Microsoft yesterday took to the Microsoft Secure Blog to detail some new security enhancements heading to the Windows Defender Advanced Threat Protection (ATP) in the Creators Update. The enhancements mark Microsoft's investment in delivering enhanced security to their customers and ultimately helps the company keep Windows 10 devices throughout the world safe.
Overall, the new ATP updates cover three key areas: detection, investigation, and response. On the detection end of things, the Creators Update improves memory and kernel sensors to enable detection of attackers who are employing in-memory and kernel-level attacks. Then, with the investigation enhancements, IT professionals will be able to more easily visualize and track security-related breaches through a single portal which features process tree visualization.
Lastly, with enhancements to response, security teams can take immediate action when an infection is spotted and isolate machines, ban files, and kill processes or files. We've included a few tidbits from these areas for you below.
- Detection: Windows Creators Update improves our OS memory and kernel sensors to enable detection of attackers who are employing in-memory and kernel-level attacks – shining a light into previously dark spaces where attackers hid from conventional detection tools. We’ve already successfully leveraged this new technology against zero-days attacks on Windows.
- Investigation: Customers asked us for a single pane of glass across the entire Windows security stack. Windows Defender Antivirus detections and Device Guard blocks are the first to surface in the Windows Defender ATP portal interleaved with Windows Defender ATP detections. The new user entity adds identity as a pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track attackers moving laterally across the network.
- Response: When detecting an attack, security teams can now take immediate action: isolate machines, ban files from the network, kill and quarantine running processes or files, or retrieve an investigation package from a machine to provide forensic evidence – with a click of a button. Because while detecting advanced attacks is important – shutting them down is even more so.
The Redmond giant is constantly updating the defenses in Windows 10, and is working on upgrading detections of ransomware advanced attacks, as well as applying behavioral and machine-learning detection library to counter changing attacks trends. Windows Insiders should already be familiar with these enhancements, and those who would like to learn more can head to this official Microsoft web page.