Microsoft is beefing up its defenses for the new world of cyber attacks. We recently discussed one of the new components coming to Windows Defender in Windows 10. In the latest Redstone Insider Preview; Microsoft has introduced Windows Defender Offline Scanning. Part of the bigger picture, though, is to provide a more intelligent approach to protecting enterprise clients. The traditional approach to client security has failed over the years, attacks are more sophisticated by going undetected because of the ability evolve significantly faster.
Introducing Windows Defender Advanced Threat Protection
We have witnessed the devastation recent attacks can cause. For example, Sony Corporation was devastated in a 2014 attack that exposed company information, valuable data, and communications. Microsoft realizes there needs to be an intelligent proactive approach to enterprise security, versus being reactive. Windows Defender Advanced Threat Protection, is a new cloud based enterprise security solution; the objective is to help businesses stay ahead of attacks through detection and response.
Windows Defender Advanced Threat Protection, uses a web based portal with advanced mechanisms built in to fight a new breed of attacks. It uses sensors, analytics, and threat intelligence. The service also taps into the company’s intelligent security graph which provides deep analysis of millions of devices and websites to get a broad picture of the health of the web and potential hotspots where attacks can originate.
Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.
This data is then augmented by expertise from world-class security experts and advanced threat protection Hunters from across the globe, who are uniquely equipped to detect attacks. source
Microsoft already has hundreds of thousands of systems using the service, which is still in preview. Although Windows Defender on the client side has not always been described as best security utility. However, the company has been committed to security over the years, introducing new advances such as User Account Control, Secure Boot, Address Space Randomization Layout, and Heap stack Protection. Windows Defender Advanced Threat Protection is another important step in providing a rock solid security stack for the Windows desktop.