Microsoft now offers their Defender ATP security service for advanced protection against cyber-attacks based on big-data analytics. This new offering is the standalone version of the Microsoft Defender ATP and effectively replaces the need for 3rd party endpoint protection solutions.
Windows Defender Advanced Threat Protection uses machine intelligence and the Azure based “intelligent security graph” to detect security threats. This approach allows your business and security team to detect attacks, but also investigate and respond to cyber threats in a post-breach layer of protection.
Compared to the built-in Windows Defender feature in Windows 10, Windows Defender Advanced Threat Protection (ATP) is a significant upgrade providing pre- and post- breach protections. Using a combination of the technologies built into the Windows 10 versions (Defender, Device Guard, AppLocker) with the cloud service, Defender ATP offers a complete enterprise-level security suite.
Defender ATP utilizes endpoint behavioral sensors and heuristics that are part of Windows 10 to gather telemetry from operating system components and send them to the ATP service in the cloud. In layman’s terms, Microsoft Defender ATP can detect vulnerabilities in your operating system and applications and send them to the Microsoft security analytics service for analysis and recommendation on how to detect threats and respond to them. Your instance and data from Defender ATP are isolated from other customers’ Defender ATP instances in the cloud.
The engine that powers all of this is Microsoft’s use of Big Data and Machine Learning that leverages the security information gathered from across their entire ecosystem, including cloud monitoring and reporting, Microsoft researchers, and the collaborative efforts across the industry. The system anonymously collects information from over 1 billion Windows devices, 2.5 trillion indexed URLs, 600 million reputation look-ups online, over 1 million suspicious files being discovered every day.
The Microsoft Defender Advanced Threat Protection service enhances the Windows Defender software in Windows 10 to identify sophisticated attacks that can bypass pre-breach defenses and proactively alerts your security team, and provides detailed information to conduct an investigation and mitigate the threat potential.
Rest assured that the data Microsoft collects will never be mined for advertising or used for any other purpose not related to providing the Defender ATP service, and that your data is segregated and can only be accessed by authenticated authorized users. In addition, you can choose whether the data from your organization is stored in a U.S., Canada, or European data center and control the data retention policy you prefer – from 1 month to 6 months.
Your endpoints are centrally monitored from the Windows Defender ATP portal dashboard which provides detailed and holistic data of your network status, including alerts that can be sorted and filtered. You can dive deeper into each alert, machine, domain, files and IP addresses to investigate further. To view and/or use the portal, users must be given access permissions through Azure Active Directory (AAD), while the assignment of security roles is done through Azure PowerShell.
A recent study conducted by Microsoft’s research team identified that it takes an enterprise more than 200 days to detect a security breach, and 80 days to contain it. This is a staggeringly long delay and incredibly dangerous with an average of $12 million per incident and the significant impact to a company’s reputation, its not surprising then that many businesses that suffer attacks never recover. Defender ATP is designed to reduce the time to detect and respond, and help IT and Security teams proactively detect, mitigate, investigate, and respond to attacks against their organization.
360 Visibility regularly conducts Cloud Security assessments with organizations to identify a business’s security posture baseline and implementing security best practices using Microsoft tools. Contact us today to schedule a Cloud Security Assessment and Workshop tailored to your unique environment and begin implementing the security tools to ensure your business continuity.