Windows Defender Gets Muscles

Windows10Tired of cyber-creeps kicking sand in your face at the virtual beach?  Microsoft wants to pump you up!!.  Businesses using the Enterprise version of Windows 10 will have the option of using Microsoft’s new enhanced Windows Defender Advanced Threat Protection.  In addition to providing end point security through Windows Defender, Defender ATP will connect with a cloud services based SIEM (security Information and Event Management) that will provide more protection, such as:

  • Advanced Attack Detection – Using it’s threat intelligence network, Microsoft security experts will analyze suspicious events on your network and advise you of the intrusion.
  • Recommended Response – Microsoft will also tell you how to remediate the attack.
  • Supports Other MS Security Products – Defender ATP  coordinates with email protections built into Office 365, Microsoft System Center Endpoint Protection (#11 on a recent AV-Test analysis) and other services such as Microsoft Hello.

The concern many enterprise customers will have are based on having to share quite a bit of detailed information about your networks and systems with Microsoft.  But in reality, this isn’t a lot different than other cloud based security solutions from vendors such as AlienVault, or managed service providers like N-Able or Kaseya.  And then there are the many cloud based endpoint protection services from security vendors such as AVG or Comodo.  In all of these situations, your information goes to the cloud for analysis and treatment.

The current standard for defense-in-depth protections now include active and automated monitoring of event logs and network traffic analysis to detect new intrusions at an early stage.  This new offering from Microsoft certainly fills the bill.  So if you are looking at a SIEM, IDS, or IPS system, you should add this to your list of possible solutions to investigate.

More Information:

 

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.