Resource: Using Windows Defender Advanced Threat Protection After a Breach

One of the new features we have told you about in the Windows 10 Anniversary Update, which was released earlier this month, is Windows Defender Advanced Threat Protection (ATP).

The idea behind ATP is that with the constantly changing threat landscape and despite our best efforts it may be impossible to protect company networks 100% so it is important to know when a network has been breached. That awareness can then be used to look into the attack, find out its specific vector and remediate the weak spot it came in through.

It also allows an organization to know there has been a breach and find out what data, if any, has been compromised otherwise companies may have intruders in their networks for days, weeks, months and sometimes years before they know it happened.

As mentioned above, these ATP features are new to the Anniversary Update for Windows 10 so it is likely that many organizations are not actively using ATP beyond small scale testing of the OS update itself.

For those of you still considering your options for migrating to Windows 10 in the future a new white paper from the Windows Security Center will give you background on how this post-breach feature works.

"Unlike pre-breach, post-breach assumes a breach has already occurred – acting as a flight recorder and crime scene investigator (CSI). It monitors security events on the endpoint and leverages large scale correlation and anomaly detection algorithms to alert on evidence of an ongoing attack. Post-breach leverages the attacker’s need to perform multiple actions after the initial breach, such as performing reconnaissance, hiding and moving across the network to locate high-value assets, and executing information extraction. Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar. Finally, postbreach closes the loop back to pre-breach antimalware and other prevention capabilities by feeding them with missed signals and samples. As such, it complements the pre-breach security solution stack."

The five page PDF document breaks down into the following areas about ATP:

This document is well worth your time to read and learn more about ATP and how Microsoft plans to change the approach to breaches with this new feature in the Anniversary Update.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

----------------------------------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!