We’re excited to introduce Microsoft Threat Experts, an additional layer of expertise and optics that Microsoft customers can utilize to augment security operations capabilities as part of Microsoft 365. This new managed threat hunting service in Windows Defender Advanced Threat Protection provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately.
Microsoft Threat Experts enables SOCs to jump-start threat investigations by providing context-rich intelligence. This release of the service includes 2 capabilities:
- Targeted attack notifications: Alerts that are tailored to organizations provide as much information as can be quickly delivered to bring attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
- Experts on demand: When a threat exceeds the SOC’s capability to investigate, or when more actionable information is needed, security experts provide technical consultation on relevant detections and adversaries. In cases where a full incident response becomes necessary, seamless transition to Microsoft incident response (IR) services is available.
Microsoft Threat Experts
With Microsoft Threat Experts, SOCs can further improve defenses by tapping into our world-class security analysts. These experts deeply understand the security landscape and attacker techniques, have intimate knowledge of operating systems, and know how to get the most out of Windows Defender ATP’s features and capabilities. Our experience in battling attackers across more than a billion devices worldwide, together with the artificial intelligence (AI) necessary to harness such unprecedented optics and scale, makes our expert team unique and unmatched in the industry.
The next sections describe the two components of this new service in more detail.
Targeted attack notifications
Microsoft Threat Experts provides proactive hunting for the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage. The managed threat hunting service includes:
- Threat monitoring and analysis, reducing attacker dwell time and risk to business
- Hunter-trained AI to discover and prioritize both known and unknown attacks
- Identifying the most important risks, helping SOCs maximize time and energy
- Scope of compromise and as much context as can be quickly delivered to enable fast SOC response
Custom Threat Experts alert in Windows Defender Security Center
Experts on demand
Customers can partner with Microsoft security experts, who can be engaged directly from within Windows Defender Security Center, for timely and accurate response. Experts provide insights needed to better understand complex threats, from the latest zero-day exploit to the root cause of a suspicious network connection. Through Microsoft Threat Experts, customers can:
- Get additional clarification on alerts including root cause or scope of the incident
- Gain clarity into suspicious machine behavior and recommended next steps if faced with an advanced attacker
- Determine risk and protection regarding threat actors, campaigns, or emerging attacker techniques
- Seamlessly transition to Microsoft Incident Response (IR) services when necessary
Ask a Threat Expert button in Windows Defender Security Center
Partnership for improved security
In today’s climate of cybersecurity challenges, organizations must fend off relentless attacks even as they go through their journey of building and maturing their security capabilities. Through Microsoft Threat Experts, customers can partner with Microsoft throughout this journey to augment security operations capabilities to prevent, detect, and respond to threats. Customers and Microsoft can build upon each other’s expertise, intelligence, and insight through this partnership, forming stronger defense against adversaries.
To illustrate the depth of intelligence and the value of the service to customers’ security defenses and overall security posture, we published two case studies for Microsoft Threat Experts on (1) human adversary-based activities related to a zero-day vulnerability and (2) complex “living off the land” threats.
Windows Defender ATP customers can now apply for preview through the Windows Defender Security Center. We will contact customers via email to confirm their participation.
Here are useful references:
- View the targeted attack notification
- Configure email alert notification
- Ask a Microsoft threat expert about suspicious cybersecurity activities in your organization
- Sample questions to ask Microsoft Threat Experts
Not yet reaping the benefits of Windows Defender ATP’s industry-leading optics and detection capabilities? Sign up for free trial today.
Update (April 30, 2019): Microsoft Threat Experts reaches general availability
On April 30, 2019, we announced the general availability of Microsoft Threat Experts targeted attack notification capability.
Talk to us
Questions, concerns, or insights on this story? Join discussions at the Windows Defender ATP community.
Follow us on Twitter @MsftSecIntel.