Windows Defender ATP for enterprise is one of the most powerful solutions of its kind available. And it just got a bit more powerful with this latest update that brings along a few new features.
This refresh is aimed at reducing the attack surface, while also giving security teams faster response capabilities.
Redmond detailed these changes in a blog post, revealing that it had beefed things up with a feature that can be termed as attack surface reduction, which is basically two new rules that allow organizations to prevent Outlook and Adobe Reader from creating child processes.
This is a potent new way to wipe out attacks that use malicious macros in Office documents to download malware.
While also preventing the use of exploits for vulnerabilities in these two, popular applications.
With these new additions, the total number of attack surface reduction rules climbs to 14, and they now target common malware techniques, helping defenders mitigate ransomware, untrusted executables in email, malware that attempts to steal credentials, plus unsinged processes running from USB drives.
Speaking of malware techniques, Microsoft makes it a point to highlight the new dedicated detections that it added for malicious cryptocurrency miners — which are becoming a growing menace to enterprise.
The software titan has also rolled out a new feature called Incidents, designed to provide responders with the big picture when they are under attack.
They aim to bring some order to the noisy Defender ATP alerts, and they do this by automatically grouping alerts that are likely to have been triggered by the same attack attempt. They also group affected machines and display the connection between malware and infections.
The Seattle based company claims that it can save up to 80% of analyst time by cutting out this manual work that goes into correlating malicious events.
Plenty more to go in this big update, including threat analytics, custom detection rules and integration with Microsoft Information Protection and Microsoft Cloud App Security.
Give the post a read at the link above.
