Microsoft is recognizing the increasingly sophisticated cyber attacks on enterprises, which is why it is taking a new approach to protect its customers. Today it announced its new post-breach enterprise security service called Windows Defender Advanced Threat Protection, which will respond to these advanced attacks on companies’ networks.
Attackers these days are using social engineering and zero-day vulnerabilities to break into corporate networks. According to Microsoft, thousands of attacks were reported in 2015 alone. The company found that it currently takes an enterprise more than 200 days to detect a security breach, and 80 days to contain it. When there is such a breach, the attackers can steal company data, find private information, and damage the brand and customer trust in the company.
(Related: Apple is developing new iPhone security features)
Microsoft said that as the attackers become more sophisticated, the approaches to security and breaches must change. After surveying its own customers, the company found that 90% of IT directors want an advanced threat protection solution that identifies an attack quick, before the breach actually occurs.
Windows Defender Advanced Threat Protection is under development, though it is currently available to some early-adopter customers. This service will help enterprises to detect, investigate and respond to advanced attacks on their networks. Microsoft said that it is building on the existing security defenses Windows 10 offers today, and the new service will provide a post-breach layer of protection to the Windows 10 security stack.
With the client technology built into Windows 10 along with the cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.
Windows Defender Advanced Threat Protection also detects advanced attacks, and provides insights into where and how the attack happened. It does so using sensors and advanced threat protection, along with Microsoft and security experts. The service also taps into Microsoft’s intelligent security graph, which provides Big Data security analytics that look across aggregate behaviors to identify anomalies.
Additionally, the service’s security operations data provides a way to investigate alerts and to look at the entire network for signs of an attack. It will examine the state of machines and the enterprises’ activities over the past six months to provide information on an attack timeline.
Microsoft is encouraging its customers to upgrade to Windows 10 to have the most up-to-date security protection, and so customers can take advantage of Windows Defender Advanced Threat Protection when it becomes broadly available this year.