Microsoft Boosts Windows Defender ATP Security

Microsoft previews some of the new capabilities coming to its threat protection product for businesses in the forthcoming Creators Update for Windows 10.

Microsoft Windows 10 Security

There's more to the Windows 10 Creators Update virtual reality (VR) experiences and features aimed at creative professionals. For businesses, the system software upgrade will also enhance Windows Defender Advanced Threat Protection's (ATP) ability to uncover stealthy attacks.

Borrowing the name of the antimalware software that comes bundled in the company's flagship operating system, Windows Defender ATP is a cloud-based data security service that provides advanced breach detection based on the information gathered by Microsoft's massive threat intelligence system. This coming spring, it's due for a big upgrade.

"Windows Creators Update improves our OS memory and kernel sensors to enable detection of attackers who are employing in-memory and kernel-level attacks—shining a light into previously dark spaces where attackers hid from conventional detection tools," wrote Avi Sagiv, principal program manager of Windows Defender ATP at Microsoft. "We've already successfully leveraged this new technology against zero-days attacks on Windows."

Windows Defender ATP also battles one of most pernicious threats affecting businesses today. The product will feature enhanced ransomware detection capabilities that employ the company's behavioral and machine-learning technologies to counter the malware as it evolves.

Ransomware is evolving into a major threat to enterprises and operators of critical infrastructure.

In January, 70 percent of Washington, D.C.'s police cameras were knocked offline by ransomware. Late last year, Victor Gevers, GDI Foundation security researcher, warned that ransomware had affected over 10,000 MongoDB databases.

Microsoft is among a growing number of technology companies that are employing machine-learning and artificial intelligence (AI) to shore up their IT defenses.

Last month, information security startup PatterEx opened its doors and launched its Threat Prediction Platform. The software uses an AI technology called Active Contextual Modeling to mimic the instincts of human security analysts in real-time. According to the company's CEO and co-founder Uday Veeramachaneni, the platform can detect 10 times more threats while generating fewer false positives compared to machine learning-based approaches to anomaly detection.

Microsoft is also helping organizations unravel intrusions that may have gone unnoticed in prior months. 

When Windows Defender ATP discovers a new security threat, its' historical detection feature enables administrators to check if it paid a visit in the past. The feature can apply new detection rules to up to the past six months of security data to unearth previously undetected attacks.

The management experience is also getting a makeover.

The Windows Defender Security Center interface's alert page now generates a process tree visualization that amasses a collection of detections and related security events into a single, time-saving view. Sagiv asserted that the updated page provides more information up front, slashing the time it takes security teams to investigate and resolve incidents.

The solution will enable users to take immediate action, stopping attacks in their tracks. IT workers can now instantly isolate infected systems to prevent them from affecting other systems, or delve even further by killing or quarantining specific running processes. They can also elect to outright ban certain dangerous files from a network, thwarting attempts to distribute malware.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...