Microsoft is now delivering Windows 10 as a service rather a new piece of completely redesigned software with each iteration. Thus, it keeps on adding new UI features and services with each consecutive update. This also helps Redmond push enhanced security features via its Windows Defender service to the operating system. And similar is the case with the upcoming Windows 10 Creators Update that brings along a slew of new functionalities and enhancements.
In the upcoming update, scheduled to roll out in April, Microsoft is now also converting Windows Defender into an UWP (universal windows platform) application. This means the anti-virus service will not only protect your PC but will also be available on Xbox and Mobile devices. But, today, we’re here to talk about the Windows Defender ATP (Advanced Threat Protection) service that allows the enterprise and Cloud customers to protect their data, users and their devices.
In a blog post over at the Microsoft Secure Blog, Principal Program Manager Avi Sagiv says that the said security service is protecting over 2 million devices worldwide. And the new features, which will benefit the users in three key areas, will further enhance focus on data and device security. These areas are said to be — Detection, Investigation, and Response.
In addition to surface scans, Avi says that the Redmond giant is now employing memory and kernel sensors to detect attacks in those memory locations. This is the latest addition to the defender service and makes use of machine learning algorithms to protect the user from system-level attacks, which previously were undetected by other tools. Microsoft has started using this tech to prevent zero-day attacks on its systems. This has been described in the blog post as under:
We continue to upgrade our detections of ransomware and other advanced attacks, applying our behavioral and machine-learning detection library to counter changing attacks trends. Our historical detection capability ensures new detection rules apply to up to six months of stored data to detect attacks that previously went unnoticed.
Microsoft is now also providing enterprises with a single window to start investigating an attack on their systems. This portal provides the admin access to real-time insights into actions, relationships, and alerts that span machines laterally across the network. It further helps the security teams reduce investigation time by pooling together all info required to resolve incidents on the alert page. And they are also provided with response tools right there in the same window.
This means the company’s security team will not only have the ability to track attackers across the network but also new tools to stop them as well. It will now be able to isolate machines to prevent the spread of the virus, ban specific files from the network and kill or quarantine processes or files. With regards to the same, Sagiv in the blog post adds,
While detecting advanced attacks is important – shutting them down is even more so.
The Redmond giant has invited enterprises interested in trying out aforementioned Windows Defender ATP features for the Creators Update. This trial is being offered to enable Office 365 users and enterprises get acquainted and witness the benefit these new features will bring to your toolbox.