Since the introduction of the Windows 10 Creators Update last year, Microsoft has been running the feature update through previews. Among the services that have been significantly upgraded through these releases is Windows Defender ATP. With the Creators Update dropping in a few weeks, Microsoft has detailed the changes made to Windows Defender Advanced Threat Protection (ATP) through recent preview builds.
Windows Defender ATP was launched last March and is aimed at enterprise customers on Windows 10. The service provides an early barrier against cyberattacks, detecting and dealing with incoming threats on enterprise networks.
Avi Sagiv, Principal Program Manager, Windows Defender ATP has written an extensive blog post on the new abilities. He says that security is hugely important for customers and Windows Defender ATP has become a valuable tool on nearly 2 million devices.
With the Creators Update, ATP will get its most generous update so far. Sagiv explains that Microsoft has listened to its customers and understands the responsibility of keeping organizations safe.
“We're diligently tracking advances in sophisticated attacks, and listening to feedback from our Windows Defender ATP customers. We leverage our cloud service to continuously introduce new features, and are adding major enhancements to the OS-integrated sensor technologies in the Windows Creators Update.”
Windows Defender ATP Creators Update
Microsoft has focused on improving the detection capabilities of ATP. Cyber criminals employing in-memory of kernel-level attacks will be easier to detect. The company has improved its sensors to root out more unconventional tactics for attacks. Sagiv points out that Windows Defender has already found zero-day attacks thanks to this improvement.
Ransomware has been something Microsoft has discussed extensively. Windows Defender Advanced Threat Detection is receiving improvement on detecting ransomware with the Creators Update. The platform has enhanced machine-learning capabilities to understand when potential attacks are happening.
The company is also integrating Windows Defender Antivirus detections and Device Guard more seamlessly into ATP. User identity is key to the platform tracking potential attackers across a network and providing insights into actions.
“SecOps can hunt for evidence of attacks, such as file names or hashes, IP addresses or URLs, behaviors, machines, or users,” the blog says. “They can do this immediately by searching the organization's cloud inventory, across all machines – and going back up to 6 months in time – even if machines are offline, have been reimaged, or no longer exist.”
While detection abilities are improved, the simple fact is attacks can still happen. With the Creators Update, Microsoft says Windows Defender ATP will be better equipped to deal with attacks when they occur.
Security admins can now take instant action against detected threats. For example, they can ban files, isolate machines on a network, kill and quarantine processes, or see an investigation report from an infected machine. Microsoft explains that these options can be done with one click.