Microsoft announces Windows Defender Advanced Threat Protection

On March 1st Microsoft unveiled details of a threat protection service that is being developed to help organisations detect and deal with attacks on their networks.

Cyber attacks are becoming increasingly sophisticated with criminals using social engineering and zero-day vulnerabilities to break-in to corporate networks. Attackers can wreak havoc on a corporate network, stealing data, breaching privacy, destroying the trust of customers and costing organisations millions.

Terry Myerson, Executive vice president for the Windows and Devices Group said, “As the attackers’ approaches have evolved and become more sophisticated, so must our approach to providing security to our enterprise customers.” 

Spotting an attack can be almost as difficult as stopping one and the faster an IT team can catch the breach, the faster their company can respond.  Windows Defender Advanced Threat Protection will help enterprises detect and react to threats faster.

Windows Defender Advanced Threat Protection will Help Detect, Investigate and Respond to Attacks

This new service will help enterprises to detect, investigate and respond to advanced attacks on their networks. Building on the existing security defenses Windows 10 offers today, Windows Defender Advanced Threat Protection provides a new post-breach layer of protection to the Windows 10 security stack. With a combination of client technology build into Windows 10 and a robust cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.

Windows Defender Advanced Threat Protection:

Detects Advanced Attacks 

It provides key information on who, what and why the attack happened. Sophisticated threat intelligence enables attack detection, informed by the world’s largest array of sensors and expert advanced threat protection, including a team of experts at Microsoft and expert security partners.

It is powered by a combination of Windows behavioural sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviours to identify anomalies- informed by annonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.

This data is then augmented by expertise from world-class security experts and advanced threat protection Hunters from across the globe, who are uniquely equipped to detect attacks.

Response Recommendations 

The service’s security operations data provides an easy way to investigate alerts, explore the entire network for signs of attacks, examine attacker actions on specific devices, and get detailed file footprints from across the organisation to recommend responses.

With time travel-like capabilities, Windows Defender Advanced Threat Protection examines the state of machines and their activities over the last six months to maximise historical investigation capabilities and provides information on a simple attack timeline. Simplified investigation tools replace the need to explore raw logs by exposing process, file, URL and network connection events for a specific machine or across the enterprise.

And, a cloud-based detonation service enables files and URLs to be submitted to isolated virtual machines for deep examination. In the future, Windows Advanced Threat Protection will also offer remediation tools for affected endpoints.

Compliments Microsoft Advanced Threat Detection Solutions

Because Windows Defender Advanced Threat Protection is being built into Windows 10, it will be kept continuously up-to-date, lowering costs, with no deployment effort needed. Powered by cloud backend, no on premise server infrastructure or ongoing maintenance is required. It complements email protection services from Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.