If you are a company prone to hack attacks Microsoft wants to help you. The company has unveiled a new Windows 10 feature to improve the operating system’s security capabilities.
Known as Windows Defender Advanced Threat Protection the new feature aims to help, detect, and respond to advanced attacks on an enterprise’s network. Building on the existing security defenses Windows 10 offers today, Microsoft says Windows Defender Advanced Threat Protection will provide a new post-breach layer of protection to the Windows 10 security stack.
The feature comes at time when cybercrime attacks are on the rise. Even with the best online security measures, sophisticated attackers are using social engineering and zero-day vulnerabilities to break-in to corporate networks. Last year alone, thousands of such attacks were reported and Microsoft says it found out that it took companies more than 200 days to detect a security breach and 80 days to contain it.
‘’As the attackers’ approaches have evolved and become more sophisticated, so too must our approach to provide security to our enterprise customers’’, Terry Myerson , Executive Vice President, Windows and Devices Group said in a blog post.
With a combination of client technology built into Windows 10 and a robust cloud service, Windows Defender Advanced Threat Protection will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.
Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.
The service’s security operations data provides an easy way to investigate alerts, explore the entire network for signs of attacks, examine attacker actions on specific devices, and get detailed file footprints from across the organization to recommend responses.
Microsoft adds that with time travel-like capabilities, Windows Defender Advanced Threat Protection examines the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline. Simplified investigation tools replace the need to explore raw logs by exposing process, file, URL and network connection events for a specific machine or across the enterprise.
It is not precisely clear yet when Microsoft will make the feature public but Microsoft is encouraging its customers to upgrade to Windows 10 for our most advanced security protection, with the opportunity to take advantage of Windows Defender Advanced Threat Protection when it becomes available more broadly this year.