Windows Defender APT – no, not that type of APT
RSA 2016 Microsoft will be rolling out a new form of security system for enterprises later this year aimed at stopping attacks as soon as they happen.
Dubbed Windows Defender Advanced Threat Protection, the system will monitor a company’s computer systems looking for signs that an attack is occurring.
If someone starts trying to break in, the software will alert the IT manager and give a detailed rundown on the best way to mitigate the attack and lock down data.
“Deploying Windows Defender Advanced Threat Protection gave us incredible awareness about several critical security vulnerabilities in our network, which we’ve already taken immediate action to address, along with updating our security policies,” said Henrik Pedersen, IT Manager at TDC Hosting in a canned statement.
Microsoft is already trialing the system with 500,000 enterprise users and is fine-tuning the release before launch.
It’ll only be available for Windows 10 users and will be turned off by default and activated on a subscription fee basis, although pricing hasn’t been announced as yet.
Tim Rains, director of security at Microsoft, told The Register that there was no technical reason why the software couldn’t run on Windows 7 or 8.1, but that it has been developed for Windows 10 primarily so that it could take advantage of the more advanced security features of the newer operating system.
To develop the attack plans, he explained, the new system takes information from Microsoft’s 1.2 billion sensors – primarily on computers round the world running its software – and then feeds them into a central console run by its best security bods.
We’ll have to see how well the system works in practice, since this is the kind of code that could drive IT managers nuts with false positives.
But Redmond is confident that the system works well and, if so, it could give rival security vendors some serious problems. ®
Sponsored: Four ways to achieve more efficient and effective vulnerability management