Microsoft has announced the next step the company has taken to offer enhanced security for enterprise. Called Windows Defender Advanced Threat Protection, this new service will aid enterprise customers in detecting, investigating and responding to advanced attacks on network infrastructure.
From the company's rather in-depth blog post:
"Building on the existing security defenses Windows 10 offers today, Windows Defender Advanced Threat Protection provides a new post-breach layer of protection to the Windows 10 security stack. With a combination of client technology built into Windows 10 and a robust cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations."
Initial shielding comes from "the world's largest array of sensors" to enable threat protection that provides information on who, what and why an attack occurred. It's quite the operation, taking into account vast amounts of data accumulated which is then augmented by experts and "hunters" to detect said attacks.
"Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft's intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day."
Once an attack has been detected, the Windows Defender Advanced Threat Protection service will the provide detailed analysis as well as recommendations on how to most effectively respond. Files and URLs can even be submitted to isolated virtual instances for further examination.
The best part of this new service for enterprise is how it's being built into Windows 10 and thus eliminates any costs and potential issues with deployment. It's also complimentary to existing Microsoft security services, like those found in Office 365 and Microsoft Advanced Threat Analytics. More details can be found on the official blog post.