Microsoft has today announced a new security service for Windows 10 enterprise users called “Windows Defender Advanced Threat Protection” that aims to help detect, investigate and even respond to incoming cyber attacks on an enterprise network. This new service provides a new “post-breach layer of protection” on top of other Windows 10 security features such as Windows Hello, Device Guard and more.
The Redmond-giant says cyber attacks are becoming more and more sophisticated, with thousands of attacks reported in 2015, enterprises can’t afford to be the target of an incoming attack from cyber criminals. With the help of Windows Defender Advanced Threat Protection, enterprises will have yet another security layer that will help enterprises identify who, what and why an attack happened, as well as when an attack is actually taking place.
“Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioural sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.”
Not only that, but this new service will also provide response recommendations which will provide an easy and convenient way of investigating alerts, explore the network for possible attacks, and even utilise a “time travel” ability that analysis the state of machines as well as their activity over the last six months to help identify previous attacks and create an attack timeline.
“With time travel-like capabilities, Windows Defender Advanced Threat Protection examines the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline. Simplified investigation tools replace the need to explore raw logs by exposing process, file, URL and network connection events for a specific machine or across the enterprise.”
Since the Advanced Threat Protection is being built into Windows 10, Microsoft points out that this new security layer will be continuously updated with no deployment effort needed, which as a result will lower costs for enterprises. The Windows Defender Advanced Threat Protection is powered by backend cloud services, meaning no local infrastructure or ongoing maintenance is required. It also hooks up via Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analysis.
Microsoft says this new security service is already in use with over 500,000 early adopters, with Microsoft collecting feedback to strengthen and improve the service for a broader rollout. This makes it one of the largest advanced threat protection services in use today, already!
Finally, Microsoft is encouraging enterprises to get upgraded to Windows 10 for a more secure operating system experience, and with Windows Defender Advanced Threat Protection being one of many new security layers available for enterprise customers.Further reading: Enterprise, Microsoft, Windows 10