With all the recent major Microsoft launches, one new
technology went almost unnoticed. The Defender ATP security service
offers advanced protection against cyber-attacks based on big data
The Secure Productive Enterprise E5 licensing plan, about which
talked about on the blog recently, brought access to a new
Microsoft service – Windows Defender Advanced Threat
Protection. This endpoint protection service uses machine
intelligence and the Azure based "intelligent security
graph" to detect security threats. This type of hybrid
approach not only helps you to detect attacks, but also to
investigate and respond, providing a post-breach layer of
Windows Defender Advanced Threat Protection
(ATP) is a significant upgrade over the Windows Defender feature
built into the Windows 10 operating system, Pro and Enterprise
editions. Defender ATP operates as a service that works in
conjunction with its pre-breach protections. By combining the
technologies built into Windows 10 (Defender, Device Guard,
AppLocker) with the cloud service, ATP can offer enterprise-level
security by itself, or work alongside third party security
Windows Defender ATP Service Components (source: Microsoft
ATP utilizes the endpoint behavioral sensors and heuristics that
are part of Windows 10, which gather telemetry from operating
system components and send them to ATP in the cloud, isolated from
cloud-based Defender ATP instances of other customers.
Microsoft's security analytics service then examines this data
and provides you with insights into your systems on how to detect
threats and respond to them.
This is all made possible by Microsoft's use of big data and
machine learning that leverages security information obtained
across their entire ecosystem: cloud monitoring and reporting,
Microsoft researchers, and collaborative efforts across the
industry. The system is informed by anonymous information coming
from over 1 billion Windows devices, 2.5 trillion indexed URLs, 600
million reputation look-ups online, and over 1 million suspicious
files being discovered every day.
Windows Security Center Dashboard (source:
ATP supplements the work of the local Defender software to
identify attacks that can make it past pre-breach defenses and
alerts you; it also gives you the information you need to conduct a
forensic investigation after the fact and mitigation damage from
Microsoft assures us that the data they collect from you will
not be mined for advertising or any other purpose not related to
providing the ATP service, and that your data is segregated and can
be accessed only by authenticated authorized users. Further, you
can choose whether the data from your organization will be stored
in a U.S. or European data center and choose the data retention
policy (from one to six months) that you prefer.
Windows Security Center Machine Report (source:
Enterprise endpoints are monitored from the Windows Defender ATP
portal's dashboard, which shows you a snapshot of the network
with alerts that can be sorted and filtered. From the dashboard,
you can investigate individual alerts, machines, domains, files and
IP addresses. To view and/or use the portal, users must be given
access permissions through Azure Active Directory (AAD), while the
assignment of security roles is done through Azure PowerShell.
A Microsoft research showed that it currently takes an
enterprise more than 200 days to detect a security breach, and 80
days to contain it, with an average of $12 million per incident,
not counting the impact on the company's reputation. Defender
ATP is designed to reduce these timelines and help IT professionals
to proactively detect, investigate and respond to attacks within
And if you're particularly interested in seeing more
information about Windows Defender Advanced Threat Protection,
here's a presentation from Microsoft's Build Conference
with a case study and a demo of this new Microsoft security
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The British High Commission in Mauritius organised Wednesday 25 January 2017, jointly with the Financial Services Promotion Agency and the Board of Investment, the first ever UK-Mauritius fintech conference.
We went into more detail about the container integration, improved headless edition, nested virtualization and PowerShell improvements, as the most prominent feature updates of the new Microsoft server operating system.
There are many thoughts on what A.I. actually means. However, it is typically used to refer to machines that can mimic the cognitive functions of the human mind, something that...
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).