Windows Defender Advanced Threat Protection (ATP) is the result of a complete redesign in the way Microsoft provides client protection. It is agentless, built directly into Windows 10, and was designed to learn, grow, and adapt to help security professionals stay ahead of incoming attacks. With Windows 10, we can use the built-in security.
Пользователи Android-смартфонов уже могут опробовать новый антивирус Defender ATP для Android от компании Microsoft. Впервые о своих намерениях выпустить такой продукт компания заявила еще в феврале. И вот сейчас мир увидел первую бета-версию продукта.
В этой программе есть все ожидаемые для антивируса функции: сканирование устройства на наличие вирусов или обнаружение попыток кражи личных данных. Программа блокирует использование вредоносных URL-адресов. Все опасные сайты, выявленные Microsoft Defender на телефонах, заблокируются на всех гаджетах, на которых установлен антивирус.
По данным Microsoft, новое программное обеспечение имеет скрытые опции благодаря объединению с более сложными утилитами Defender ATP, Intune и Configuration Manager.
Скорее всего, разработкой и внедрением этой программы Microsoft хочет укрепить свои позиции на рынке смартфонов и готовится к презентации раскладного Surface Duo. По слухам, премьера этого гаджета состоится в июле.
This blog on Microsoft Defender ATP is Part 2 of my 3-part series covering Microsoft Intelligent Security Solutions. Part 1 covers the Microsoft Secure Score service, explaining the world’s current cybersecurity environment and how Microsoft Secure Score helps organizations to identify their Office 365 security weaknesses and then implement fixes.
Here, Part 2 in the series covers the Microsoft Defender Advanced Threat Protection (ATP) platform and how it offers Windows users best-in-class cybersecurity breach detection, post-breach investigation, and synchronized defense across your entire IT ecosystem.
Simply put, Microsoft Defender ATP is an optional add-on to Windows Defender Antivirus, which is the free antivirus software included with every Windows 10 install. Windows Defender Antivirus program is Microsoft’s own comprehensive, real-time software protection against malware, viruses, and spyware, defending your endpoints across email, apps, and the web. Organizations can opt for additional layer of security in Microsoft Defender ATP to increase visibility and provide additional features to secure your environment.
Major features of Microsoft Defender ATP include:
When enabled, Microsoft Defender ATP provides an additional layer of protection based on a cloud-hosted SaaS solution that leverages Windows Defender Antivirus telemetry and features for an agentless security fabric solution that enhances endpoint security by harnessing behavioral analytics backed by the Microsoft Intelligent Security Graph. Microsoft Defender ATP telemetry is then fed into your Secure Score Portal for single pane visibility into your environmental security posture, including the edge nodes! Part 1 of my blog series covers Microsoft Secure Score. So now you see now Microsoft offers a complete end-to-end cybersecurity solution to secure the enterprise with single glass-pane access and reporting that encompasses all workloads and devices.
Leveraging Windows Defender Antivirus, the Microsoft Defender ATP platform gives you an agentless security solution baked into the operating system, regularly updated with Windows Update, to help secure your IT ecosystem at the edge, wherever that happens to be. Driving the ability to safely allow anywhere, anytime access to cloud services.
With Microsoft Defender ATP tied into that OS-level monitoring and telemetry, it becomes nearly impossible for cybercriminals to disable or compromise any part of the system without triggering an alert. (Additional layers of security can be had by enabling purpose-built attack surface reduction rules available only in Windows 10 Enterprise.)
Microsoft Defender ATP is backed by the Microsoft Intelligent Security Graph, a central repository of cybersecurity exploits and security signals , which is curated by experts and researchers and backed by AI behavioral analytics. Over 800 million endpoints report near real-time telemetry to this repository. The repository is further enhanced with content from Microsoft Security researchers’ deep analysis of advanced threat actors’ patterns of infiltration and persistence methods.
Strategize the next steps of your organization's application modernization journey leveraging our experts' pragmatic approach.
Get the Guide
If any Microsoft Defender ATP endpoint gets attacked at the edge, that information is immediately reported to the Security Graph repository, and automated remediation is attempted. This new attack data is then pushed out to the Microsoft Security Graph and then shared down to each of the endpoints enrolled with Windows Defender ATP.
This response effectively inoculates the rest of the endpoints from that same attack. This creates a huge cost-mountain for cybercriminals to climb, because all known exploits are already monitored for, and even if a new type of exploit is used to break in successfully, that exploit immediately becomes a “one-and-done” for all the other 800 million endpoints reporting to the Security Graph.
This is the benefit of automated security where you pit computer against computer and go from an extremely manual process to an automated one, taking you from alert to remediation in a matter of minutes. With the ability of ransomware to propagate as soon as domain dominance has occurred, time is not on your side if you are manually intervening. Microsoft Defender ATP solves this critical time problem with synchronized environmental defense.
All parts of your current on-premises and cloud-based infrastructure are covered.
Microsoft is part of a broad Cybersecurity Tech Accord coalition of companies that all report security telemetry to the Security Graph, and that partnership is growing larger every day. This Intelligent Security Association has a mission to help secure the world of tomorrow, improving all security products, and providing a common platform and repository for security researchers and experts to contribute to. Add in the real-world data that 800 million endpoints provide, and the odds are now stacked against cybercriminals and Advanced Threat Actors.
As we talked about in Part 1 of this series, the new cybersecurity model is “assume breach” and preparing for breach means being able to effectively produce a post-breach response report that outlines how, what, where, and for how long your data or environment had been at risk.
Automating the details of that report are critical to ensuring a timely response by your organization when breach does occur, and Microsoft Defender ATP is the only solution with the global insight and intelligent security that provides deep insight into breaches in near real time.
In fact, the reporting side of Microsoft Defender ATP is as important a topic as its detection capabilities. With all the new global government regulations like GDPR, CCPA, and HIPPA, having this reporting available to meet these strict regulations , in some breach situations, within 72 hours you need to know everything about that breach and what was the scope.
Mostly likely not. Access to seasoned Microsoft Threat Experts and SecOps teams is the type of next-level services that only Microsoft offers. Global experience gained from monitoring and protecting 800 million endpoints gives Microsoft the edge in this cybersecurity contest.
From the smallest hack on a mom-and-pop shop to attacks on critical government and public infrastructure, Microsoft (and its partner Perficient) have the talent and expertise to help get you secure, and get you back to normal operation post-breach. That’s way more comforting than asking your in-house IT department to find the new persistent, file-less threat attacking your network at 3am.
Ready to implement all-encompassing cybersecurity with Microsoft Defender ATP? Sign up for your free trial and contact Perficient today for assistance.
Now that we’ve finished going over Microsoft Defender ATP, return in a few days and I’ll share Part 3 of this series that dives deeper into the Microsoft Intelligent Security Graph.