In the fast-paced world of cybersecurity, Adversaries are constantly growing advanced techniques in response to the tactics that we and other organizations use to thwart their attacks. Protecting corporate information is becoming more complex with services moving to the cloud, employees becoming more mobile, and new technologies are being introduced more frequently.
It’s important to have a threat protection solution that can adapt to change as the modern workplace evolves. Microsoft Defender ATP has transformed how our security analysts can respond to security threats-providing more information and better tools that help us protect users and devices, including those that are outside the control of our corporate network.
What is Microsoft Defender Advanced Threat Protection?
It is part of the Microsoft 365 security stack which consists of three key ATP technology namely Azure Advanced Threat Protection, Office 365 Advanced Threat Protection and Microsoft Defender Advanced Threat Protection.
How Does it work?
Endpoint behavioural sensors: Embedded in Windows 10, these sensors collect and process behavioural signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioural signals are translated into insights, detections, and recommended responses to advanced threats.
Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.
Why Microsoft Defender Advanced Threat Protection?
Microsoft Defender ATP is ISO 27001 certified.
The security platform for intelligent protection, detection, investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents, and improves security posture. Security and data privacy are one of the top drivers for any organisation. Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential ROI enterprises may realize by deploying Microsoft Defender ATP. The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of the solution at their organizations. Forrester’s prior research indicates that employee endpoints continue to be one of the most targeted enterprise assets by attackers. Organizations must look to incorporate modern endpoint protection platform (EPP) and endpoint detection and response (EDR) solutions such as Microsoft Defender ATP to protect against growingly complex threats that defeat traditional endpoint security solutions.
Windows Defender Integrations
Microsoft Threat Protection – ATP is designed to work with other components in Microsoft’s Threat Protection solution to achieve end to end security. Some of the other layers of protection include Azure Advanced Threat Protection, the Azure Security Centre, Azure Informational Protection, Conditional Access, Microsoft Cloud App Security, and Office 365 Advanced Threat Protection, Microsoft Intune and Skype for Business.
What are the new enhancements to Windows Defender ATP?
Threat & Vulnerability Management
This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
Attack surface reduction
The attack surface reduction set of capabilities provide the first line of defence in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats.
Endpoint detection and response
Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. You can also do advanced hunting to create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization.
Automated investigation and remediation
In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
Microsoft Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
Microsoft Threat Experts
Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centres (SOCs) to identify and respond to threats quickly and accurately.
How to deploy Microsoft Defender Advanced Threat Protection?
You'll need to use a management tool to deploy this setting to machines in your network(s). You can also use Group Policy, Intune, MDM, or System Centre Configuration Manager to configure and deploy the setting.
What's new in Microsoft Defender ATP
- Threat & Vulnerability Management
A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
- Machine health and compliance report The machine health and compliance report provides high-level information about the devices in your organization.
Who is entitled to the service?
Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
- Windows 10 Enterprise E5
- Windows 10 Education E5
- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
- Microsoft 365 E5 Security Add-on
Supported operating systems
- Windows 7 SP1 Enterprise, Windows 7 SP1 Pro, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 10, version 1607 or later, Windows 10 Enterprise, Windows 10 Education, Windows 10 Pro, Windows 10 Pro Education
- Windows server: Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2016, Windows Server 2016, version 180, Windows Server 2019
Some great M365 resources:
If you’d like to discuss Microsoft Defender ATP or how you can use Microsoft 365 to differentiate your services, please don’t hesitate to contact me at Alaa.Rahal@rhipe.com
Thanks for reading my blog! This article is brought to you by rhipe's Cloud Enablement Specialist Alaa Rahal.