Undoubtedly, these are the scariest times in the digital realm. With ransomware like WannaCry grounding the US National Health System, news of US elections was allegedly falling prey to hackers and the apparently never-ending news of organizations compromising the security of our precious personal data, the feeling of insecurity is in the air.
To counter these threats, Microsoft is raising its game and has baked more predictive capabilities into its updates of Windows Defender ATP with the Windows 10 Fall Creators Update.
Formerly codenamed “Barcelona”, the new update will give the security managers the power to the moment they happen and way before they can have any impact, meaning that the new program will move a step ahead of the usual detection, investigation and response cycle and will let security managers take preventive measures instead.
The program will be powered by Microsoft’s “cloud intelligence” in the form of information from Intelligent Security Graph, data science and machine learning in order to identify threats, something that takes the stack beyond the limited storehouse of isolated defenses to a more smart, interconnect and coordinated defense grid.
Windows Defender ATP gets new features in Windows 10
Here is a brief look at some significant features of the Windows Defender in Windows 10 Fall Creator Update:
Windows Defender Exploit Guard
One of the impressive new features is the Windows Defender Exploit Guard, puts the security managers in complete command of things restricting how a code runs on their computers, offering tools that can mitigate exploits at runtime. The Windows Defender Exploit Guard boasts powerful features for intrusion prevention like the Attack Surface Reduction (ASR) smart rules that rely on Microsoft’s Intelligent Security Graph to provide intrusion rules and policies to offer focused blocking capabilities to prevent attackers from establishing a foothold on the machines. In the case of an accidental download of malware or if a zero-day is encountered, Application Guard feature isolates and contains the threat.
The Windows Defender Exploit Guard makes Enhanced Mitigation Experience Toolkit (EMET) native to Windows 10 and also provides stronger vulnerability mitigations making it harder to exploit vulnerabilities.
Single Pane of Glass View Across the Windows Security Stack
According to Microsoft, it has made security management of a fleet of Windows 10 computers simpler for SecOps, with what it calls a “single pane of glass view across the Windows security stack”. In practice, this will mean:
- Easy access to Windows Defender’s SmartScreen events and alerts that have the capability to show which user in the group clicked on any malicious URL despite getting a warning message.
- At-a-glance access to detections of Windows Defender Antivirus and the connections that are blocked by Windows Defender Firewall.
- The power to see Device Guard events highlighting the unauthorized apps that were blocked, yet which still can be there in the organizational environment.
- Access to alerts when Windows Defender Application Guard isolates and blocks attacks on the web browsers.
- Superior Detection, Investigation and Response Capabilities.
According to Microsoft, it has augmented the detection dictionary in the Windows Defender ATP to add a host of new indicators of attack. These include dynamic script-based attacks, keylogging alerts, and network exploitations. The new pack will also offer enhanced security analytics and a new set of security graph APIs to help more thoroughly integrate Windows Defender ATP with any organization’s SIEM systems.
Advanced Security Analytics View
The new Security Analytics View will offer a peak into an organization’s state of system security by highlighting possible vulnerable areas in their endpoints. The system will provide a protection score on each of Windows security technologies integrated into the pack helping users identify weak points in their system and take the necessary actions to resolve the issue.
A New Set of Flexible APIs
Microsoft has also augmented its set of security graph APIs to make them more flexible for customers who want to merge Windows Defender ATP data with their SIEM system.