Microsoft Defender Advanced Threat Protection (ATP)
With the increase in cases of data breach in India, business have realized that securing the perimeter is not enough. The new culture of Work from home and bring your own device must be considered. The perimeter moves away from the office to the data. The Work from Home operations demand that security to be re-looked from all aspects of IT infrastructure.
The importance of Endpoint security thus increases enormously. As data now moves beyond the brick-and-mortar walls, firewalls, USB blocking and IP restrictions, it is essential to change the strategy for protecting data and the information flow.
With many endpoint solutions available in the market that are simple Anti-Virus solution like Kaspersky, McAfee, Symantec for Small and Medium Businesses to enterprise solutions like Carbon Black, CrowdStrike, Sophos, the customer is challenged to align their needs and budget. They also need a solution that would cover the important aspects.
Microsoft has realized the business need and has taken the lead with its flagship Endpoint Detection and Response (EDR) tool “Microsoft Defender Advanced Threat Protection” (MDATP)
Microsoft Defender for Endpoint is exactly what the customer needs. It is a holistic, cloud delivered endpoint security solution. So, no dependency of on-premise server or updates based on presence of the device in office.
For those looking at jargon – It includes risk-based vulnerability management and assessment, attack surface reduction, behavioural based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, and managed hunting services. This is explained further in the article and it would help you understand why it is important to you and your organisation.
These capabilities are underscored with rich APIs that for larger businesses can be integrated with various other tools and platform. But for Small and Medium businesses Microsoft Defender for Endpoint is easily deployed, configured, and managed with a unified security management experience by the in-house IT team.
Why Endpoint Detection and Response – EDR is important for the organization?
The malware is keep evolving day by day, but the approach AV software takes to protect the systems is slow. Antivirus solutions are primary good at detecting malicious files on the system. Over the years, since more sophisticated attacks have planned, the malware go with “fileless” technique where in most of the case, the traditional antivirus doesn’t detect it. This problem is resolved by MDATP‘s active threat intelligence.
A pro-active measure is always better than being re-active. This is what Microsoft has adapted when it come to Threat Intelligence by taking the approach of monitoring systems. Instead of waiting for the threat to affect the system, MDATP proactively anticipate the attacks by utilizing the forensic data that it has acquired over the years of threat study – threat actors and their methods. This makes MDATP powerful over other SIEM tool as MDATP ensure the latest signature updates are considered, in order to anticipate new attacks. MDATP simulate an attack on suspicious files in the cloud and if analysis identifies a program or file as malicious, the cloud signatures will be updated and made available immediately for all Microsoft Defender ATP clients – pushing them to all endpoints. This is great feature to proactively protect the system from future attacks as the attack patters are studied in advanced and killed before it harms the system.
In addition, Microsoft Defender ATP monitor process, user and system behaviour continuously across the organization using cloud–based ML technology. Windows Security Research Team already has the intelligence of over one billion consumer endpoint versions of their antivirus engine and deploy it instantly to Microsoft Defender ATP users which makes MDATP a globally postured, enterprise tested, cloud-based software as a service (SaaS) tool.
Competition and Comparison
Gartner, a global research, and advisory firm has reviewed twenty products for End Point Protection (EPP) in 2019. They created a data quadrant as the result, Microsoft Defender Advanced Threat Protection got the highest position as the Leaders among the competitors.
According to Gartner, “An endpoint protection platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware, malicious scripts and memory-based threats. It is also deployed to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts”.
Over the last years we continuously evolved our endpoint security platform, Microsoft Defender Advanced Threat Protection (ATP), by further enhancing existing features and by adding new and innovative capabilities.
Multi-layered protection: Microsoft Defender ATP provides multi-layered protection (built into the endpoint and cloud-powered) from file-based malware, malicious scripts, memory-based attacks, and other advanced threats.
Threat Analytics: Contextual threat reports provide SecOps with near real-time visibility on how threats impact their organizations.
A new approach to Threat and Vulnerability Management: Real-time discovery, prioritization based-on business context and dynamic threat landscape, and built-in remediation process speed up mitigation of vulnerabilities and misconfiguration.
Built-in, cloud-powered protections: Real-time threat detection and protection with built-in advanced capabilities protect against broad-scale and targeted attacks like phishing and malware campaigns
Behavioural detections: Endpoint detection and response (EDR) sensor built into Windows 10 for deeper insights of kernel and memory, and leveraging broad reputation data for files, IPs, URLs, etc., derived from the rich portfolio of Microsoft security services.
“Deployment” is as easy as it gets by being built directly into the operating system. There is no agent to deploy, no delays or compatibility issues, and no additional performance overhead or conflicts with other products. No deployment and no on-premises infrastructure directly lead to lower TCO.
Contain the threat: Dramatically reduces the risk by strengthening your defences when potential threats are detected. Microsoft Defender ATP can automatically apply Conditional access to restrict the endpoint from accessing corporate data until the threat was remediated.
Automated security: From alerts to remediation in minutes – at scale. Microsoft Defender ATP leverages AI to automatically investigate alerts, determine if a threat is active, what course of action to take, and then remediate complex threats in minutes.
Secure Score: Watch your security score rise in the Microsoft Defender Security Center as you implement automated and recommended actions to protect both users and data. Microsoft Defender ATP not only tells you that you have a problem, but Microsoft Defender ATP also recommends how to solve it (and track the execution) with Secure Score. Vulnerability and configuration information provide weighted recommendations and actions to improve endpoint hardening and compare the current posture with the industry and global peers for benchmarking.
Microsoft Threat Experts: Microsoft has your back — with Microsoft’s managed detection and response (MDR) service (called Microsoft Threat Experts), Microsoft supports customers’ incident response and alert analysis. Our automated threat hunting service helps ensure that potential threats don’t go unnoticed. Source: Microsoft
Defender for Endpoint offers a layered API model exposing data and capabilities in a structured, clear, and easy to use model, exposed through a standard Azure AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form.
The Defender for Endpoint APIs can be grouped into three:
- Microsoft Defender for Endpoint APIs
- Raw data streaming API
- SIEM integration
Preview features of Microsoft Defender ATP
The preview release will have the following features:
- Microsoft Defender for Endpoint for iOS
Microsoft Defender ATP now adds support for iOS. Learn how to install, configure, and use Microsoft Defender ATP for iOS.
- Microsoft Defender for Endpoint for Android
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android.
- Web Content Filtering
Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
- Device health and compliance report
The device health and compliance report provide high-level information about the devices in your organization.
- Information protection
Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender for Endpoint is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
Note: Partially available from Windows 10, version 1809.
- Onboard Windows Server 2019
Microsoft Defender for Endpoint now adds support for Windows Server 2019. You’ll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices.
Microsoft Defender ATP Licensing
Even though MDATP has been released two years before, it was always bundled with existing Microsoft SKU and making it pricey. The SKUs are
- Windows 10 Enterprise E5
- Windows 10 Education A5
- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
- Microsoft 365 E5 Security
- Microsoft 365 A5 (M365 A5)
To make is cost effective, Microsoft has released the standalone SKU of MDATP in March for CSPs and Enterprise licensing. MDATP standalone is Rs. 350 per month, per user on up to five devices or per server. This makes it impossible to beat for the quality of the features, the integrated ecosystem and the added value afforded by the dashboard.
Compared to the industry standard, Microsoft Defender ATP combines antivirus (AV) and EDR to not only make it competitive also provide huge cost saving for companies with complex, diverse and connected workforce.
Microsoft Defender ATP provides security for Windows and non-Windows platforms including Mac, Linux and Android. As per Microsoft’s minimum system requirements, Microsoft Defender ATP will run natively on the following platforms:
Supported Windows versions
Windows 7 SP1 Enterprise
Windows 7 SP1 Pro
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 10, version 1607 or later
Windows 10 Enterprise
Windows 10 Enterprise LTSC
Windows 10 Education
Windows 10 Pro
Windows 10 Pro Education
Windows Server 2008 R2 SP1
Windows Server 2012 R2
Windows Server 2016
Windows Server, version 1803 or later
Windows Server 2019.
Other supported operating systems
MacOS (Mac OS X)
Linux (currently, Microsoft Defender ATP is only available in the Public Preview Edition for Linux)
Red Hat Enterprise Linux (RHEL) 7+
CentOS Linux 7+
Ubuntu 16.04 LTS +
SUSE Linux Enterprise Server (SLES) 12+
Oracle Enterprise Linux 7
Microsoft Defender Advanced Threat Protection with Microsoft 365 provides complete security for the organization. MDATP, an enterprise level EDR makes it more powerful with Microsoft Advanced Threat Protection feature.
- It becomes a mini SOC for your organization without any additional investment on your IT infrastructure.
- It eliminates risks and reduce the attack surface to protect the endpoint devices.
- It is a powerful monitoring toll with easy integration technique, cost effective as compare to other enterprise SIEM solutions.
- It can easily be integrated with NIST Cyber security framework with Identify, Protect, Detect, Respond and Recover features to help you fulfil the compliance requirement.
>>> Reach out to us today <<< and see how easy it is to take control of your security and keep your data secure. Call us for FREE TRIAL of Microsoft Defender Advanced Threat Protection.