Now more than ever, we come across news about cyber-attacks in big companies, announcing how millions of people were affected by the theft of their personal information. This happens because the Cyber-attacks evolve every day and it is difficult to detect in time, as much as to generate large losses to the companies.
NEW YORK, April 23, 2019 /PRNewswire/ — Hiscox, the international specialist insurer, today released The Hiscox Cyber Readiness Report 2019™, which gauges how prepared businesses are to combat cyber-attacks. The annual report surveyed nearly 5,400 professionals from the US, UK, Germany, Belgium, France, Spain and the Netherlands who are responsible for their company’s cybersecurity and found that the cost and frequency of attacks are on the rise. Sixty-one percent of firms experienced a cyber-attack in the past year, compared to 45% in 2018. The median cost for losses associated with cyber incidents also soared from $229,000 to $369,000 – Boomberg Press Release 04/2019
Windows Defender Advanced Threat Protection, also known as Windows Defender ATP or DATP, is a powerful security service that matches the windows technology and Microsoft Azure cloud service for establishing user and devices behaviors by using Machine learning and Artificial Intelligence in Microsoft Azure, analyzing the information sent to the workstation or server registered on the Windows Defender ATP service.
For example, if you open a word document received by email and it opens a different process in the background, the workstation will send this information to the WDATP service and will analyze it in real-time.
Windows Defender ATP will consider this situation as an abnormal behavior for the user and will create an alert.
It is fundamental to say that WDATP must learn what is normal to identify what is abnormal.
How it Works?
Windows Defender ATP is an additional level of protection that allows for detecting, investigating and responding to advanced threats, provides behavior attacks detection, forensic timeline, and a unique knowledge base.
Microsoft Defender ATP architecture consists of the following components:
Endpoint Behavioral sensors: built-in in Windows 10, the sensor collects and process behavioral information from the operating system and sends the information to the cloud instance of Windows defender ATP in Microsoft Azure.
Cloud Security Analytics: using Machine learning and Artificial Intelligence in Microsoft Azure and the information of products like Office 365, the signals sent by the sensors are translated into insights, detections, and recommended responses to advanced threats.
Threat intelligence: Enables Windows Defender ATP to identify attacks, procedures, and tools used by attackers, and sends alerts when these are observed in the data collected by the sensor.
Windows defender security Center is a security software built-in in windows 10 that is the leader for endpoint devices to prevent file-based malware, malicious scripts, and memory-based threats. It is also deployed to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.
All these components together provide a series of characteristics that improve the security in our environment.
Attack surface reduction: Consists of a set of exploit mitigation techniques that are applied. These set of capabilities resists attacks and exploitations.
Next-generation protection: To increase the security perimeter of our network, Windows Defender ATP uses next-generation protection designed to detect all kinds of emerging threats.
Endpoint detection and response: WDATP continuously monitors our organization against possible attacks.
Automated investigation and remediation Quickly respond to advanced attacks and WADTP can remediate automatically some alerts for decreasing the workload of the administrators.
Secure Score: Secure score is a numeric calcification that indicates the level of exposition based on multiple factors that are evaluated continuously.
Advanced hunting: Use a powerful query-based threat-hunting tool to proactively find breach activity and create custom detection rules.
These are some minimum requirements for onboarding machines to the Service
- Windows 7 SP1 Enterprise
- Windows 7 SP1 Pro
- Windows 8.1 Enterprise
- Windows 8.1 Pro
- Windows 10, version 1607 or later
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows server
- Windows Server 2008 R2 SP1
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2016, version 1803
- Windows Server 2019
How to get Windows Defender ATP?
Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
- Windows 10 Enterprise E5
- Windows 10 Education E5
- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
- Microsoft 365 A5 (M365 A5)
In the next blog post will see how to implement WDATP and some features of the service.