Addressing the growing security attacks in the enterprise sector, Microsoft on Tuesday announced Windows Defender Advanced Threat Protection, a new service that aims to help, detect, and respond to advanced attacks on an enterprise's network. The service, which is designed for Windows 10, will update automatically, and reduce the deployment efforts that are typically the biggest pain points in these processes.
Windows Defender Advanced Threat Protection leverages Microsoft's intelligent security graph to provide a post-breach layer of protection to the existing security stack that Windows 10 ships with. The service detects threats that have managed to circumvent other defences, and helps enterprises with finding the breach end points and offer response recommendations.
Microsoft says that the service is already live with early adopter customers, who have provided feedback and helped protect 500,000 endpoints. The service will be rolled out to rest enterprises with Windows 10 systems later this year.
In a blog post, Terry Myerson, Executive Vice President, Windows and Devices Group noted that attackers are becoming more sophisticated and the state of security at companies is just not sufficient. Myerson noted in many cases an enterprise takes more than 200 days to realise that it has been hacked. These attacks are costing an organisation an average of $12 million (roughly Rs. 81 crore) per incident.
Windows Defender Advanced Threat Protection is able to provide "key information on who, what, and why the attack happened." The customers will be able to look into Microsoft's machine learning-based security graph that offers them an insight by looking into aggregate behaviours to identify anomalies. The graph consists of information taken anonymously from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.
Many times, however, you only realise about a security attack when you have already been its victim. Which is where Response Recommendations feature in the Windows Defender Advanced Threat Protection comes into play. It offers a user with an easy way to investigate alerts, explore the entire network for signs of attacks, look into particular devices and examine actions on specific devices, and get detailed footprints from across the organisation to recommend responses.