Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Windows Defender ATP Gains Threat Protection Enhancements

    By
    TODD R. WEISS
    -
    November 28, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Windows Defender ATP

      Microsoft’s Windows Defender Advanced Threat Protection (ATP) security platform has been bolstered with a series of improvements aimed at better protecting enterprise IT systems from malicious attacks and other security threats.

      The improvements, which include enhanced automation capabilities, expanded threat hunting, additional attack surface reductions and improved post-breach detection, were unveiled in a recent post on the Microsoft Cloud Blogs by Moti Gindi, the general manager of the Windows Cyber Defense team. The updates come from feedback from customers and partners, as well as through research and refinements by the Defender ATP team.

      Windows Defender ATP is a unified security platform that provides preventative protection including detection, investigation and response to threats against endpoints across enterprises. It is built to detect advanced attacks and data breaches, while automating security incidents within businesses.

      “Across Windows Defender Advanced Threat Protection engineering and research teams, innovation drives our mission to protect devices in the modern workplace,” wrote Gindi. “Our goal is to equip security teams with the tools and insights to protect, detect, investigate and automatically respond to attacks. We continue to be inspired by feedback from customers and partners, who share with us the day-to-day realities of security operations teams constantly keeping up with the onslaught of threats.”

      Two new rules have been added to shrink attack surface targets for attackers, including blocking Microsoft Outlook communications applications and Adobe Reader applications from creating unauthorized child processes at the desktop level that can be used for malicious activities, such as macro and vulnerability exploits. Also added are improved customization for exclusions and allow lists, which can work for folders and even individual files.

      “Attack surface reduction forms the backbone of our answer to a host intrusion and prevention system (HIPS),” Gindi explains. “Attack surface reduction protects devices directly, by controlling and limiting the ways in which threats can operate on a device.”

      Also bolstering Defender ATP are new emergency security intelligence updates that provide fast delivery of protection updates when needed.

      “In the event of an outbreak, [the] Windows Defender ATP research team can now issue an emergency request to all cloud-connected enterprise devices to immediately pull dedicated intelligence updates directly from the Windows Defender ATP cloud,” wrote Gindi. “This reduces the need for security admins to take action or wait for internal client update infrastructure to catch up, which often takes hours or even longer, depending on configuration.”

      Administrators don’t need to set up any special configuration for this feature other than ensuring cloud-delivered protection is enabled on affected devices.

      Also added are new dedicated detection mechanisms for cryptocurrency mining malware, which has been a growing problem for enterprises, as well as an increased focus on detecting and disrupting tech support scams that can pop up.

      The Defender ATP team has also worked to harden the platform to make it more difficult for malicious actors to exploit vulnerabilities and bypass the operating system’s built-in security features, Gindi wrote.

      “We’ve done this by putting Windows Defender ATP’s antivirus in a dedicated sandbox,” which makes it more difficult for attackers to tamper with and exploit antivirus protection in order to compromise devices, he wrote.

      Incidents Feature Groups Alerts

      Another new feature, called Incidents, has been added to give an aggregated view to security analysts so they can understand the larger context of a complex security event, wrote Gindi. “As attacks become more sophisticated, security analysts face the challenge of reconstructing the story of an attack. This includes identifying all related alerts and artifacts across all impacted machines and then correlating all of these across the entire timeline of an attack.”

      The new Incidents tools group the alerts together and identify the machines involved and the related investigations, and then present all collected evidence to show the breadth and scope of an attack, according to Gindi. “By transforming the queue from hundreds of individual alerts to a more manageable number of meaningful aggregations, Incidents eliminates the need to review alerts sequentially and to manually correlated malicious events across the organization, saving up to 80 percent of analyst time,” he wrote.

      The new capabilities in Defender ATP also include expanded automation to automatically investigate and fix memory-based attacks, advanced threat analytics, custom detection rules for advanced threat hunting, and built-in capabilities for discovery and protection of sensitive data on enterprise endpoints.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×