Organizations running Windows 10 in the enterprise are getting a nice tool to help them identify and resolve threats and security vulnerabilities. Windows Defender Advanced Threat Detection combines client based threat scanning and cloud-powered analytics with advanced detection and remediation capabilities.
As the installed base for Windows 10 devices continues to expand, more people are relying on the security features of Microsoft’s flagship operating system to keep them free from malware, viruses and attacks from both internal and external sources.
Building on the established core of Windows Defender, which is now installed on and scanning more than 300 million devices for malware, Windows Defender Advanced Threat Protection increases the ability to identify problems on affected systems. And it’s not just malware and infected system files that being picked up. Windows Defender Advanced Threat Protection is using behavior analytics to identify patterns that indicate potential attacks, so it’s not just limited to files sitting on the hard drive. PowerShell scripts and commands entered directly from the shell can be identified as suspicious behavior at runtime and reported upon.
Further advancements in threat detection and remediation are enabled through the use of the cloud. There are the “typical” uses that you might expect from a cloud backend. Log analysis, machine learning and responding quickly to threats seen across a large and geographically disperse ecosystem are all there. But more than that, the power of the cloud enables Microsoft to use a “detonation service” to test suspicious executables. The suspect files can be isolated on virtual machines to identify what happens when they are executed, then you can create and deliver remediation for those malicious files.
Windows Defender Advanced Threat Detection is already installed on more than 500,000 systems, and it’s making its way through the release cycle for early adopters, as well as internally at Microsoft. It is expected to be fully released this year to all Windows 10 devices as part of the normal Windows 10 update release cycle.
