Microsoft launches Windows Defender Advanced Threat Protection
Microsoft launches Windows Defender Advanced Threat Protection
Terry Myerson, Executive VP, Windows and Devices group
Terry Myerson, Executive VP, Windows and Devices group

Last week Bret Arsenault, Chief information Security Officer, Microsoft gave an update on Microsoft’s security work. This week it is the turn of Terry Myerson, Executive VP, Windows and Devices Group to issue a blog around security. Titled Announcing Windows Defender Advanced Threat Protection, Myerson uses his blog as much as a sales tool for Windows 10 security as he does to persuade customers that Microsoft really is getting it right.

Security is notoriously hard to get right. As fast as a vendor responds to a security threat the cybercriminals are faster. While we are seeing the development of machine learning tools to try and spot new types of threats the vast majority of security is focused on device protection. This is where Myerson starts his positioning with a quick reprise of what Microsoft added with Windows 10.

What is Windows Defender Advanced Threat Protection?

Myerson labels it: “a new service that will help enterprises to detect, investigate, and respond to advanced attacks on their networks.” He goes on to talk about it being another post-breach layer of protection relying on both client technology and a robust cloud service. As this is aimed primarily at enterprise customers, the use of a cloud service is reasonable as users will need to have online access to connect to their workplace.

There are three parts to the product that are mentioned in the blog:

  1. Detect Advanced Attacks: This gathers the who, what, why data around the attack. Once gathered the data is used to analyse each breach and compare it to other data to detect patterns and identify the spread of an attack. According to Myerson Microsoft already has an analytics database created using data gathered from over: “1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day”
  2. Response Recommendations: This is focused on security teams in order to help them investigate an attack. It does not, at this point in time, include any remediation tools for attacks. One of the key elements is the ability to go back six months and examine previous data to see if this attack is new and to identify other machines that may have been infected before the attack was known about. What it doesn’t do is go as far as the recent SECDO announcement and do thread-level searches to detect advanced malware such as Spartan.
  3. Complements Microsoft Advanced Threat Detection Solutions: Like other security components inside Windows 10 this new offering will be an automatic update to endpoints. Microsoft is also going to integrate it with the email protection services from Office 365 Advance Threat Protection and Microsoft Advanced Threat Analytics.

Conclusion

Any improvement to security has to be welcomed even if it is wrapped up in a thinly disguised sales message for Windows 10. It is disappointing that Microsoft is still not following the lead of other vendors and announcing machine learning technology to do better pre-breach detection. It would be a surprise if that were not already in development within Microsoft Research or maybe Microsoft is waiting to buy one of the start-ups in this space.

Also missing from this are the remediation tooling as part of the response recommendations. This is not just about how to clean an infected endpoint but the necessary integration of breach notification services. With IBM acquiring Resilient Systems we would expect a rush of such acquisitions from all the major security providers.

Driving this is the increasingly popular move by regulators to demand all breaches are notified which places a significant burden on the legal and security functions inside enterprises. Microsoft has talked in the past of the need to do more in this space but has yet to really take the lead.

Despite these criticisms Microsoft is keen to shake the perception that it is poor on security. Making it easier for security teams to investigate breaches and do deeper forensic investigations into breaches to help discover the extent of the problem is good news.

LEAVE A REPLY

Please enter your comment!
Please enter your name here