Windows Defender Advanced Threat Protection (ATP)
Windows Defender Advanced Threat Protection
Windows Defender Advanced Threat Protection is a new service that helps our enterprise customers to detect, investigate, and respond to advanced and targeted attacks on their networks.
Windows 10 is the most secure enterprise platform today, but cyberattacks are getting more sophisticated as they are using social engineering, zero-day vulnerabilities, or even misconfiguration to break into corporate networks. Thousands of such attacks were reported in 2015 alone.
Building on the existing pre-breach security defenses built into Windows 10, we have released a new service, Windows Defender Advanced Threat Protection (ATP), which provides a post-breach layer of protection.
News & Resources
Download: ATP Infographic
Download: Ransomware protection whitepaper
PRE-BREACH
Device protection
Identity protection
Information protection
Threat resistance
POST-BREACH
Breach detection Investigation & Response
Windows Defender ATP is composed of three parts:
1.
The client-end-point behavioral sensor, built into Windows 10 (Windows 10 anniversary update, Windows Insider Preview Build number 14332 and later) and activated upon service enrollment. The client logs relevant security events and behaviors from the endpoint.
2.
Cloud security analytics service – processing data from endpoints in combination with historical data and Microsoft’s wide data repository to detect anomalous behaviors, adversary techniques and similarity to known attacks. The service runs on the Microsoft scalable big data platform, and uses a combination of Indicators of Attacks (IOAs), generic analytics and machine learning rules, as well as Indicators of Compromises (IOCs) collected from past attacks.
3.
Microsoft and community intelligence – our hunters and researchers investigate the data, finding new behavioral patterns and correlating the data with existing knowledge from the security community.
The threat intelligence feedback loop
Microsoft has a strong security team defending its own network: world-class experts, hunters, reverse engineers, and threat analysts. We have a network of other security firms, and unique optics that combine to create an exclusive holistic view of enterprises with a global view of the Internet. Microsoft is constantly monitoring Microsoft’s global threats for emerging and known threats.
The fuel is human expertise.
This team improves Windows and Windows Defender ATP using IOCs and rules.
Our experts bring deep expertise in:
•  OS Security  •  Exploit techniques and analysis • Malware analysis and reverse engineering •  Statistical modeling and analysis
Start your trial today
Windows Defender ATP is now available. Sign up for our trial to test the service as you evaluate it for your Enterprise.
Built into Windows, cloud powered
No additional deployment & Infrastructure. Continuously up to date; lower costs.
Behavioral-based, post-breach detection
Actionable, correlated alerts for known and unknown adversaries. Real-time and historical data.
Rich timeline for investigation
Easily understand scope of breach. Data pivoting across endpoints. Deep files and URLs analysis.
Unique threat intelligence knowledge base
Unparalleled threat optics provides detailed actor profiles. First- and third-party threat intelligence data.
