Microsoft is working to help businesses remain protected from serious threats besides vulnerabilities. A new feature of Windows Defender will land in Windows 10 soon which will be aimed at protecting users from security and privacy breaches across endpoints and data thefts besides hack attacks.
According to Microsoft, Windows Defender will be able to use machine learning to improve the operating system's security capabilities. The new feature is called "Advanced Threat Protection" (ATP) and will protect Windows 10 devices by building a profile of how a computer behaves and harness the power of the cloud, going beyond simple signature-based malware protection to submit that big data to Microsoft for analysis. It will warn IT managers if a possible security breach is detected and provide administrators with the recommended steps to fix the issue.
In theory, this should improve the ability of Windows 10 to withstand attacks against exploited or undisclosed "zero-day" vulnerabilities, and social engineering attacks that take advantage of users making mistakes, costing organizations huge amounts of money.
According to Terry Myerson, who is the head of Microsoft's Windows and Devices Group, it takes around 200 days for an organization to find that it has suffered a security breach, plus an extra 80 days to fix the situation. Windows Defender ATP is designed to reduce this time by analyzing the data collected, so any unexpected or unusual system and network behavior and potential damage caused by it can be brought to attention of IT managers.
Under the hood of this feature are the same machine learning systems, security analytics and other capabilities that are used in Microsoft's intelligent security products like Advanced Threat Analytics and Office 365 Advanced Threat Protection.
Myerson said, that in the future they are considering adding more features like the ability to let administrators automatically quarantine potentially compromised devices.
Using Windows Defender ATP does require giving Microsoft access to usage data from all of the devices enrolled. Myerson said that all of the information will be acquired in a way that's not personally or organizationally identifiable, because it's important that the machine learning system behind ATP has access to as much data as possible. ATP builds an intelligent security graph by analyzing aggregate behaviors of big data across a very large number of Windows devices, indexed web addresses, online reputation look-ups, and suspicious files. ATP will also perform historical checks of processes, files, URLs and network connection events, going as far back as 6 months.
"We want to have that machine learning system getting as many of the right signals as possible," he said.
Companies which do not want to share their data with Microsoft will be able to exclude any or all devices from the Windows Defender ATP.
It is not clear when exactly this new security feature will reach the stable release of Windows 10. Myerson said that the company hasn't decided which versions of Windows 10 will get Windows Defender ATP, or what sort of business model will underpin it however since it is based on tools integrated into Windows 10 and supplemented by a cloud backend, it won't require costly infrastructure upgrades. Right now, it's in a private preview with a set number of organizations, securing about 500,000 devices. In the future, Microsoft will make it more broadly available to members of the Windows Insider Program, so they can provide feedback.
Once this is done, Windows Defender ATP will be rolled out to the public. Credits: PCWorld.