(Microsoft Intelligent Security Solutions, Part 2)
Data Breach and Endpoint Protection
This blog on Microsoft Defender ATP is Part 2 of my 3-part series covering Microsoft Intelligent Security Solutions. Part 1 covers the Microsoft Secure Score service, explaining the world’s current cybersecurity environment and how Microsoft Secure Score helps organizations to identify their Office 365 security weaknesses and then implement fixes.
Here, Part 2 in the series covers the Microsoft Defender Advanced Threat Protection (ATP) platform and how it offers Windows users best-in-class cybersecurity breach detection, post-breach investigation, and synchronized defense across your entire IT ecosystem.
What is Microsoft Defender Advanced Threat Protection (ATP)?
Simply put, Microsoft Defender ATP is an optional add-on to Windows Defender Antivirus, which is the free antivirus software included with every Windows 10 install. Windows Defender Antivirus program is Microsoft’s own comprehensive, real-time software protection against malware, viruses, and spyware, defending your endpoints across email, apps, and the web. Organizations can opt for additional layer of security in Microsoft Defender ATP to increase visibility and provide additional features to secure your environment.
Major features of Microsoft Defender ATP include:
- Threat & Vulnerability Management
- Attack Surface Reduction
- Intelligent Security Graph
- Endpoint Detection & Response
- Auto Investigation & Remediation
- Microsoft Threat Experts
When enabled, Microsoft Defender ATP provides an additional layer of protection based on a cloud-hosted SaaS solution that leverages Windows Defender Antivirus telemetry and features for an agentless security fabric solution that enhances endpoint security by harnessing behavioral analytics backed by the Microsoft Intelligent Security Graph. Microsoft Defender ATP telemetry is then fed into your Secure Score Portal for single pane visibility into your environmental security posture, including the edge nodes! Part 1 of my blog series covers Microsoft Secure Score. So now you see now Microsoft offers a complete end-to-end cybersecurity solution to secure the enterprise with single glass-pane access and reporting that encompasses all workloads and devices.
Why Enable Microsoft Defender ATP?
Leveraging Windows Defender Antivirus, the Microsoft Defender ATP platform gives you an agentless security solution baked into the operating system, regularly updated with Windows Update, to help secure your IT ecosystem at the edge, wherever that happens to be. Driving the ability to safely allow anywhere, anytime access to cloud services.
Monitor Every Endpoint in Your IT Ecosystem
With Microsoft Defender ATP tied into that OS-level monitoring and telemetry, it becomes nearly impossible for cybercriminals to disable or compromise any part of the system without triggering an alert. (Additional layers of security can be had by enabling purpose-built attack surface reduction rules available only in Windows 10 Enterprise.)
Monitor for ALL Known Exploits
Microsoft Defender ATP is backed by the Microsoft Intelligent Security Graph, a central repository of cybersecurity exploits and security signals , which is curated by experts and researchers and backed by AI behavioral analytics. Over 800 million endpoints report near real-time telemetry to this repository. The repository is further enhanced with content from Microsoft Security researchers’ deep analysis of advanced threat actors’ patterns of infiltration and persistence methods.
Automate Inoculation Upon Attack
If any Microsoft Defender ATP endpoint gets attacked at the edge, that information is immediately reported to the Security Graph repository, and automated remediation is attempted. This new attack data is then pushed out to the Microsoft Security Graph and then shared down to each of the endpoints enrolled with Windows Defender ATP.
This response effectively inoculates the rest of the endpoints from that same attack. This creates a huge cost-mountain for cybercriminals to climb, because all known exploits are already monitored for, and even if a new type of exploit is used to break in successfully, that exploit immediately becomes a “one-and-done” for all the other 800 million endpoints reporting to the Security Graph.
Beat the Cybersecurity Clock
This is the benefit of automated security where you pit computer against computer and go from an extremely manual process to an automated one, taking you from alert to remediation in a matter of minutes. With the ability of ransomware to propagate as soon as domain dominance has occurred, time is not on your side if you are manually intervening. Microsoft Defender ATP solves this critical time problem with synchronized environmental defense.
Microsoft Defender ATP Covers Everything
All parts of your current on-premises and cloud-based infrastructure are covered.
- Network Protection – Prevent network-based attacks on devices.
- Exploit Protection – Block exploits including zero days.
- Reputation Analysis – Steer users and devices away from files and websites that have known malicious reputations.
- Isolation – Help isolate hardware and firmware from web-based persistent threats.
- Application Control – Update your defense against malware with cloud-based AI backed automated application control.
- Antivirus – Use cloud-based, AI-backed intelligent AV for your endpoints.
- Behavior Monitoring – Detect and block suspicious out-of-the-normal behavior with automated baseline behavior models.
- ASR (attack surface reduction) – Enable built-in attack surface reduction rules to eliminate the basic vectors of attack and reduce the overall attack surface of your Windows endpoints.
Take Advantage of the Joint Cybersecurity Effort
Microsoft is part of a broad Cybersecurity Tech Accord coalition of companies that all report security telemetry to the Security Graph, and that partnership is growing larger every day. This Intelligent Security Association has a mission to help secure the world of tomorrow, improving all security products, and providing a common platform and repository for security researchers and experts to contribute to. Add in the real-world data that 800 million endpoints provide, and the odds are now stacked against cybercriminals and Advanced Threat Actors.
Implement Effective Post-Breach Response
As we talked about in Part 1 of this series, the new cybersecurity model is “assume breach” and preparing for breach means being able to effectively produce a post-breach response report that outlines how, what, where, and for how long your data or environment had been at risk.
Automating the details of that report are critical to ensuring a timely response by your organization when breach does occur, and Microsoft Defender ATP is the only solution with the global insight and intelligent security that provides deep insight into breaches in near real time.
In fact, the reporting side of Microsoft Defender ATP is as important a topic as its detection capabilities. With all the new global government regulations like GDPR, CCPA, and HIPPA, having this reporting available to meet these strict regulations , in some breach situations, within 72 hours you need to know everything about that breach and what was the scope.
Can Your Current Cybersecurity Solution Do All That?
Mostly likely not. Access to seasoned Microsoft Threat Experts and SecOps teams is the type of next-level services that only Microsoft offers. Global experience gained from monitoring and protecting 800 million endpoints gives Microsoft the edge in this cybersecurity contest.
From the smallest hack on a mom-and-pop shop to attacks on critical government and public infrastructure, Microsoft (and its partner Perficient) have the talent and expertise to help get you secure, and get you back to normal operation post-breach. That’s way more comforting than asking your in-house IT department to find the new persistent, file-less threat attacking your network at 3am.
Now that we’ve finished going over Microsoft Defender ATP, return in a few days and I’ll share Part 3 of this series that dives deeper into the Microsoft Intelligent Security Graph.