At the beginning of the year, Microsoft revealed that over 200 million devices were running Windows 10, including 22 million in the enterprise and education sectors. The new operating system won a big vote of confidence last month from the US Department of Defense, which has committed to upgrading 4 million of its machines to Windows 10 within the next year, and as more large organizations put their trust in the OS, Microsoft is keen to ensure that it remains its "most secure platform ever".
As Microsoft explained today, organizations are continuing to face significant threats from cyberattacks:
Even with the best defense, sophisticated attackers are using social engineering and zero-day vulnerabilities to break-in to corporate networks. Thousands of such attacks were reported in 2015 alone. We’ve found it currently takes an enterprise more than 200 days to detect a security breach and 80 days to contain it. During this time, attackers can wreak havoc on a corporate network, stealing data, breaching privacy, and destroying the trust of customers. These attacks are incredibly expensive, costing organizations an average of $12 million per incident with broader impact to a company’s reputation.
With this in mind, Microsoft has announced Windows Defender Advanced Threat Protection (ATP), a new service which it says "will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations."
Building on security features integrated into Windows 10, ATP harnesses the power of the cloud, going beyond simple scans for known malware, by attempting to identify unusual behavior and activities across corporate systems and networks that may be indicative of an attack. Microsoft says that its intelligent security graph "provides big-data security analytics that look across aggregate behaviors to identify anomalies - informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day."
When threats or attacks are identified, ATP allows organizations to easily interrogate the findings to quickly determine which systems or data may have been compromised, and to formulate an appropriate response.
The service will also let enterprises perform historical checks of their networks and endpoints going back up to six months. "Simplified investigation tools replace the need to explore raw logs," Microsoft explains, "by exposing process, file, URL and network connection events for a specific machine or across the enterprise. And a cloud-based detonation service enables files and URLs to be submitted to isolated virtual machines for deep examination."
Since ATP is built on tools already integrated into Windows 10, supplemented by a cloud backend, organizations already running the OS won"t have to face costly infrastructure upgrades in order to take advantage of the new service. For those enterprises that haven"t yet upgraded, Microsoft is hoping that ATP will give them one more reason to do so, with the promise of more intelligent and continuously-updated cloud-powered security features that could potentially save them huge amounts of money in the long term.
Currently, Windows Defender Advanced Threat Protection is live in a limited deployment, protecting 500,000 endpoints "with early adopter customers that span across geographies and industries, and the entire Microsoft network". Microsoft says that it will be "available more broadly this year".