Endpoint security specialist Ziften has joined Microsoft’s Windows Defender Advanced Threat Protection (ATP) Advanced Hunting project, further integrating protection for Windows, MacOS and Linux environments.

Ziften originally announced in November 2017 that it had integrated its Zenith systems and security operations platform with Microsoft Windows Defender Advanced Threat Protection.

That move led to Ziften opening an Australian office in March 2018 and the appointment of Greg Kieser as country manager for ANZ.

Ziften SVP of marketing Roark Pollork, said Microsoft Australia had been one of the first branches to take advantage of this integration. In a briefing session at a NetEvents Forum in San Jose, Pollork said that Microsoft’s Australian team “was the first in the world to bring Ziften on in a big way”.

“So Australia and New Zealand were the first countries where we started working with Microsoft,” Pollork said. “We now have a distributor in Australia, Instentra and we are developing new resellers through Instentra.”

As a member of the Advanced Hunting project Ziften will contribute information and analysis of MacOS and Linux threats to information gathered by Microsoft on Windows environments, a move it says will speed the identification and tracking of suspicious behaviours and risks across all three environments.

Windows Defender is not able to monitor MacOS or Linux devices, which are present in most organisations of any size, Pollork said. By integrating Ziften’s technology, he said Microsoft had been able to address this problem.

“Windows Defender ATP monitors Windows operating systems; all the data gets collected in the Azure cloud where Microsoft applies their threat detection and protection and gives customers a single pane of glass, the Windows ATP console, to manage security across all their Windows devices,” Pollork said.

“Over 50 per cent of Windows 10 buyers are now buying Windows anti-virus and Gartner says Microsoft is now the biggest vendor people are asking about now for endpoint protection.

“But Microsoft has a big gap: 90 per cent of enterprises also have Macs in their environment today and 30 per cent probably have more Linux than Windows servers.”

Ziften’s standard product monitors Windows, MacOS and Linux environments leveraging SoftLayer or AWS cloud services and gives customers visibility of all these environments from a single portal.

Under its integration with Windows Defender ATP, data from Ziften’s cloud on MacOS and Linux devices is fed into the Windows Defender backend in Azure, and presented on the Windows Defender console.

“We now have a two-click integration for Windows customers to sync our backend with the Windows ATP back end in the Azure cloud,” Pollork said. “Now, the customer has to use only one console to manage their windows, Mac and Linux systems.”

He added: “I think Microsoft and Ziften have an opportunity to seriously disrupt the endpoint security space because all the Windows shops are looking to Microsoft for their endpoint protection.”

While the Ziften product does offer comparable functionality for Windows users, Pollork said Ziften was not competing with Microsoft.

“We work in the mid-market; Microsoft is bringing us into the large enterprise market. It is totally incremental to our business. And if they are going to disrupt the market it is better to be a partner than a competitor.”

Following the opening of its Australian office, Ziften has opened offices in the Netherlands and Germany, and Pollork said it expected to announce a partner for Japan within the next few months.

Ziften also launched, in March, its Fast Start program for on-boarding Microsoft Windows Defender ATP channel partners globally. “We have been on-boarding Microsoft channel partners around the world as fast as we can,” Pollork said.

The author attended the NetEvents forum as a guest of the company.