Protect, detect, investigate, and respond to advanced threats
Enterprise organizations need investigation capabilities to drill down into security alerts and understand the scope and nature of a potential breach. The money and time spent on recovering from any large-scale breach can add up quickly.
Windows Defender Advanced Threat Protection (ATP) is a cloud-powered agent, built into Windows 10 Enterprise, that works behind the scenes to detect threats on the network and helps an IT team investigate and remediate data breaches. Windows Defender ATP uses behavior learning to detect attacks that have made it past all other defenses. That means that as the service runs on end users’ devices, it learns how to distinguish between normal and abnormal behavior for your organization. It draws on real-time and historic information to identify attacks and expose previously undetected threats, providing actionable alerts for known and unknown adversaries. A security operations console provides IT with an easy way to investigate alerts, proactively explore the network for signs of attacks, perform forensics of specific machines, track attacker actions across machines in the network, and get a detailed file footprint across the organization.
Today, enterprise organizations are subject to increasingly sophisticated virus and malware attacks. Attackers and hackers are at work each day crafting new ways to sneak in to systems and steal sensitive data. These may come in the form of “zero-day attacks,” before organizations are even aware of the issue, or other highly orchestrated, targeted, and complex crimes.
Windows Defender Antivirus (AV) is built in to Windows 10 and provides virus and malware protection for desktop and mobile devices. Windows Defender AV makes extensive use of cloud-based detection, advanced real-time heuristics, and integrated reputation-based identification of files, URLs, and emails. These technologies, along with Microsoft’s detailed and rapid signature delivery system and malware analysis, work together to provide fast detection and pre-infection response—without the traditional reliance on periodically downloaded signatures only.
The threat landscape is continually evolving for enterprise institutions. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks.
Windows Defender SmartScreen in Microsoft Edge helps to defend against downloads of malicious software, as well as phishing attacks (such as tricking users into entering passwords into a fake website) by performing reputation checks on visited sites and blocking any sites that are thought to be phishing sites. Microsoft Edge also protects against hacking attacks (running malicious code on a user’s device) through Windows Defender Application Guard, which opens untrusted sites in an isolated virtualized container separate from the host operating system, so that hackers can’t get to enterprise data even if the device is compromised.
Enterprise organizations also need to provide protection from determined attackers or malware that has successfully breached defenses.
Windows Defender Application Control (WDAC) flips the model from one where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. WDAC allows enterprises to leverage Microsoft’s cloud-powered Intelligent Security Graph (ISG) to automatically authorize well-known and reputable apps built from a catalog of billions of apps and binaries that run on Windows. This allows IT administrators to easily allow commonly used and prevalent software like Microsoft Office and Adobe Reader, while preventing unknown and known-bad software from running.
As enterprise organizations embrace customer-centricity and new technologies that allow them to better meet their customers’ expectations for services, they need new ways to make employees more mobile and productive while still staying secure.
Windows Defender Credential Guard protects credentials from “pass-the-hash” and other advanced persistent attacks, by isolating user credentials inside a hardware-based container. Even if a device is compromised, Credential Guard isolates secrets so that only privileged system software can access them.
Windows Defender Exploit Guard is a rich set of intrusion-prevention capabilities for Windows 10 that reduce the attack and exploit surface area of Windows and applications. Exploit Guard can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps. Attack surface reduction rules can reduce the attack surface of your apps with intelligent rules that block the vectors used by Office-based, script-based, and mail-based malware. Network protection extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Controlled folder access also helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware.