Microsoft Cures Breach Blindness for Enterprises

A new offering, called Windows Defender Advanced Threat Protection, alerts administrators if attackers gain a foothold on a network.

Microsoft Windows Defender Advanced Threat Protection

Suffered a network breach? Microsoft's latest cloud-based data security service can help administrators prevent their Windows devices from giving up the goods.

Using as a backdrop this week's RSA Conference—when the IT industry turns its attention to information security—the software giant on March 1 announced Windows Defender Advanced Threat Protection. Borrowing the name of Windows' built-in anti-malware software, the upcoming product helps make Windows 10 systems less susceptible to data leaks, even if an attacker has already managed to breach a corporate network.

"To help protect our enterprise customers, we are developing Windows Defender Advanced Threat Protection, a new service that will help enterprises to detect, investigate and respond to advanced attacks on their networks," Terry Myerson, executive vice president of Microsoft's Windows and Devices group, said in a March 1 announcement. "Building on the existing security defenses Windows 10 offers today, Windows Defender Advanced Threat Protection provides a new post-breach layer of protection to the Windows 10 security stack."

While businesses experienced fewer breaches in 2015 than the year before, they remain a major concern. Last year, organizations reported a total of 1,673 breaches, 46 of which involved a million records or more. On average, the total cost for a data breach rings up at $3.8 million, according to Ponemon Institute's 2015 Cost of Data Breach Study. Generally, it takes just over 200 days to detect a breach.

Windows Defender Advanced Threat Protection is Microsoft's bid to keep its customers, or at least their Windows systems, from becoming one of those statistics. "With a combination of client technology built into Windows 10 and a robust cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations," Myerson continued.

The product can detect advanced attacks, courtesy of security analytics performed by Microsoft. The company claims to gather anonymized information from over a billion Windows devices and 2.5 trillion indexed URLs, along with "detonating" a million suspicious files each day, to inform its threat intelligence system.

When a threat is detected, the product can offer security administrators recommendations on how to proceed.

"With time travel-like capabilities, Windows Defender Advanced Threat Protection examines the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline," Myerson said. "Simplified investigation tools replace the need to explore raw logs by exposing process, file, URL and network connection events for a specific machine or across the enterprise." The company is also working on baking remediation tools into the offering.

In its current pre-release state, the product is already helping safeguard 500,000 endpoints, Myerson revealed. "Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the entire Microsoft network, making it one of the largest running advanced threat protection services."

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...