Microsoft announced an additional level of protection for Windows Defender. They describe it as Advanced Threat Protection. They start by saying this:
We designed Windows 10 from the very beginning to be our most secure platform ever. With features like Credential Guard, Device Guard, Windows Hello, and Enterprise Data Protection, Windows 10 offers unique defenses from attacks. Windows Defender, our free anti-malware service, provides protection to almost 300 million devices – every day.
The consumer won’t see this in their versions of Windows 10. It’s intended as an enterprise level product. Microsoft talks about cyber attacks this way:
We’ve found it currently takes an enterprise more than 200 days to detect a security breach and 80 days to contain it. During this time, attackers can wreak havoc on a corporate network, stealing data, breaching privacy, and destroying the trust of customers. These attacks are incredibly expensive, costing organizations an average of $12 million per incident with broader impact to a company’s reputation.
The additional protection does three things:
- It detects advanced attacks — “who, what, and why the attack happened”. That’s said to be because “Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph.” And the information is analyzed by security experts.
- It recommends responses — “Simplified investigation tools replace the need to explore raw logs by exposing process, file, URL and network connection events for a specific machine or across the enterprise.” Those include things such as historical analysis of both individual machines and the entire enterprise network. Past security methods isolated files in a virtual box for testing, still on the same machine or network. Some methods separated the test machine from the network. Advanced Threat Protection goes a step further by placing the test file(s) in the cloud for what Microsoft terms “detonation”.
- It’s included in Windows 10 — there is no deployment cost to have IT departments add it. It’s built into Windows 10 Defender. And it gets updated along with definitions and Windows itself. And one of the issues with protection software on the local computer can be hackers finding ways to hack that, too. Microsoft has a way to prevent that. “Powered by a cloud backend, no on premise server infrastructure or ongoing maintenance is required. It complements email protection services from Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.”
Windows Defender Advanced Threat Protection is intended for the enterprise, but it’s being tested, right now, by Windows Insiders. My two Win10 computers are showing no signs of any slowdown from the additional code. As we mentioned at the beginning, this is intended for the enterprise, not the individual consumer. But the consumer does benefit. Think what happens when it’s more difficult for criminals and enemies to access your personal information. Windows 10 test cycles tend to be quick. So, this should be generally available to enterprises shortly.