Microsoft is ramping up Windows 10 security features, using cloud intelligence to better detect and respond to attacks. Here's how it could help your enterprise.
Windows 10 will get a number of new security features in its Fall Creators Update, including end-to-end protection that uses cloud intelligence to more seamlessly detect and respond to attacks.
The new features were announced in a blog post from Rob Lefferts, partner director of the Windows & Devices Group, Security & Enterprise, published Tuesday. "Our goal is to ensure customer safety as the security threat landscape continues to grow increasingly more sophisticated and adversaries are more successful at impacting the bottom line," Lefferts wrote in the post. "New security features in the Windows 10 Fall Creators Update allows us to be more front footed and make life harder for the bad guys."
The Fall Creators Update will be released to the general public in October, though many of the updates are already available to those testing the platform as part of the Windows Insider Program.
SEE: Introduction to Windows 10 Bundle (TechRepublic Academy)
Windows Defender Advanced Threat Protection (ATP) will now feature integration across the entire Windows threat protection stack, making it easier to prevent and manage cyber issues in a centralized location, Lefferts wrote.
Microsoft is also extending the reach of Windows Defender ATP to include Windows Server OS, to better protect customers across platforms. The suite will include new capabilities including Windows Defender Exploit Guard, Windows Defender Application Guard and substantial updates to Windows Defender Device Guard and Windows Defender Antivirus.
Windows Defender Exploit Guard will make Microsoft's Enhanced Mitigation Experience Toolkit (EMET) native to Windows 10, making vulnerabilities significantly more difficult to exploit, Lefferts wrote.
"In addition, Exploit Guard delivers a new class of capabilities for intrusion prevention," he wrote in the post. "Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organizations from advanced threats, including zero day exploits," which would otherwise require significant development efforts to make effective, he wrote.
More than 90% of attacks use a hyperlink to steal a user's credentials, install malware, or exploit vulnerabilities—making the browser one of the most common targets for attackers, Lefferts wrote. Windows Defender Application Guard (WDAG) can help stop hackers from gaining a foothold on an individual machine, or from expanding into a corporate network. "If someone accidentally downloads malicious malware from their browser, or if a zero day exploit is encountered, WDAG isolates and contains the threat, securing your devices, apps, data and network," Lefferts wrote.
Windows Defender Device Guard will also be integrated into Windows Defender ATP response abilities for easier application control on any Windows 10 device, Lefferts wrote.
The new Windows Defender ATP leverages cloud intelligence, data science, and machine learning to "identify evolving threats from trillions of signals to block and tackle the malware and hacking threats that you encounter," Lefferts wrote. An updated Windows Defender Antivirus will also use these tech tools to identify malware in seconds, he added.
Sec-Ops teams will also have full access and optics across the Windows security suite, making it easier to manage, Lefferts wrote.
The security enhancements come after it was revealed that 98% of victims of the WannaCry attack were running Windows 7. And recent independent reviews of Windows Defender rated it as competent, but not as good as some third-party security software, as TechRepublic's Nick Heath noted. Microsoft also added more features to protect user privacy in Windows 10, after receiving threats of enforcement action by regulators.
The 3 big takeaways for TechRepublic readers
1. Windows 10's Fall Creators Update will feature a number of new security updates, including end-to-end protection that uses cloud intelligence to better detect and respond to attacks.
2. Windows Defender Advanced Threat Protection (ATP) will integrate across the entire Windows threat protection stack, making it easier to prevent and manage cyber issues in a centralized location.
3. The security updates may help Microsoft better compete in the security space.
- Windows 10 does disable rival antivirus, admits Microsoft, but only temporarily (TechRepublic)
- Microsoft rolls out new test build of Windows 10 Fall Creators Update (ZDNet)
- Why patching Windows XP forever won't stop the next WannaCrypt (TechRepublic)
- More changes coming to Microsoft's Windows as a Service strategy (ZDNet)
- Windows 10 violates your privacy by default, here's how you can protect yourself (TechRepublic)