Windows Defender ATP Windows 10 Fall Creators Update now open for public preview

Windows

Windows
This focused security investment combines the best of Windows Defender ATP and the Windows security stack. We integrated Windows 10’s new prevention technologies, enhanced our built-in sensors to better detect script-based attacks, added new response capabilities and opened up powerful analytics.

So now, let’s see what we are lighting up in more detail:

  • Windows security features working in unison – Get visibility into security alerts coming from the combined stack of Endpoint Detection and Response (EDR), Windows Defender Antivirus (AV), Windows Defender Firewall, Windows Defender SmartScreen, Windows Defender Device Guard and Windows Defender Exploit Guard. See events reported across the stack in each machine’s timeline. Here are some of the new things Security Operations (SecOps) would be able to achieve:
    • See alerts and events from Windows Defender SmartScreen that show if an employee within the company clicked on a specific URL despite receiving warning message
    • See Windows Defender Device Guard events surfacing attempts to run unauthorized applications that have been restricted from running in the organization
    • See applications blocked or audited by the
      Please, Log in or Register to view URLs content!
      protection rules
    • See Windows Defender Antivirus detections and Windows Defender Firewall blocks
    • View security events and alerts information for sessions taking place within the Windows Defender Application Guard isolated containers (Figure 1)

In addition, we are providing a centralized and simplified management experience in System Center Configuration Manager (SCCM) starting with version 1710 and Microsoft Intune to manage the various Windows Security stack products.

9217ff610a80dc51f321bab473018405-1024x447.png

Application Guard detection event

  • Better detections, enhanced alerts and more power to the SoC – we continue to evolve our detection capabilities to gain more visibility into dynamic script-based attacks, network explorations, and keylogging alerts. We enhanced our alert capabilities, showing more data to help security teams better understand the story behind the alert (Figure 2), introducing automatic detection correlation and grouping of related alerts. In addition, we added the ability to manage high value assets by
    Please, Log in or Register to view URLs content!
    . Based on customer feedback, we are also enhancing our response capabilities, adding
    Please, Log in or Register to view URLs content!
    , ability to
    Please, Log in or Register to view URLs content!
    to run only trusted binaries and initiating
    Please, Log in or Register to view URLs content!
    .
47701091e3fe8162a6266c3eccefea6f-1024x621.png

Enhanced Alert view

  • Security Analytics – a new dashboard view (Figure 3) designed to assess the organization’s security posture compared to the Windows recommended baseline and shows breakdown of possible issues and actionable recommendations for improvement. This dashboard sheds light on configuration issues and provide view to machines where security features are misconfigured or out of date. Security managers can now
    Please, Log in or Register to view URLs content!
    , as applied in reality and reported by the endpoints. The dashboard also provides view into top non-compliant machines sorted by number of issues and provide recommendation on actions to take.
d3a3039b3885af84cd06848d51ad5e44-1024x595.png

Security Analytics dashboard

  • Customized reporting – organizations can now quickly
    Please, Log in or Register to view URLs content!
    (Figure 4) that allows them to interactively analyze machines, alerts and investigation status. This report provides view on alerts, for example: severity and time to resolve, and machines, for example: sensor health state and OS platform, domain.
d0352610f461b6c1447c3b14719341c2-1024x392.png

PowerBI report

  • Access your data via APIs- Windows Defender ATP exposes much of the available data and actions using a
    Please, Log in or Register to view URLs content!
    that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
  • More Windows sockets – we are expanding our endpoint coverage and
    Please, Log in or Register to view URLs content!
    endpoints (Figure 5). In addition, we are adding enhanced
    Please, Log in or Register to view URLs content!
    for organizations wanting to secure their desktop virtualization environment.
2edb2e45ba25282296aade064b9a8c5a-1024x502.png

Windows Server Machine view


We encourage you to experience all this new goodness first hand, by joining our 90-day
Please, Log in or Register to view URLs content!
today.

Raviv Tamir, Principal Group Program Manager, Windows Defender ATP

Please, Log in or Register to view URLs content!
 

Users who are viewing this thread

Top