Windows Defender Advanced Threat Protection

Windows Defender Advanced Threat Protection is a new service that helps our enterprise customers to detect, investigate, and respond to advanced and targeted attacks on their networks.

PRE-BREACH

 

Device protection

Identity protection

Information protection

Threat resistance

POST-BREACH

 

Breach detection Investigation & Response

Windows Defender ATP is composed of three parts:

1.

The client-end-point behavioral sensor, built into Windows 10 (Windows 10 anniversary update, Windows Insider Preview Build number 14332 and later) and activated upon service enrollment. The client logs relevant security events and behaviors from the endpoint.

2.

Cloud security analytics service – processing data from endpoints in combination with historical data and Microsoft’s wide data repository to detect anomalous behaviors, adversary techniques and similarity to known attacks. The service runs on the Microsoft scalable big data platform, and uses a combination of Indicators of Attacks (IOAs), generic analytics and machine learning rules, as well as Indicators of Compromises (IOCs) collected from past attacks.

3.

Microsoft and community intelligence – our hunters and researchers investigate the data, finding new behavioral patterns and correlating the data with existing knowledge from the security community.

The client-end-point behavioral sensor, built into Windows 10 (Windows 10 anniversary update, Windows Insider Preview Build number 14332 and later) and activated upon service enrollment. The client logs relevant security events and behaviors from the endpoint.
Cloud security analytics service – processing data from endpoints in combination with historical data and Microsoft’s wide data repository to detect anomalous behaviors, adversary techniques and similarity to known attacks. The service runs on the Microsoft scalable big data platform, and uses a combination of Indicators of Attacks (IOAs), generic analytics and machine learning rules, as well as Indicators of Compromises (IOCs) collected from past attacks.
Microsoft and community intelligence – our hunters and researchers investigate the data, finding new behavioral patterns and correlating the data with existing knowledge from the security community.

The fuel is human expertise.

This team improves Windows and Windows Defender ATP using IOCs and rules.

Our experts bring deep expertise in:

•  OS Security  •  Exploit techniques and analysis  •  Malware analysis and reverse engineering  •   Statistical modeling and analysis

Start your trial today

Windows Defender ATP is now available. Sign up for our trial to test the service as you evaluate it for your Enterprise.