Windows Defender ATP Windows 10 Fall Creators Update now open for public preview

News

News

Extraordinary Robot
Robot
Joined
Jun 27, 2006
Location
Chicago, IL
This focused security investment combines the best of Windows Defender ATP and the Windows security stack. We integrated Windows 10’s new prevention technologies, enhanced our built-in sensors to better detect script-based attacks, added new response capabilities and opened up powerful analytics.

So now, let’s see what we are lighting up in more detail:

  • Windows security features working in unison – Get visibility into security alerts coming from the combined stack of Endpoint Detection and Response (EDR), Windows Defender Antivirus (AV), Windows Defender Firewall, Windows Defender SmartScreen, Windows Defender Device Guard and Windows Defender Exploit Guard. See events reported across the stack in each machine’s timeline. Here are some of the new things Security Operations (SecOps) would be able to achieve:
    • See alerts and events from Windows Defender SmartScreen that show if an employee within the company clicked on a specific URL despite receiving warning message
    • See Windows Defender Device Guard events surfacing attempts to run unauthorized applications that have been restricted from running in the organization
    • See applications blocked or audited by the Windows Defender Exploit Guard protection rules
    • See Windows Defender Antivirus detections and Windows Defender Firewall blocks
    • View security events and alerts information for sessions taking place within the Windows Defender Application Guard isolated containers (Figure 1)

In addition, we are providing a centralized and simplified management experience in System Center Configuration Manager (SCCM) starting with version 1710 and Microsoft Intune to manage the various Windows Security stack products.

9217ff610a80dc51f321bab473018405-1024x447.png

Application Guard detection event

  • Better detections, enhanced alerts and more power to the SoC – we continue to evolve our detection capabilities to gain more visibility into dynamic script-based attacks, network explorations, and keylogging alerts. We enhanced our alert capabilities, showing more data to help security teams better understand the story behind the alert (Figure 2), introducing automatic detection correlation and grouping of related alerts. In addition, we added the ability to manage high value assets by using tags and grouping capabilities. Based on customer feedback, we are also enhancing our response capabilities, adding more granular machine isolation, ability to restrict the machine to run only trusted binaries and initiating Windows Defender AV update and scan.
47701091e3fe8162a6266c3eccefea6f-1024x621.png

Enhanced Alert view

  • Security Analytics – a new dashboard view (Figure 3) designed to assess the organization’s security posture compared to the Windows recommended baseline and shows breakdown of possible issues and actionable recommendations for improvement. This dashboard sheds light on configuration issues and provide view to machines where security features are misconfigured or out of date. Security managers can now see their org’s security posture across a wide set of Windows security stack products, as applied in reality and reported by the endpoints. The dashboard also provides view into top non-compliant machines sorted by number of issues and provide recommendation on actions to take.
d3a3039b3885af84cd06848d51ad5e44-1024x595.png

Security Analytics dashboard

  • Customized reporting – organizations can now quickly create a Power BI report (Figure 4) that allows them to interactively analyze machines, alerts and investigation status. This report provides view on alerts, for example: severity and time to resolve, and machines, for example: sensor health state and OS platform, domain.
d0352610f461b6c1447c3b14719341c2-1024x392.png

PowerBI report

  • Access your data via APIs- Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
  • More Windows sockets – we are expanding our endpoint coverage and adding support for Windows Server 2012R2 and 2016 endpoints (Figure 5). In addition, we are adding enhanced VDI support for organizations wanting to secure their desktop virtualization environment.
2edb2e45ba25282296aade064b9a8c5a-1024x502.png

Windows Server Machine view


We encourage you to experience all this new goodness first hand, by joining our 90-day free trial today.

Raviv Tamir, Principal Group Program Manager, Windows Defender ATP

Continue reading...
 
You must log in or register to reply here.

Similar threads

Mike
  • Article
Windows 11 Windows 11 Update Preview: March 28, 2023—KB5023778 (OS Build 22621.1485) - New Features and Improvements!
Replies
0
Views
4K
Mike
Mike
Mike
  • Article
Windows 11 vs Windows 10: A Detailed Comparison for Beginner to Advanced Users
Replies
0
Views
4K
Mike
Mike
News
Announcing Windows 11 Insider Preview Build 22621.1020 and 22623.1020
Replies
0
Views
2K
News
News
Mike
  • Article
Windows 11 Windows 11 Insider Preview Build 25295: New Group Policy and User-Friendly Improvements for Enhanced User Experience
Replies
0
Views
3K
Mike
Mike
News
Announcing Windows 11 Insider Preview Build 25281
Replies
0
Views
2K
News
News
Back
Top Bottom