Automated Response with Windows Defender ATP

Slides:

Advertisements

Similar presentations

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

Advertisements

Multitenant Model Request/Response General Model.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,

Azure Cloud Shell Magic of Modern Command-line Management

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

Optimizing Microsoft OneDrive for the enterprise

What a Real, Functioning DevOps Team Looks Like

Protect sensitive information with Office 365 DLP

SQL Server on Linux on All-Flash Arrays

Microsoft Planner: How to manage your team’s work in Office 365

Understanding Windows Analytics Update Compliance

Excel and Power BI Better Together Democratization of data

Workflow Orchestration with Adobe I/O

How we got a traditional bank collaborating across boundaries

The utility belt for managing security and compliance in Office 365

Find, try and get line-of-business apps on Microsoft AppSource

Best Practices for Securing Hybrid Clouds

9/12/2018 7:18 AM THR1081 Don’t be the first victim of new malware Turn Windows Defender AV Cloud Protection on! Amitai Senior Program.

Automate all things! Microsoft Azure continuous deployment

Agile Planning with Visual Studio Team Services (VSTS)

9/22/2018 3:49 AM BRK2247 Learn from MVPs: Panel discussion on all things SharePoint and OneDrive © Microsoft Corporation. All rights reserved. MICROSOFT.

Confidence at speed: Visual Studio 2017 and your CI pipeline

Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy

Continuous Delivery with Visual Studio Team Services

Azure Advisor: Optimization in the best way

Mobile Center and VSTS: Better together for your Mobile DevOps

12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.

Accelerate Office 365 Adoption Through Microsoft FastTrack Services

Microsoft products for non-profits

Automating security for better, continuous compliance in the cloud

Introduction to ASP.NET Core 1.0

Five cool things you can do with Windows PowerShell on Office 365

Microsoft To-Do Preview

Yammer for IT Tom Kretzmer Solutions Developer, Westinghouse THR1016

Microsoft Exchange: Through the eyes of MVPs (Panel discussion)

MDM Migration Analysis Tool (MMAT)

What’s new in the Fall Creators Update for Windows Defender ATP

Overview: Dynamics 365 for Project Service Automation

Understand your Azure cloud assets dependencies with BMC Discovery

Surviving identity management in a hybrid world

Breaking Down the Value of A Yammer Post: 20 Things to Do

Cool Microsoft Edge Tips and Tricks

When Bad Things Happen to Good Applications

Getting the most out of Azure resources with Azure Advisor

“Hey Mom, I’ll Fix Your Computer”

4/21/2019 7:09 AM THR2098 Unlock New Opportunities with Nintex Hawkeye Process Intelligence and Workflow Analytics Sr. Product.

4/28/2019 3:30 AM THR1061 Learn how Dynamics 365, Office 365 and related applications work together to transform the workplace Donna Edwards Solution Architect.

Виктор Хаджийски Катедра “Металургия на желязото и металолеене”

Consolidate, manage, backup, and secure your cloud content

Designing Bots that Fit Your Organization

Ask the Experts: Windows 10 deployment and servicing

Passwordless Service Accounts

Шитманов Дархан Қаражанұлы Тарих пәнінің

Digital Transformation: Putting the Jigsaw Together

WCF and .NET Framework Microservices in Containers

Diagnostics and troubleshooting in Azure App Service Support Center

Optimizing your content for search and discovery

Presentation transcript:

Automated Response with Windows Defender ATP 9/12/2018 6:09 AM BRK3062 Automated Response with Windows Defender ATP Heike Ritter Sr. Product Manager @HeikeRitter Nathan Burke VP Marketing, Hexadite @nathanwburke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Outline What is Windows Defender ATP? Detecting Attacks 9/12/2018 6:09 AM Outline What is Windows Defender ATP? What is EDR/EPP? Detecting Attacks A Blessing and a Curse The Cybersecurity Capacity Problem Increase in Attack Volume Increase in Alerts Shortage of Skilled Security Staff What is Security Automation? How Companies Address the Challenges Case Study: Nuance Communications What’s Coming to WDATP? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What is Windows Defender ATP ? 9/12/2018 What is Windows Defender ATP ? Unified endpoint security solution with Windows 10 threat & endpoint protection and response under one roof Security Analytics Enhanced detection – Application Guard, Exploit Guard, script introspection Windows Security Graph APIs Windows Server support Enhanced detection - memory, injection, kernel, visibility to Windows Defender AV detections Response actions Custom Threat Intelligence Detection and exploration integration with Office 365 ATP Behavior-based, cloud-powered EDR solution Built into Windows 10, agentless and no deployment Rich timeline for investigation & interactive hunting Unparalleled threat optics and deep OS security and big data expertise Anniversary Update Creators Update Fall Creators Update © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/12/2018 6:09 AM What Do Customers Get? Security teams now have a single console to centrally manage the end-to-end security lifecycle for their devices. As a key component of the Microsoft 365 security stack, Windows Defender ATP brings together detection and investigations across devices, identities, and information. Customers now have more visibility into threats than ever before. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/12/2018 6:09 AM 970,000,000 Windows Defender ATP processes 970 million malicious security events per day per day from across the Microsoft enterprise and consumer eco-system. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cybersecurity has a capacity problem. 9/12/2018 6:09 AM Cybersecurity has a capacity problem. By Nevit Dilmen (Own work) via Wikimedia Commons © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/12/2018 6:09 AM Prioritization is just a conscious decision about what you’re willing to ignore. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/12/2018 6:09 AM By Nathan Burke (own work) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What is Security Automation? 9/12/2018 6:09 AM What is Security Automation? Mimicking the ideal steps a human would take to investigate a cyber threat. Determining whether the threat requires action. Performing necessary remediation actions. Deciding what additional investigations should be next. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

“Security automation is preventing people from doing a machine’s job.” Golan Ben-Oni Global CIO IDT Corp.

Automated Response Demo 9/12/2018 6:09 AM Automated Response Demo New Functionality Coming to Windows Defender ATP © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/12/2018 6:09 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 9/12/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/12/2018 6:09 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.