We designed Windows 10 from the very beginning to be our most secure platform ever. With features like Credential Guard, Device Guard, Windows Hello, and Enterprise Data Protection, Windows 10 offers unique defenses from attacks. Windows Defender, our free anti-malware service, provides protection to almost 300 million devices – every day. And Windows continues to raise the defenses in the system every month as any security issues are investigated and proactively updated through Windows Update.

This ongoing commitment to security has led to strong demand from enterprise customers. From the Department of Defense, which is adopting Windows 10 across all branches of service, starting this year with 4 million devices – to NASCAR to Virgin Atlantic to schools all over the world – we’re excited to see customers with the most demanding requirements move to Windows 10 faster than ever before.

Today, we announce the next step in our efforts to protect our enterprise customers, with a new service, Windows Defender Advanced Threat Protection.



Cyber Attacks Are Increasing in Sophistication

We’re seeing increasingly brazen cyberattacks. Cybercriminals are well organized with an alarming emergence of state-sponsored attacks, cyber-espionage and cyber terror. Even with the best defense, sophisticated attackers are using social engineering and zero-day vulnerabilities to break-in to corporate networks. Thousands of such attacks were reported in 2015 alone. We’ve found it currently takes an enterprise more than 200 days to detect a security breach and 80 days to contain it. During this time, attackers can wreak havoc on a corporate network, stealing data, breaching privacy, and destroying the trust of customers. These attacks are incredibly expensive, costing organizations an average of $12 million per incident with broader impact to a company’s reputation.

As the attackers’ approaches have evolved and become more sophisticated, so too must our approach to provide security to our enterprise customers. And, our customers agree, as 90% of surveyed IT Directors said they need a full-fledged advanced threat protection solution that identifies attacks quicker with comprehensive intelligence, and provides actionable remediation.

Windows Defender Advanced Threat Protection will Help Detect, Investigate and Respond to Attacks

To help protect our enterprise customers, we are developing Windows Defender Advanced Threat Protection, a new service that will help enterprises to detect, investigate, and respond to advanced attacks on their networks. Building on the existing security defenses Windows 10 offers today, Windows Defender Advanced Threat Protection provides a new post-breach layer of protection to the Windows 10 security stack. With a combination of client technology built into Windows 10 and a robust cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.

Windows Defender Advanced Threat Protection:

1) Detects Advanced Attacks provides key information on who, what, and why the attack happened. Sophisticated threat intelligence enables attack detection, informed by the world’s largest array of sensors and expert advanced threat protection, including a team of experts at Microsoft and expert security partners.



Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.

This data is then augmented by expertise from world-class security experts and advanced threat protection Hunters from across the globe, who are uniquely equipped to detect attacks.

2) Response Recommendations. The service’s security operations data provides an easy way to investigate alerts, explore the entire network for signs of attacks, examine attacker actions on specific devices, and get detailed file footprints from across the organization to recommend responses.

With time travel-like capabilities, Windows Defender Advanced Threat Protection examines the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline. Simplified investigation tools replace the need to explore raw logs by exposing process, file, URL and network connection events for a specific machine or across the enterprise.



And, a cloud-based detonation service enables files and URLs to be submitted to isolated virtual machines for deep examination. In the future, Windows Advanced Threat Protection will also offer remediation tools for affected endpoints.

3) Complements Microsoft Advanced Threat Detection Solutions. Because Windows Defender Advanced Threat Protection is being built into Windows 10, it will be kept continuously up-to-date, lowering costs, with no deployment effort needed. Powered by a cloud backend, no on premise server infrastructure or ongoing maintenance is required. It complements email protection services from Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.



Already Protecting 500,000 Endpoints

Just like we developed Windows 10 with feedback from millions of Windows Insiders, we worked with our most advanced enterprise customers to address their biggest security challenges, including attack investigations and day-to-day operations, to test our solution in their environments. Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the entire Microsoft network, making it one of the largest running advanced threat protection services.

Here is a sampling of feedback we’re hearing from some of our early adopter customers:

“Cyber security is my biggest concern and securing all endpoints in my organization is my current priority. Windows Defender Advanced Threat Protection is unique in that it can see exactly what’s going on across every endpoint, which other solutions are failing to address.” Greg Petersen, Senior Director, IT Security, Avanade

“You need to have several layers of defenses, and Windows Defender Advanced Threat Protection adds to our defense strategy. The worldwide sampling that only Microsoft can offer helps find questionable behavior on our computers and alerts us in a timely manner, making our computers and network safer.” Fran De Hann, Senior Security Advisor, Pella Windows

“Deploying Windows Defender Advanced Threat Protection gave us incredible awareness about several critical security vulnerabilities in our network, which we’ve already taken immediate action to address, along with updating our security policies.” Henrik Pedersen, IT Manager, TDC Hosting, Denmark

We encourage our customers to upgrade to Windows 10 for our most advanced security protection, with the opportunity to take advantage of Windows Defender Advanced Threat Protection when it becomes available more broadly this year.

We are excited to offer this service to protect our customers.

Terry

Source: Announcing Windows Defender Advanced Threat Protection | Windows Experience Blog

Posted By: Brink
01 Mar 2016