Microsoft has focused a lot on security for the past year (spending more than a billion dollars a year to enhance security for Windows 10, Office 365 and Azure). They have had Windows Defender for a while now, the in Windows 10 built-in solution for antivirus/antimalware. Over the past year it has scored higher and higher in independent antimalware solution tests and often being the best solution in certain categories.
Now for security concerned customers there are even more advanced protection options with Windows Defender Advanced Threat Protection (ATP).
Now for security concerned customers there are even more advanced protection options with Windows Defender Advanced Threat Protection (ATP).
What is it?
Windows Defender ATP is a unified agentless platform for preventative protection, post-breach detection, automated investigation, and response. In other words, one solution to protect, detect, and respond to advanced attacks that we are seeing today.
- Network Protection – Prevent network-based attacks from attacking your devices.
- Exploit Protection – Block exploitation of unpatched vulnerabilities including zero-day attacks.
- Reputation Analysis – Steer users and devices clear of files and websites with malicious reputations.
- Isolation – When it comes to protecting devices from web-based threats, hardware-based isolation changes the game.
- Application Control – Change your malware defense strategy, using the power of the cloud to automate application control.
- Antivirus – Dynamic, cloud powered intelligence, defends you against known and unknown malware threats.
- Behavior Monitoring – Block malicious and suspicious behaviors using advanced runtime analysis.
- Attack and Surface Reduction – Eliminate the vectors of attack adversaries depend on by reducing the total surface area of attack.
While I do not want to go in long details on each of the features I will point out the probably most important one – Isolation.
When a Windows 10 computer user catches a virus, or a malware or the credentials get compromised, Windows Defender ATP will suspend the user account and the devices network access. That means, it will tell all healthy devices around patient 0 not to communicate with it on a network level. Even if a vulnerability exists on those healthy devices that could be exploited by a zero-day attack, Windows Defender ATP will prevent it by isolating the infected device on the network. All that without requiring special network hardware or software from other vendors or most importantly – not requiring people to manually perform these actions. Response speed and isolation is the key in successful cyber security attack prevention.
Installation and Requirements
The best and most productive way on how to utilize this amazing cloud security is to go for a Modern Workplace with Microsoft 365 E5 subscription as it includes Windows 10 Enterprise E5. Using the E5 license will unlock the advanced security features for Identity, E-mail, Data and Device protection – it is that easy and gives you at the same time the possibility to use AutoPilot (see Windows Autopilot – the cure for all mishaps in the world?).
Azure AD joined devices with Azure AD users have much better protection available than most of on-premise solutions today. Mainly because of Microsoft Intelligent Security Graph that monitors the whole cloud for trends and intrusions with a 24/7 cyber security team watching over it. If user credentials get compromised it will be detected almost immediately in comparison to intrusions in on-premise infrastructures where studies show that the average detection time of a hacker in the infrastructure is more than 200 days.
Atea has developed Device as a Service (Device as a Service) to help customers on the journey towards a Modern Workplace and get started with a secure and productive enterprise level environment. Always using the latest Windows 10 and Office 365 Pro Plus versions will also enable all the latest and greatest security and management features. Adding Windows Defender ATP and Office 365 ATP managed services significantly improves the security and reduces downtime & unintended data leakages. Thus, Windows Defender ATP will also help you to stay GDPR compliant.
What can we do for you with Windows Defender ATP?
Ateas Global SecOps team plugs into the Microsoft Intelligent Security Graph APIs and monitors the situation 24/7 with manual intervention when needed. While our SecOps team will configure automatic remediation on all the alerts where it is possible and where it makes sense, they also will manually investigate and remediate potential threats. By doing so our SecOps team gathers information for possible further automation and general incident trends across our entire customer base. At the same time our customers can follow the situation in dashboards as shown above.
When an incident does happen (and trust me it will), our SecOps team will do forensic analysis of the attack. Where it came from, how it was executed, which users or devices were used/affected by it and of course stop the attack (involving help from Microsoft if necessary). All incidents will end with post-breach analysis report that details the attack and provides recommendations for configuration or device changes, procedural improvements and if necessary also suggested end-user education topics.
Microsoft provides the technology and we do the hard work for you and you can rest easy.
Advanced Security Monitoring and Response as a Service
As part of one of our most advanced security-oriented services we provide you with the following:
- 24/7 monitoring to resolve issues before they happen
- Configuration of automatic detection and remediation
- Manual intervention when needed including investigation and remediation
- Forensic analysis after an attack happened
- Post breach analysis report with clear and precise recommendations