Undoubtedly, these are the scariest times in the digital realm. With ransomware like WannaCry grounding the US National Health System, news of US elections allegedly falling prey to hackers, and the never-ending news of organizations compromising the security of our precious personal data, insecurity is in the air.
Microsoft is raising its game to counter these threats and has baked more predictive capabilities into its updates of Windows Defender ATP with the Windows 10 Fall Creators Update.
Formerly codenamed “Barcelona”, the new update will give the security managers the power to the moment they happen and way before they can have any impact, meaning that the new program will move a step ahead of the usual detection, investigation, and response cycle and will let security managers take preventive measures instead.
The program will be powered by Microsoft’s “cloud intelligence” in information from Intelligent Security Graph, data science, and machine learning to identify threats, which takes the stack beyond the limited storehouse of isolated defenses to a smarter, interconnected, and coordinated defense grid.
Windows Defender ATP gets new features in Windows 10
Here is a brief look at some significant features of the Windows Defender in Windows 10 Fall Creator Update:
- Windows Defender Exploit Guard
- Single Pane of Glass View Across the Windows Security Stack
- Advanced Security Analytics View
- A New Set of Flexible APIs
1] Windows Defender Exploit Guard
One of the impressive new features is the Windows Defender Exploit Guard, which puts the security managers in complete command of things restricting how a code runs on their computers and offering tools to mitigate exploits at runtime. The Windows Defender Exploit Guard boasts powerful features for intrusion prevention like the Attack Surface Reduction (ASR) smart rules that rely on Microsoft’s Intelligent Security Graph to provide intrusion rules and policies to offer focused blocking capabilities to prevent attackers from establishing a foothold on the machines. If an accidental download of malware or a zero-day is encountered, the Application Guard feature isolates and contains the threat.
The Windows Defender Exploit Guard makes Enhanced Mitigation Experience Toolkit (EMET) native to Windows 10 and provides more robust vulnerability mitigations making it harder to exploit vulnerabilities.
2] Single Pane of Glass View Across the Windows Security Stack
According to Microsoft, it has made security management of a fleet of Windows 10 computers simpler for SecOps, with a “single pane of glass view across the Windows security stack”. In practice, this will mean:
- Easy access to Windows Defender’s SmartScreen events and alerts that can show which user in the group clicked on any malicious URL despite getting a warning message.
- At-a-glance access to detections of Windows Defender Antivirus and the connections that Windows Defender Firewall blocks.
- The power to see Device Guard events highlights the unauthorized apps that were blocked yet still can be there in the organizational environment.
- When Windows Defender Application Guard isolates and blocks attacks on the web browsers, access to alerts.
- Superior Detection, Investigation, and Response Capabilities.
According to Microsoft, it has augmented the detection dictionary in the Windows Defender ATP to add a host of new indicators of attack. These include dynamic script-based attacks, keylogging alerts, and network exploitations. The new pack will also offer enhanced security analytics and a new set of security graph APIs to help integrate Windows Defender ATP more thoroughly with any organization’s SIEM systems.
3] Advanced Security Analytics View
The new Security Analytics View will offer a peek into an organization’s state of system security by highlighting possible vulnerable areas in their endpoints. The system will provide a protection score on each of the Windows security technologies integrated into the pack helping users identify weak points in their system and take the necessary actions to resolve the issue.
4] A New Set of Flexible APIs
Microsoft has also augmented its security graph APIs to make them more flexible for customers who want to merge Windows Defender ATP data with their SIEM system.
Is Microsoft Defender and Office ATP the same?
Microsoft renamed Office 365 ATP to Microsoft Defender for Office 365 in 2020. It offers the same services, including a threat protection service portfolio. Microsoft Defender ATP and Microsoft Defender are two different products on similar lines. While the former is an enterprise product, the latter comes preinstalled in consumer products such as Windows Home, Enterprise, and Pro.
Is defender ATP an antivirus?
In addition to providing a broad range of Windows protection capabilities, Microsoft Defender ATP also includes antivirus software. It also includes vulnerability protection and attack surface reduction.