Skip to main content

Security matters the most - Windows Defender ATP

Digital Security has become a vital part. Increasing threats, malwares, ransomwares and trojans compromise our device security and cause potential data leak. Attackers now targeting on the devices easily with the sophisticated set of hardware to extract all the private and confidential data. The leak of private sensitive data will cause financial loss and heavy distress. So, what could be the situation of organisations, which holds a lot of data. Since it is very difficult to protect even from the known threats, what could be the solution that safeguards us from new and evolving threats.

To address these security problems, Microsoft, Redmond Software giant has developed an Advanced Threat protection (ATP). ATP will be deployed in to windows to provide native threat protection. In Fall creators update, windows will be equipped with ATP.

How ATP works?

ATP is an advanced threat protection technology that enables customers to detect, investigate and respond to new threats. With the help of new machine learning techniques, ATP has the knowledge to detect new threats that are emerging every day.

ATP is powered by end point behavioural sensors, that continuously analyses and collects the abnormal activities detected on the device. The collected information is sent to isolated ATP servers. By leveraging the new machine learning techniques accompanied by cloud based analytics, big data and unique Microsoft solutions helps in recognizing the new threats. Finally threat intelligence, created by Microsoft, and data provided by the partners identifies the attacker tools and generates alerts.

Which versions of windows will be equipped by this technology?

ATP applies to Enterprise, pro, Education and Education pro versions. ATP can be used by directly visiting the Microsoft advanced threat protection portal. 

Minimum licensing requirement

To run advanced threat protection, organisations, must meet the minimum requirements, the device must have an active internet connectivity equipped with windows 10 Enterprise E5, Education E5 or Secure Productive Enterprise E5 (SPE E5) which includes Windows 10 Enterprise E5 licensing requirements. Data storage location must be set either to Europe or US. Once the location is set it cannot be changed.
The main moto of this ATP is to protect, detect and respond. Even though the ATP is deployed, there are worst cases, where the intruder will take control of the device and may cause data leak. In such situations, ATP will help to mitigate the risk. Also, the ATP portal is established with an exclusive UI that helps to identify the pattern of attacks and it maintains the history of attacks, so that end users can take necessary actions to prevent their devices from threats.

How windows Defender ATP works in conjunction with third parties

When third party threat protection solutions are configured in the end points, windows defender ATP will run in passive mode. Though ATP is in passive, it continuously receives updates. ATP relies on windows defender to scan files. Hence deploying third party solutions, will turn off the on-demand scans and few other functionalities at end points.

Microsoft is also concerning more about the windows 10 users and here is the mail from Microsoft regarding Petya Ransomware, which is infecting the PC's currently.

"What is the purpose of this alert?
This alert is to provide you with guidance concerning the ransomware issue being discussed broadly in the press starting on Tuesday, June 27, 2017, and causing a large volume of customer inquiries.  This ransomware is being described by the press and security researchers as “Petya Ransomware.”
Overview
Microsoft’s antivirus software detects and protects against this ransomware. Our initial analysis found that the ransomware uses multiple techniques to spread, including two which were addressed by a security update (MS17-010) previously provided for all platforms from Windows XP to Windows 10.
As a general precaution, customers should exercise caution when opening unknown files. We are continuing to investigate and will take appropriate action to protect customers..
Malware Detection
Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/Petya. Ensure you have a definition version equal to or later than:
1.            Threat definition version: 1.247.197.0
2.            Version created on: 12:04:25 PM : Tuesday, June 27 2017
3.            Last Update: 12:04:25 PM : Tuesday, June 27 2017
In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others.
Those with a solution from an antivirus provider other than Microsoft should check with that company.
Recommendations
Three specific steps customers can take to mitigate against new ransomware: 
1.            Ensure you have the latest security updates installed
2.            Ensure you have the latest AV Signatures from your preferred AV vendor
3.            Do not open email/attachments from unknown/untrusted sources
Note:  these are good security defense-in-depth recommendations that may prevent being infected by this ransomware, but these steps alone do not ensure against infection.
Additional Resources
1.           The Microsoft Security Tech Center: https://technet.microsoft.com/en-us/security/default
2.            The Microsoft Security Update Guide: http://aka.ms/securityupdateguide
More Information
When new information is available that we can share, we will send a new security alert.
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.
https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
If you have any questions regarding this alert, please contact your Technical Account Manager (TAM)/Service Delivery Manager (SDM).
Thank you,
Team Microsoft
This message from Microsoft is an important part of a program, service, or product that you or your company purchased or participate in.
Microsoft respects your privacy. Please refer our Privacy Statement.
Microsoft Corporation (India) Pvt. Ltd.
Level 10, Tower C, Epitome, Building No. 5, DLF Cyber City, Phase 3,
Gurgaon, Haryana 122 002 INDIA" 

Threat protection is entering in to a new era with the advanced machine learning, big-data and Microsoft technique’s. Would you like the way Microsoft handles threats to secure your end points, please let us know in the comments.
Labels:

Comments

  1. AnonymousApril 7, 2022 at 4:31 PM

    Security Matters The Most - Windows Defender Atp >>>>> Download Now

    >>>>> Download Full

    Security Matters The Most - Windows Defender Atp >>>>> Download LINK

    >>>>> Download Now

    Security Matters The Most - Windows Defender Atp >>>>> Download Full

    >>>>> Download LINK 1X

    ReplyDelete

Post a Comment

Popular posts from this blog

How to get 5GB instantly in seedr?

Seedr is a torrent caching site which provides 2GB of caching for free. For those who are not aware of what the torrent is?  Torrent is a peer to peer communication protocol (P2P) for file sharing. It was introduced in the mid of 2001 for decentralizing the file sharing in this real world. How the files are shared via torrent? Files are uploaded to servers as we do traditionally but the interesting part comes here, these files can be downloaded only via torrent client like Bit torrent, µtorrent, Vuze or you can use any other clients available in the market. Just do a google search to find all the available clients for downloading files.  Why they are restricting the download to clients? Because, the concept here is each computer acts as a server, once you start the download, the client will start uploading the data. Someone on the internet will download the same file based on the data you upload, this process is called seeding, thus decentralizing the data and r...
14 comments
Read more

Decision making statements - T24

As a programmer, it is essential for you to make your program to work better in all the cases. So, based on the real-time data, you have to decide how the program should work. So, it is important to take decision. Consider a simple case where you want to print the number provided by the user at runtime is even or odd. How to handle that in programs? Decision making statements comes in to play. So, what is the syntax and how to use that? IF condition THEN                 This block will execute when the if condition is satisfied or validated to true. END This is the syntax of the simple IF block. Ok. If the condition is not satisfied, then what will happen. I need to do something when IF condition is failed. How to handle that? ELSE block should be introduced. Here is the syntax, IF condition THEN               ...
1 comment
Read more

Hello World - Getting Started with T24

Are you looking to develop great modules and local services for T24? This is the perfect place to start with. Let’s start from the basics. The core banking platform, T24 is developed with INFOBASIC code. This is the proprietary language of Temenos. T24 has the unique compiler to convert the BASIC code to object files with TAFc (Temenos Application Framework c) platform. An another flavour TAFj (Temenos Application Framework java), converts the BASIC to bytecode making it capable to run on any device with the Java runtime installed. The BASIC code remains same for both TAFc and TAFj Platform. Enough Intro! Let’s say hello to this world, How the syntax of this basic program looks like, PROGRAM program_name all the basic statements reside inside this block END Now, it is right time say hello, PROGRAM HELLO                 CRT “Hello World” END Yah, we did that. But, how to r...
2 comments
Read more