Microsoft Embeds Hexadite's AI Tech into Windows Defender ATP

Months after acquiring automated incident response specialist Hexadite, the company has integrated the former startup's technology into Windows Defender ATP.

Windows Defender Advanced Threat Protection

Windows Defender Advanced Threat Protection (ATP), Microsoft's cloud-based breach detection and alerting service, will soon be able to respond to malware threats as well. Microsoft announced on Sept. 19 that it had successfully integrated Hexadite's automated security technology into the product and is working on making it generally available to customers.

In June, Microsoft announced that it had agreed to acquire Hexadite, an Israeli technology startup that used artificial intelligence (AI) technologies to power its automatic security threat investigation and remediation offering. Although the terms surrounding the deal were not disclosed, Microsoft reportedly paid $100 million to snap up Hexadite.

Months later, the technology will be used to help IT security teams keep a more intelligent and watchful eye on their networks.

"This enables Windows Defender ATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting Windows Defender ATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale," wrote Rob Lefferts, partner director of the Windows and Devices Group at Microsoft. "With this addition, Windows Defender ATP now covers the end-to-end threat lifecycle from detection to investigation and response automatically."

Essentially, Windows Defender ATP will be able to both find and fix data breaches. Administrators will have the option of letting the product run automatically in straightforward cases or review its findings before pulling the trigger.

IT professionals will help save time in either scenario using the soon-to-be updated version of Windows Defender ATP, claimed Lefferts, by allowing them to focus on potentially severe threats and complex problems rather than putting out minor fires.

Chances are that they are already being inundated with security alerts.

Citing an EMA study, Lefferts noted that most organizations (88 percent) receive up to 500 severe or critical alerts each day. Another 88 percent admitted that their security teams investigate 25 of those alerts, or fewer, on any given day.

That leaves a massive gap for relentless cyber-attackers to sneak through, as Microsoft's own data suggests. Each day, Windows ATP provides visibility into "970 million malicious security events" across both its consumer and enterprise software and services ecosystem, said Lefferts.

As Equifax and the millions of consumers tracked by the credit ratings firm recently discovered, a breach can have devastating effects.

On Sept. 7, Equifax disclosed that it had been the victim of a breach that exposed the personally identifiable information, including Social Security numbers, of 143 million people in the U.S., or just over half the country's adult population. Immediately after the announcement, a class-action lawsuit was filed. The following week, on Sept. 15, the company announced that David Webb, chief information officer (CIO), and Susan Mauldin, chief security officer, were retiring, a direct consequence of the massive breach.

Windows Defender ATP with Hexadite's will be available in beta sometime later this year.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...