With the industry witnessing record malware attacks targeting intellectual property and customer records, every organization is at risk. This new eBook from Microsoft takes a rather unusual take on handling such breaches. This post-breach response plan assumes that an attack has already taken place, and gives you steps to avoid it through investigation of the main points.
Breach Response Plan for Data Security
Antivirus solutions including Windows Defender focus on a pre-breach approach – acting as the gatekeeper, examining all the uploaded files and detecting and removing malicious ones on a real-time basis. But this is not quite useful against new-age hackers that may use techniques like Social Engineering and Ransomware to get into systems.
A new Post-Breach security solution approach is required to complement pre-breach!
This is because a post-breach response system will assume the attack in advance. It monitors security events on the endpoint and leverages large scale correlation and anomaly detection algorithms to alert on evidence of an ongoing attack. How this method helps is that when an initial breach is detected, the victim can transfer all sensitive and vulnerable files over to another safe system. It also provides security groups with the adequate toolset needed to investigate and respond to threats that might go under the radar, otherwise.
So, keeping that in mind, Microsoft Windows is its own post-breach solution named Windows Defender Advanced Threat Protection, with Windows Anniversary Update, to further strengthen the existing security features of Windows Defender, SmartScreen, and other OS hardening features. The new service has been purposely built into the new update to help tackle advanced attacks, for which Windows Defender had seemed outdated. The addition will enable enterprises to detect, investigate, and respond to targeted and sophisticated advanced attacks on their networks.
These are some of the features that Windows Defender Advanced will be offering in the upcoming Anniversary Update.
- Attack Detection: The primary focus of this advanced update will be detecting sophisticated attacks that are experiencing a surge. It uses custom behavior and anomaly analysis to detect attacks on any endpoints in the enterprise system. With popular programs like Windows Defender, Bing, IE, and Office 365 that provide visibility of more than 1-billion endpoints worldwide, Microsoft has the biggest reach and quality toolset to handle these programs better than other players in the market.
- Reception and response: This security package will help provide enterprises with the right advanced tools to investigate vulnerabilities. It proactively explores the target network for signs of attacks, performs forensics on specific machines, tracks attacker actions across machines in the network and gets detailed malware footprint from across the organization.
- Integration with previous records: The Windows Defender ATP compiles all the previous data from Windows Defender and displays all malware attacks from the past. It helps enable the enterprise to learn from previous mistakes and avoid activities that might let attackers get in through similar endpoints. Organizations can propagate this data across their systems to increase awareness.
- Intelligence: Apart from monitoring, integrating and investigation, Defender ATP also offers intelligence about threat points and sources. It points out the widely known attackers and their prominent sources from where they can target your systems.
With Microsoft putting their focus on customer feedback and testing groups, Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the Microsoft network, making it one of the largest running advanced threat protection services. In fact, it is so huge that the program provides Big Data security analytics, informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation lookups online, and over 1 million suspicious files detonated every day.
With the growing threat from more sophisticated targeted attacks, a new post-breach security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender ATP provides a comprehensive post-breach solution to aid security teams in identifying a definitive set of actionable alerts that pre-breach solutions might miss.
You can download the eBook here from Microsoft.