Microsoft today announced that Windows Defender Advanced Threat Protection (ATP) will include seamless integration across the entire Windows threat protection stack and its reach will extend to include Windows Server. The new functionality will be available in one end-to-end solution coming as part of the Windows 10 Fall Creators Update, which is slated to arrive later this year (likely in September).
Microsoft first announced Windows Defender Advanced Threat Protection, which uses the cloud to detect breaches by analyzing system behavior, in March 2016. In short, the service helps enterprises identify and respond to “advanced” attacks on their networks. But the service was also designed for preventive protection “using new next-generation approaches that in the past have often been too difficult to engineer or use” — and that’s the part the company is now focusing on.
New features include Windows Defender Exploit Guard and Windows Defender Application Guard. Existing features Windows Defender Device Guard and Windows Defender Antivirus will also be getting improvements.
Windows Defender Exploit Guard makes Enhanced Mitigation Experience Toolkit (EMET) native to Windows 10 and, along with new vulnerability mitigations, helps make vulnerabilities more difficult to exploit. Exploit Guard relies on the Microsoft Intelligent Security Graph to offer intrusion rules and policies to protect organizations from advanced threats, including zero day exploits.
Windows Defender Application Guard is designed to stop attackers from establishing a foothold on the local machine or from expanding to the corporate network. If someone accidentally downloads malware or if a zero day is encountered, Application Guard isolates and contains the threat. This secures a company’s devices, apps, data, and network, as well as giving full visibility into attacks.
Windows Defender Device Guard will be integrated to help with application control on any Windows 10 device. Companies can enable it on-demand on at-risk devices to prevent any untrusted code from running while automated application control list management is powered by the Microsoft Intelligent Security Graph.
Windows Defender Antivirus is getting better intelligent threat detection capabilities thanks to its cloud-based protection. Using the Microsoft Intelligent Security Graph (again), plus data science and machine learning, trillions of signals are used to render verdicts on malware in seconds.
Microsoft is also enhancing and centralizing management controls of Windows security features within Intune and System Center Configuration Manager. New Security Analytics capabilities will analyze Windows security feature utilization and configurations as well as security patch status across Windows 10 end points. And of course there will be developer APIs for automating systems from alerts, machine timelines, files, user data, and to instruct Windows Defender ATP to programmatically perform remediation actions.
Security breaches are part of doing business. If your company is using Windows 10, and there’s no reason it shouldn’t be, Microsoft’s security offering for your business is about to get even better.