Continuing in our Super Security Showdown series, in the last article we reviewed the new public preview of Azure Active Directory Identity Protection. Let’s continue with the next most recent announcement of Windows Defender Advanced Threat Protection.
- Azure Active Directory Identity Protection
- Windows Defender Advanced Threat Protection
- Microsoft Advanced Threat Analytics
- Azure Security Center
- OMS Security and Audit Solution
Windows Defender Advanced Threat Protection (ATP)
Overview of Windows Defender Advanced Threat Protection
Microsoft announced at the beginning of the month the new Windows Defender Advanced Threat Protection. This service is centered around Windows 10, but more specifically for Enterprises.
According to the Announcing Windows Defender Advanced Threat Protection YouTube video, this is built into Windows 10 (or at least “will” be with an upcoming build release), and you can opt-in to the program.
From Microsoft’s research they have found that “it currently takes an enterprise more than 200 days to detect a security breach and 80 days to contain it.” So doing some quick math, that’s a minimum of 280 days combined, which works out to be a little over 9 months! Think about how much damage someone could do to your organization with 9 month’s access.
Here’s an interesting excerpt from the article:
Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.
I’m going to repeat my sentiment from the part of this series: That gives a new meaning to “BIG DATA”! 1 billion devices, 2.5 trillion URLs, and 1 million suspicious files detonated every day!
Since this is a cloud-based service, you don’t need to deploy any servers on-premises to leverage it. It also complements other security services like O365 ATP and ATA.
There is currently no information on how to start using this service, but Microsoft states: “We encourage our customers to upgrade to Windows 10 for our most advanced security protection, with the opportunity to take advantage of Windows Defender Advanced Threat Protection when it becomes available more broadly this year.”
So we will have to wait and see.
Windows Defender Advanced Threat Protection Requirements
That’s enough of an overview, what are the requirements?
Requirements: Windows 10 (unknown Build Number)
Pro’s: No on-premises servers to deploy, compliments Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics
Con’s: Currently the service does not include remediation tools, but the article does indicate that this will come in the future.
Windows Defender Advanced Threat Protection Reference Material:
- Announcing Windows Defender Advanced Threat Protection: https://blogs.windows.com/windowsexperience/2016/03/01/announcing-windows-defender-advanced-threat-protection/
So that’s the new Windows Defender Advanced Threat Protection. In the next article we will explore Microsoft Advanced Threat Analytics.