Cyber attacks are becoming more sophisticated and can be costly for businesses. Microsoft has recognized that it needs to offer stronger protection for its enterprise customers and is announcing a new service to help them detect, investigate, and respond to advanced attacks.
Windows Defender Advanced Threat Protection adds a new post-breach layer of protection to the Windows 10 security stack. Using a mix of client technology built into Windows 10 and a cloud service, it will help detect threats that have made it past other defenses.
It will also provide enterprises with information to investigate the breach across their endpoints, and offer response recommendations. It can provide key information on attacks thanks to sophisticated cloud-based threat intelligence.
Windows Defender Advanced Threat Protection uses a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, as well as tapping into Microsoft’s intelligent security graph which uses big data analytics to identify anomalies. It allows admins to examine the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline.
Writing on the Windows blog Terry Myerson, the head of Microsoft's Windows and Devices Group says, "Just like we developed Windows 10 with feedback from millions of Windows Insiders, we worked with our most advanced enterprise customers to address their biggest security challenges, including attack investigations and day-to-day operations, to test our solution in their environments. Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the entire Microsoft network, making it one of the largest running advanced threat protection services".
SEE ALSO: How to activate Windows Defender Offline in Windows 10
Windows Defender ATP will be built into Windows 10, allowing it to be kept continuously up-to-date, so offering businesses lower costs and zero deployment effort. Using a cloud back end means no on premise server infrastructure or ongoing maintenance is required either.
It's likely that ATP will be made available via the Windows Insider program and eventually the public but as yet there's no word on the timescale.