Windows Defender is Microsoft's malware detection software that is available for consumer PCs and ships with the company's Windows 10 operating system. Now Microsoft has added new capabilities to the software and turned into a service that can help enterprises detect unusual system activities in order to alert them about attacks on their networks. Here's what you need to know.
Image: Screenshot of Windows Defender Advanced Threat Protection/Microsoft
Windows Defender Advanced Threat Protection for larger organisations doesn't exactly seek out malware, but it does look at suspicious system activities in a corporate environment. Attackers are now using social engineering attacks that trick employees into running malicious programs which can bypass traditional anti-malware software. While Advanced Threat Protection might not necessarily prevent attacks, its value lies in the fact that it can alert organisations about security breaches quickly.
According to Microsoft, it typically takes an enterprise more than 200 days to detect a security breach and 80 days to contain it. That gives attackers plenty of time to steal data and wreak havoc on a corporate network.
Windows Defender Advanced Threat Protection is being positioned as a post-breach solution and is powered by a combination of Windows behavioural sensors, cloud based security analytics and threat intelligence. It also uses Microsoft's machine learning capabilities to look at past attacks to better detect abnormal system behaviour.
The service is able to recommend responses on how to handle a security breach to organisations as well.
You can find out more on Windows Defender Advanced Threat Protection over at the Microsoft's Windows Blog.
[Via Microsoft's Windows Blog]