Microsoft is releasing a new system that promises to detect security attacks on enterprise networks as they happen. But it needs something in return.
Microsoft has put a lot of time and effort into making Windows 10 in the enterprise as secure as it can possibly be. It's a cornerstone of the company's overall strategy: Get the whole world using Windows 10 and keep it updated and secure.
With that in mind, on March 1, 2016, Microsoft announced the development of a new service for enterprise customers called Windows Defender Advanced Threat Protection. The service is designed to help enterprises detect, investigate, and respond to advanced attacks on their networks. But for it to work effectively, enterprises are going to have to share network information with Microsoft.
If you have been paying attention at all to security threats at the enterprise level these past few years, you know that cybersecurity, in its most general sense, is fleeting at best. No enterprise with a computer network is impermeable to attack. An attack on a network can and likely will happen to almost every enterprise at some point. Network attacks are a fact of life for all of us, unfortunately.
The aspect that has changed in the past few years is that many of the highest profile attacks were conducted with specific agendas—often criminal in nature. Attackers are more sophisticated and are looking for particular bits of information or data. They're no longer satisfied with breaking in; now they are breaking in with a purpose. This makes the attacks all the more dangerous.
The new Windows Defender Advanced Threat Protection system will try accomplish three specific things to help minimize security threats in enterprises running Windows 10:
- Detect: Windows Defender Advanced Threat Protection will tap into all the information Microsoft has gathered from around the world on what is happening in every Windows 10 computer network to track and detect security threats.
- Respond: Once a threat is detected, Microsoft will be able to investigate and then formulate a response and put it in place on all Windows 10 networks.
- Complement: The Windows Defender Advanced Threat Protection system is built into Windows 10 and takes place in the cloud so no additional servers or hardware will be required. The service will complement and support other security systems from Microsoft, including Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.
While added security for Windows 10 in the enterprise sounds like a great idea, there is one thing to keep in mind. The Windows Defender Advanced Threat Protection system will require enterprises to willingly provide data about their computer networks to Microsoft for analysis.
The data provided will involve only information about how an enterprise's network functions—no proprietary information will be revealed or shared. However, many consider that sharing any information, especially when the extent of that information can't be specifically defined, is too much to ask.
There is no doubt that Windows Defender Advanced Threat Protection will pose a dilemma for some enterprises. However, it is important to keep in mind that whether it is Microsoft or some other third party, to get the most advanced security protection, an enterprise has to share information. In the current climate, taking on more risk from a network attack by not sharing network data seems like the least favorable decision.
If you have gone all in with Windows 10 in your enterprise, going all in with the Windows Defender Advanced Threat Protection system may be the only sensible choice.
- Windows 10 violates your privacy by default, here's how you can protect yourself
- Microsoft takes security to a new level with Device Guard
- Five Windows 10 privacy settings that have been falsely vilified
- Windows and UEFI anti-theft mechanism makes systems less secure
What takes priority at your enterprise: security or privacy? How do you balance them? Do you consider them to be the same thing?