The Microsoft mindset is a security mindset. Our goal is to ensure customer safety as the security threat landscape continues to grow increasingly more sophisticated and adversaries are more successful at impacting the bottom line. New security features in the Windows 10 Fall Creators Update allows us to be more front footed and make life harder for the bad guys. Today, I’m excited to share how we’re raising the bar by hardening our Windows platform, taking advantage of cloud intelligence and bringing everything together in one end-to-end solution.
From C-Level to Sec-Ops, our customers tell us they want an integrated, single pane of glass security solution to consume, manage and integrate security for their fleet of devices. When considering the rapid pace new cyber threats are released in the wild, we agree that the industry could do better. That’s why we have developed a highly differentiated vision that brings together advanced data science, machine learning, automation, and behavioral analysis capable of blocking the types of malware and advanced attacks all in one place.
For the first time, Windows Defender Advanced Threat Protection (ATP) will include seamless integration across the entire Windows threat protection stack to protect, detect and respond with rich, centralized management. In addition, we’re extending the reach of Windows Defender ATP to include Windows Server OS to protect customers across platforms. New features and capabilities in the suite include Windows Defender Exploit Guard, Windows Defender Application Guard and substantial updates to Windows Defender Device Guard and Windows Defender Antivirus.
When we introduced Windows 10, one of our top priorities was to make it the most secure Windows ever – and Windows Defender Advanced Threat Protection (ATP) was a crucial step in this evolution. But ATP wasn’t just built with the intention of detecting and responding to attacks. Instead it was also designed to provide preventive protection using new next generation approaches that in the past have often been too difficult to engineer or use.
Hardening the Windows Platform
We think of Windows Defender ATP as a suite of tools. It was engineered to challenge traditional AV solutions and bring our customers on a journey to next-gen security.
Building the best of EMET into Windows 10. Our customers are clearly fans of threat protections offered through the Enhanced Mitigation Experience Toolkit (EMET). Their feedback to us has been a driving force for Windows Defender Exploit Guard, a new feature making EMET native to Windows 10.
By integrating the power of EMET along with new vulnerability mitigations, Exploit Guard includes prevention capabilities that help make vulnerabilities dramatically more difficult to exploit. In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organziations from advanced threats, including zero day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective.
Isolating threats from the most vulnerable surface areas. One of the most common targets for attackers is often your browser, with more than 90% of attacks using a hyperlink to initiate stealing credentials, installing malware, or exploiting vulnerabilities. Windows Defender Application Guard (WDAG) is designed to stop attackers from establishing a foothold on the local machine or from expanding out into the rest of the corporate network. If someone accidentally downloads malicious malware from their browser, or if a zero day exploit is encountered, WDAG isolates and contains the threat, securing your devices, apps, data and network. Windows Defender ATP will provide optics on detection and response so Sec-Ops will have full visibility to any threats that have been encountered. With WDAG and Windows Defender Exploit Guard, you have an extra layer of defense against malware attacks in-between the firewall and antivirus software.
Improving application control. Application control is often referenced as the most effective means to combat malware but today’s existing solutions are often too challenging to manage. Windows Defender Device Guard will be integrated into Windows Defender ATP response capabilities to make application control easy for our customers, on any Windows 10 device, by streamlining the management of the safe application lists to ease customer adoption through automation. Sec-Ops can enable it on-demand on at-risk devices to prevent any untrusted code from running. Automated application control list management is powered by the ISG. For organizations that haven’t deployed Device Guard across the organization it’s been integrated into Windows Defender ATP’s response capabilities.
Harnessing Cloud Intelligence
In addition to building new mitigations to harden the platform, we’re adding evolved, intelligent threat detection capabilities to view, report and manage. The new threat prevention Windows Defender ATP offers is made possible through the unique intelligence that only Microsoft has in terms of the sheer volume of optics and engineering expertise. Using the cloud power of the ISG, along with its data science and machine learning, we can identify evolving threats from trillions of signals to block and tackle the malware and hacking threats that you encounter. We’re also using cloud intelligence to drive better protection for users of Windows Defender Antivirus, making it a next-gen antivirus in the truest sense. With its cloud based protection and its rich behavioral and ML models, Windows Defender Antivirus is able to render verdicts on malware in seconds, even the very first time the malware has been seen.
Managing a more robust security posture. Windows is making management of the security suite one of our greatest strengths and enabling Sec-Ops full access and optics across the complete suite through a single pane of glass. We’re enhancing and centralizing management controls of Windows security features within Intune and System Center Configuration Manager. With Windows 10, enterprises will benefit from a new level of security that doesn’t require you to install any additional agent. Windows Defender ATP gives customers visibility into hacking and malware related threats discovered and blocked on the enterprise endpoints.
With this new management experience, we’ve also added new analytic capabilities. New Security Analytics capabilities will analyze Windows security feature utilization and configurations as well as Windows 10 security patch status across Windows 10 end points. New developer APIs will create opportunities for our customers and developers to automate systems with all the rich data from alerts, machines timelines, file and user data as well as enable external systems to instruct Windows Defender ATP to programmatically perform remediation actions.
When Windows Defender ATP is used alongside threat protection solutions from Office and Azure, you get better context, richer signals, and better protection with analytics and reporting, helping you stay prepared when it comes to securing your most important assets.