Microsoft Defender for Endpoint (previously Windows Defender Advanced Threat Protection (ATP) is an endpoint security platform (post breach solution) designed to detect and respond to security threats in enterprise-class organisations.
Microsoft Defender for Endpoint
The platform is cloud based which means it doesn’t require deployment. It has built in sensors within the operation system of each device; these sensors are continuously collecting data and reporting back to your personal cloud. The Defender then analyses the code and determines potential threats. If a breach does occur, the platform enables the user to quickly and easily remove the threats before it can cause any damage.
There seven main features the platform has to offer, some of which include:
Threat & Vulnerability Management – WDATP has real-time insights into changes in patches, installations/uninstallations. It can discover known security vulnerabilities or missing patches and allows the user to remediate it with recommendations.
Attack Surface Reduction – It’s possible to minimise areas where cyber threats could attack our defences by putting certain controls in place; these will act as a first line of defence. An example of this is marking applications as trusted to run, rather than allowing them to be run by default.
Next Generation protection – Windows Defender Antivirus is a next generation protection component that combines big data analysis, machine learning, in-depth threat research and the Microsoft cloud infrastructure to protect devices. It uses behaviour monitoring characteristics and real-time threat protection to detect and block malicious threats almost instantly.
Endpoint Detection and Response (EDR) – This element is used for catching out advanced threats that may have made it past the first two security walls. WDATP almost detects attacks in real-time and provides IT and security analysts with actionable alerts.
Auto investigation & remediation – The AI built into the ATP defender uses inspection algorithms that an analyst would use to investigate and remediate threats; they are automatic capabilities that help reduce the volume of alerts in minutes.
Microsoft threat experts – The managed threat hunting service comes with two components. Targeted attack notifications provide special insights and analysis that help to identify and respond to the most critical threats quickly and accurately. It also comes with Microsoft threat experts on demand who can provide you with a technical consultation.
Centralised configuration and administration, APIs – Integrate Microsoft Defender ATP with your existing security infrastructures.