Microsoft Announces Windows Defender Advanced Threat Protection

There is no doubt that security is a number one priority for companies these days or at least it should be.

Not a day goes by when we are not reading about some type of breach in businesses ranging from phishing, ransom ware and other dangerous viruses and worms.

Having a multilevel strategy in place to combat these attacks is critical and today Microsoft has announced a new service, Windows Defender Advanced Threat Protection, that is intended to assist in protecting those systems alongside of other Windows 10 features like Credential Guard, Device Guard, Windows Hello and Enterprise Data Protection.

According to Microsoft's Terry Myerson, Executive Vice President for Microsoft's Windows and Devices Group, companies can go for months without realizing they have had a breach. Those delays in detection can also be very expensive.

"We’ve found it currently takes an enterprise more than 200 days to detect a security breach and 80 days to contain it. During this time, attackers can wreak havoc on a corporate network, stealing data, breaching privacy, and destroying the trust of customers. These attacks are incredibly expensive, costing organizations an average of $12 million per incident with broader impact to a company’s reputation."

The new Windows Defender Advanced Threat Protection service enables companies to detect, investigate and respond to attacks oin their corporate networks and devices.

Here is how those three phases of action are implemented:

Detects Advanced Attacks

Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.

This data is then augmented by expertise from world-class security experts and advanced threat protection Hunters from across the globe, who are uniquely equipped to detect attacks.

Response Recommendations

The service’s security operations data provides an easy way to investigate alerts, explore the entire network for signs of attacks, examine attacker actions on specific devices, and get detailed file footprints from across the organization to recommend responses.

With time travel-like capabilities, Windows Defender Advanced Threat Protection examines the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline. Simplified investigation tools replace the need to explore raw logs by exposing process, file, URL and network connection events for a specific machine or across the enterprise.

And, a cloud-based detonation service enables files and URLs to be submitted to isolated virtual machines for deep examination. In the future, Windows Advanced Threat Protection will also offer remediation tools for affected endpoints.

Complements Microsoft Advanced Threat Detection Solutions

Because Windows Defender Advanced Threat Protection is being built into Windows 10, it will be kept continuously up-to-date, lowering costs, with no deployment effort needed.  Powered by a cloud backend, no on premise server infrastructure or ongoing maintenance is required. It complements email protection services from Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.

According to Myerson, the service is already in use on over half a million devices for customers who have helped Microsoft test and develop the Windows Defender Advanced Threat Protection program.

"Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the entire Microsoft network, making it one of the largest running advanced threat protection services."

Some of those companies involved in this early testing and use include Avanade, Pella Windows and TDC Hosting Denmark who all provided testimonials about the impact this new service has had for their own companies. You can read those at the bottom of the announcement over at Microsoft.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.