discovery and initial analysis, through containment, eradication, and recovery, and into the final post-incident review, knowledge base article creation, and closure.
Swimlane Swimlane Inc Automates your incident response capabilities with Swimlane (SOAR) and Microsoft Defender.
InsightConnect Rapid7 InsightConnect provides security orchestration, automation and response solution that accelerates incident response and vulnerability management processes.
Demisto, a Palo Alto Networks Company Palo Alto Networks Demisto integrates with Microsoft Defender for Endpoint to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response.

Breach and attack simulation (BAS)

Product name Vendor Description
SafeBreach SafeBreach SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and leverages contextual insights to highlight remediation efforts. With its Hacker's Playbook™, the industry's most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data.
Extended Security Posture Management (XSPM) Cymulate Cymulate's Extended Security Posture Management enables companies to challenge, assess, and optimize their cybersecurity posture.
Vulnerability Control SkyBox Develops a vulnerability program strategy that accurately analyzes exposure risk across hybrid attack surface and prioritize the remediation.
Attack Path Management XM Cyber Attack Path Management is a hybrid cloud security company providing attack path management changing the ways organizations approach cyber risk.
Better Mobile Security Platform Better Mobile Security Inc. Provides solution for Threat, Phishing and Privacy Protection and Simulation.

Threat intelligence

Product name Vendor Description
ArcSight Micro Focus Provides multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management.
MineMeld Palo Alto Networks Enriches your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender for Endpoint using MineMeld.
MISP (Malware Information Sharing Platform) MISP Integrates threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender for Endpoint environment.
ThreatConnect ThreatConnect Alerts and/or blocks on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender for Endpoint indicators.

Network security/ DNS security

Product name Vendor Description
Aruba ClearPass Policy Manager Aruba, a Hewlett Packard Enterprise company Network Access Control applies consistent policies and granular security controls to wired and wireless networks
Vectra Network Detection and Response (NDR) Vectra Vectra applies AI & security research to detect and respond to cyber-attacks in real time.
Blue Hexagon for Network Blue Hexagon Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection.
CyberMDX CyberMDX Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender for Endpoint environment.
HYAS Protect HYAS HYAS Protect utilizes authoritative knowledge of attacker infrastructure to proactively protect MDE endpoints from cyber attacks.
Better Mobile Security Platform Better Mobile Security Inc. Provides solution for Threat, Phishing and Privacy Protection and Simulation.
Vulnerability Control Skybox security Global security posture management leader with solutions for vulnerability management and network security policy management.

Identity security

Product name Vendor Description
Illusive Platform Illusive Networks Illusive continuously discovers and automatically remediates identity vulnerabilities, and it detects attacks using deceptive controls.
Silverfort Silverfort Enforces Microsoft Entra Conditional Access and MFA across any user system and environment on-prem and in the cloud.

Cross platform

Product name Vendor Description
Corrata Mobile Security Corrata Corrata is an immune system for mobile devices and tablets that detects & protects mobile devices from the full spectrum of security threats like phishing, malware, man-in-the-middle attacks and data loss.
Better Mobile Security Platform Better Mobile Security Inc. Provides solution for Threat, Phishing and Privacy Protection and Simulation.
Zimperium Mobile Threat Defense Zimperuim Extends your Microsoft Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense.
Bitdefender Bitdefender Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats.

Business cloud applications

Product name Vendor Description
Atlassian Atlassian Atlassian provides collaboration, development, and issue tracking software for teams.
Azure Microsoft Microsoft Azure provides tools and services to help you reach and scale to a global audience with cloud gaming services.
AWS Amazon Amazon Web Services provides information technology infrastructure services to businesses in the form of web services.
Box Box Box is an online file sharing and cloud content management service offering unlimited storage, custom branding, and administrative controls.
DocuSign DocuSign DocuSign is an Electronic Signature and Agreement Cloud enabling employees to securely send, sign and manage agreements.
Dropbox Dropbox Dropbox is a smart workspace company that provides secure file sharing, collaboration, and storage solutions.
Egnyte Egnyte Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization.
GITHUB Microsoft GitHub is a code hosting platform for collaboration and version control. It allows developers to work together on their projects right from planning and coding to shipping the software.
Google Workspace Alphabet Google Workspace plans provide a custom email for your business and includes collaboration tools like Gmail, Calendar, Meet, Chat, Drive, Docs, Sheets, Slides, Forms, Sites, and more.
Google Cloud Platform Alphabet Google Cloud Platform is a set of modular cloud-based services that allows you to create anything from simple websites to complex applications.
NetDocuments NetDocuments NetDocuments enables businesses of all sizes to create, secure, manage, access, and collaborate on documents and email anywhere, anytime.
Office 365 Microsoft Microsoft Office 365 is a subscription-based online office and software services suite, which offers access to various services and software built around the Microsoft Office platform.
OKTA OKTA Okta is a management platform that secures critical resources from cloud to ground for workforce and customers.
OneLogin OneLogin OneLogin is a cloud identity and access management solution that enables enterprises to secure all apps for their users on all devices.
Salesforce Salesforce Salesforce is a global cloud computing company that offers customer relationship management (CRM) software & cloud computing for businesses of all sizes.
ServiceNow ServiceNow ServiceNow provides cloud-based solutions that define, structure, manage, and automate services for enterprise operations.
Slack Slack Slack is an enterprise software platform that allows teams and businesses of all sizes to communicate effectively.
SmartSheet SmartSheet Smartsheet is a cloud-based work management platform that empowers collaboration, drives better decision making, and accelerates innovation.
Webex Cisco Webex, a Cisco company, provides on-demand applications for businesses to conduct web conferencing, telework and application remote control.
Workday Workday Workday offers enterprise-level software solutions for human resource and financial management.
Zendesk Zendesk Zendesk is a customer service platform that develops software to empower organization and customer relationships.

Threat and vulnerability management

Product name Vendor Description
Attack Path Management XM Cyber Hybrid cloud security company providing attack path management changing the ways organizations approach cyber risk.
Corrata Mobile Security Corrata Corrata is an immune system for mobile devices and tablets that detects & protects mobile devices from the full spectrum of security threats like phishing, malware, man-in-the-middle attacks and data loss.
Zimperium Mobile Threat Defense Zimperuim Extend your Microsoft Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense.
RiskAnalyzer DeepSurface Security DeepSurface RiskAnalyzer helps quickly and efficiently discover, analyze and prioritize cybersecurity risk.
Vulnerability Control Skybox security Global security posture management leader with solutions for vulnerability management and network security policy management.
Vulcan Cyber risk management platform Vulcan Cyber Vulcan Cyber gives you the tools to effectively manage the vulnerability and risk lifecycle for all your cyber assets, including application, cloud, and infrastructure.
Extended Security Posture Management (XSPM) Cymulate Cymulate's Extended Security Posture Management enables companies to challenge, assess, and optimize their cybersecurity posture.
Illusive Platform Illusive Networks Illusive continuously discovers and automatically remediates identity vulnerabilities, and it detects attacks using deceptive controls.
ServiceNow vulnerability response ServiceNow Use the Microsoft Threat and vulnerability management integration to import third-party scanner data about your assets and vulnerabilities. You can then view reports about vulnerabilities and vulnerable items on the Vulnerability Response dashboards.

Secure service edge

Product name Vendor Description
Zscaler Internet Access Zscaler Zscaler Internet Access is a cloud native security service edge (SSE) solution that builds on a decade of secure web gateway leadership. Offered as a scalable SaaS platform from the world's largest security cloud, it replaces legacy network security solutions to stop advanced attacks and prevent data loss with a comprehensive zero trust approach.

Additional integrations

Product name Vendor Description
Morphisec Morphisec Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into Microsoft Defender XDR dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information.
THOR Cloud Nextron systems Provides on-demand live forensics scans using a signature base focused on persistent threats.

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.