Microsoft announced the establishment in the course of the year, a new offering focused on security for businesses. Called “Advanced Threat Protection”, it builds on the functionality of Windows 10 and the calculations in the cloud to warn of threats.
Windows Defender Advanced Threat Protection is a service that will be offered in the current of the year to companies that request it. Currently in the testing phase, it allows to strengthen the defenses of Windows 10 by providing information based on the mixing of a large amount data in the cloud.
the sophistication of attacks increases, guards must follow
in his post announcement, Microsoft states that the degree of sophistication of threats is constantly increasing “ criminals are well organized with alarming emergence of sustained attacks by States, cyber espionage and cyber terrorism. Even with the best defense, sophisticated attackers are using social engineering and 0-day vulnerabilities to penetrate corporate networks. Several thousand of these attacks were reported in 2015 alone . “
The editor states that according to its measures a company takes on average 200 days to detect a breach in security and it takes on average 80 days to also define the incident. Obviously, the pirates all the time during this period to realize their sinister work. Data theft, rape of privacy, damage the confidence of users and so on
According to Microsoft, 90 % responsible information are agreed on one point: the protection against threats must evolve rapidly to provide a real umbrella, with a need to act more quickly. It is positioning Windows Defender Advanced Threat Protection: help companies detect threats, investigate and respond to
Detect and analyze the attack
L. ATP offers three main axes. The first attack detection: who is behind, where, by what means, and why. We imagine that the answer to all three questions is an ideal case because it is not always possible to know the perpetrators of an attack, much less why. To achieve this, Microsoft highlights the mixing performed in the cloud of a large number of “sensors”, statistics eaten the sauce Big Data, or information from the security community.
the set includes a large graph in which the elements are related. They come from various sources, including anonymous statistics sent by more than one billion devices in Windows (all versions being able at least), 2 500 billion indexed addresses, 600 million indices and reputation that more than one million suspicious files examined daily. Note also that all is chapoté by a dedicated team and the mechanism therefore provides not only automatic results.
An analysis of the integrity of the park
the second axis is the response to the incident. Tools will be provided as well to analyze the entire network for suspicious activity, highlight the action taken by the pirates, review alerts or get accurate information on any changed files.
ATP can keep a constant history of six months of activity of the machines to better indicate what comes out of the ordinary. Administrators can also send suspicious files and links to an online service of “bang”, ie capable of testing to check its behavior. Later, ATP also propose specific tools to restore the proper functioning of the affected devices.
Fill Windows 10 and highlight
the last line is the integration into the existing infrastructure. ATP can take place in a park Windows 10 , and can be trusted to Microsoft for support on this, to motivate some more companies to spend. This is a remote service accompanying the system. So there is no element on the site to set up and maintain, service naturally marrying Office 365 Advanced Threat Protection and Advanced Threat Analytics.
The idea of a remote service filling a local product is not new. Several security products, such as AVG and Kaspersky offer this type of tool, especially everything related to the reputation of an Internet resource. However, Microsoft aims to provide a complete packaging, touting the interaction of its latest operating system and services that can complement it.
However, highlight a product has nothing reprehensible, and we prefer actually see the firm offer real bonus to such migration than force the pace via a broadcast in Windows Update. Meanwhile, ATP is not yet effective commercial offer. It was not until later in the year to view proposed, without elaborating.
No comments:
Post a Comment