Pondurance opened 2026 with two announcements aimed at shrinking the window between intrusion and damage. On January 27, the company announced RansomSnare, a new MDR module Pondurance says suspends a malicious process when it attempts to encrypt its first file and prevents data exfiltration at the earliest stage. And on February 2, Pondurance followed with “Pondurance for Microsoft,” a Microsoft 365-optimized MDR service built around Microsoft Defender XDR and a 24/7 SOC, tailored for mid-sized organizations that run heavily on Microsoft tools.
Both releases speak to a common midmarket reality. The environment looks enterprise-grade because the stack is, yet the day-to-day security function often runs thin. Microsoft 365 and Windows anchor email, identity, collaboration, and endpoints in many organizations, and that predictability rewards attackers. As Pondurance senior solutions architect Michael DeNapoli puts it, “Attackers target what they know will be there,” and when they go after Windows and Microsoft applications, “They are playing a numbers game.”
The failures that follow tend to be ordinary. DeNapoli points to outdated systems, unpatched applications, unmanaged third-party software, and the way a compromised workstation can become a gateway into everything else that’s already authenticated. He also draws a clean line on responsibility: “Microsoft is responsible for securing the Microsoft 365 cloud itself, but organizations remain responsible for securing the devices, tenancies, and users that access those services.” The work that keeps environments safer sits in configuration discipline, update cadence, and process consistency, all of which strain when IT teams are small and coverage is uneven.
“Pondurance for Microsoft” is designed to address that strain. In its announcement, Pondurance says the service leverages Microsoft Defender XDR and pulls data from Microsoft 365 and Entra ID, with response actions such as session termination, password resets, account lockouts, and endpoint containment. CEO Doug Howard frames the point as underuse rather than absence: “Many mid-market organizations already have access to Microsoft Defender but aren’t using it to its full potential due to staffing, tuning, and response challenges.”
RansomSnare speaks to a different part of the same problem: timing. Howard argues that EDR often depends on signatures, heuristics, or behavioral baselines that variants are designed to evade, and says Pondurance is “adding a defensive capability that stops the ransomware process in its tracks before it encrypts files and before data is siphoned off the network.” Together, the two announcements read as a practical early-year direction—make Microsoft-native security run like a function, then tighten the window where ransomware can turn an intrusion into an operational crisis.