Windows Defender Next Generation Anti-malware

Slides:



Advertisements
Similar presentations
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Advertisements

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.
SCCM 2012 Features and Benefits
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
Microsoft Forefront Client Security
Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Devices and Deployment Management & Security Identity Cloud.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
MobileFirst Protect 1. MobileFirst Protect (MaaS360) 2 Mobile Device Management Enable and Manage Apple iOS smartphones, and tablets with Apple DEP Gain.
WCL209. GA3/23GA3/23 Manage & Secure PCs Anywhere All you need is an internet connection The Best Windows Experience Standardize your OS on the latest.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
UD-B325 Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices,
Business Needs and IT Challenges How can IT maintain user productivity and protect against evolving threats How can IT reduce complexity and scale.
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Your storage on the ground; Your files in the cloud.
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
eScan Total Security Suite with Cloud Security
Tim Vander Kooi Systems
Successful Deployment and Solid Management … Close Relatives Tim Sinclair, General Manager, Windows Enterprise Management.
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
The Changing World of Endpoint Protection
IBM Mobile Security solutions 1IBM and Business Partner Sellers Only Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Device.
Network security Product Group 2 McAfee Network Security Platform.
Microsoft Management Seminar Series SMS 2003 Change Management.
Bill Jensen Bashar Kachachi Session Code: SIA309.
Hyper-V Security TipsHyper-V Security Tips Fix the Gaps you Never Knew About Symon Thomas.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Antimalware Smackdown Name: Frank Simorjay Title: TwC Sr. Product Manager Microsoft Corporation Name: Scott Wu Title: MMPC Technical Program Manager Microsoft.
Windows 8 tablets with Intel Core 64-bit processors Windows 8 tablets with Intel Atom 32-bit processors Windows RT tablets with ARM processors.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
System Center 2012 Configuration Manager Service Pack 1 Overview.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
JUNOS PULSE Junos PULSE for Windows Junos PULSE Mobile Security Suite.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Small Business Solutions Copyright 2014 Trend Micro Inc.
Threat Management Server Eusebio Nieva Director Técnico Check Point España y Portugal.
Windows Vista Configuration MCTS : Network Security.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Clouding with Microsoft Azure
What's up with all these Windows 10 options?
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Phase 4: Manage Deployment
Protect your endpoints from malware threats with Windows Defender
5/13/2018 1:53 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
The changing of the guard
Journey to Microsoft Secure Cloud
Cloud-First, Modern Windows Management and Security
Configuring Windows Firewall with Advanced Security
IoT at the Edge Technical guidance deck.
9/4/2018 6:45 PM Secure your Office 365 environment with best practices recommended for political campaigns Ethan Chumley Campaign Technology Advisor Civic.
Threat Management Gateway
Windows 10 & Intune: A Modern Desktop Management Story Joe Crandall.
SVTRAININGS. SVTRAININGS Features of SCCM  Application management  Provides a set of tools and resources that can help you create, manage, deploy, and.
IoT at the Edge Technical guidance deck.
Healthcare Cloud Security Stack for Microsoft Azure
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
The Next Generation Cyber Security in the 4th Industrial Revolution
What’s new in the Fall Creators Update for Windows Defender ATP
Healthcare Cloud Security Stack for Microsoft Azure
Implementing Client Security on Windows 2000 and Windows XP Level 150
Presentation transcript:

Windows Defender Next Generation Anti-malware BRK2327 Windows Defender Next Generation Anti-malware Deepak Manohar

Malware authors have an asymmetric advantage Malware authors are well aware that industry reaction time is around 8 hours If you know the enemy and know yourself, you need not fear the result of a hundred battles. Art of War, Sun Tzu Malware’s lifecycle is faster than our signatures based protection can react Image source: www.cygnus-x1.net

Mobile Device Security OS does not expose rich local context Mobile Device Security Blocked app Conditional access allowed … Email Security Blocked incoming email Attachment removed … Edge Web & Firewall Blocked egress connection Blocked IP: 192.162.0.1 … Endpoint Security Blocked malware Remediated unwanted sw …

Mobile Device Security Log Security products not optimized for enterprises Mobile Device Security Log Blocked app Conditional access allowed … Email Security Log Blocked incoming email Attachment removed … Edge Web & Firewall Log Blocked egress connection Blocked IP: 192.162.0.1 … Endpoint Security Log Blocked malware Remediated unwanted sw …

Current State Malware authors have an asymmetric advantage OS does not expose rich local context Security products not optimized for the enterprise

Current State Future State Security products consume rich local context OS does not expose rich local context Security products with extensive, global sensors Malware authors have an asymmetric advantage Security products not optimized for enterprises Optimized security products for the enterprise

Three-pronged approach Rich Local Context Windows 10 securely provides local context Extensive Global sensors Windows Defender is enriched with extensive global sensors Empower IT security pros Windows 10 and Windows Defender optimized for the enterprise

#1 Windows 10 provides rich, local context

Windows 10 provides rich, local context Windows 10 securely provides relevant system Windows 10 securely provides local contextual information Windows Defender securely persists and uses local context

Mail server Win10 Device Persisted Context File arrived via mail

Process linked to file from mail Mail server Win10 Device Persisted Context File arrived via mail Persisted Context File arrived via mail Process linked to file from mail

Process linked to file from mail Origin Information Mail server Win10 Device Persisted Context File arrived via mail Process linked to file from mail Origin Information File Arrived via mail Persisted Context File arrived via mail Process linked to file from mail Admin <- Process <- File <- mail +Admin

Windows 10 provides Local Context Demo: Windows 10 - UAC context + Entry point (mail)

Process linked to file from mail Mail server Win10 Device Internet Persisted Context File arrived via mail Process linked to file from mail Admin <- Process <- File <- mail Persisted Context File arrived via mail Process linked to file from mail Admin <- Process <- File <- mail Script File <- Skype Deobfuscated memory <- Script File <- Skype

Windows 10 provides Local Context Demo: Windows 10 – Antimalware Scan Interface (AMSI) – Script de-obfuscation

Windows 10 provides rich, local context MVI AMSI Secure Events UAC PLATFORM Internet Explorer Windows Resource Protection IExtension Validation (IEV) Secure Boot through UEFI OS Hardening Early Launch Antimalware (ELAM) Device Guard AppLocker MVI – Microsoft Virus Initiative AMSI – Antimalware Scan Interface UAC – User Account Control Available only in Windows 10 (or full functionality only in Windows 10)

Windows 10 provides rich, local context Security products are enriched with local system context System Center Endpoint Protection/Intune/Windows Defender ANTIMALWARE Antimalware Behavior Monitoring Dynamic Translation Vulnerability Shielding Windows Defender Offline Persisted Store Shields Up Windows MVI AMSI Secure Events UAC PLATFORM Internet Explorer Windows Resource Protection IExtension Validation (IEV) Secure Boot through UEFI OS Hardening Early Launch Antimalware (ELAM) Device Guard AppLocker MVI – Microsoft Virus Initiative AMSI – Antimalware Scan Interface UAC – User Account Control ETW – Event Tracing for Windows Available only in Windows 10 (or full functionality only in Windows 10)

Windows 10 provides rich, local context Security products are enriched with local system context System Center Endpoint Protection/Intune/Windows Defender ANTIMALWARE Antimalware Behavior Monitoring Dynamic Translation Vulnerability Shielding Windows Defender Offline Persisted Store Shields Up Windows MVI AMSI Secure Events UAC PLATFORM Internet Explorer Windows Resource Protection IExtension Validation (IEV) Secure Boot through UEFI OS Hardening Early Launch Antimalware (ELAM) Device Guard AppLocker MVI – Microsoft Virus Initiative AMSI – Antimalware Scan Interface UAC – User Account Control ETW – Event Tracing for Windows Available only in Windows 10 (or full functionality only in Windows 10) Hardware + Firmware + Software security full functionality only in Windows 10

#2 Security products w/ global sensors

Security products w/ global sensors Extensive Global sensors Windows Defender is enriched with extensive global sensors Windows Defender on Windows 10 is enriched with context, aggregated From over 1B Windows devices From other cloud services (eg: mail services, url filtering services)

Responses in less than a second Privacy, compliance aware Aggregated Context Machine Profile Threat Profile Suspicious Activity Persisted Context Aggregated Context Machine Profile Aggregated Context Machine Profile Threat Profile Suspicious Activity Aggregated Context Machine Profile Threat Profile Windows Defender Cloud Protection Over 100,000,000 queries each day Geo-distributed Responses in less than a second Privacy, compliance aware

10M spam blocks per minute 1B devices 10M spam blocks per minute Windows Defender Cloud Protection 3B malware alerts

Process linked to file from mail Mail server Windows 10 Device Persisted Context File arrived via mail Process linked to file from mail Admin <- Process <- File <- mail Windows Defender on Windows 10 Uses Local context to call the cloud +Admin

Windows Defender Cloud Protection Inter-connected Global context RESEARCHERS REAL-TIME SIGNATURE DELIVERY BEHAVIOR CLASSIFIERS REPUTATION CLOUD ENGINE Telemetry Cloud Protection Cloud calls Real-time signature 1 2 Goal: Block malware the ‘first time it’s seen’ in the first critical hours

Security products w/ global sensors Demo: Windows Defender Cloud Protection

Security products w/ global sensors Security products are enriched with extensive, global sensors ANTIMALWARE Windows Available only in Windows 10 (or full functionality only in Windows 10) System Center Endpoint Protection/Intune/Windows Defender Dynamic Translation Behavior Monitoring Vulnerability Shielding Windows Defender Offline Internet Explorer AppLocker Secure Events MVI UAC – AM Secure Boot through UEFI Windows Resource Protection Early Launch Antimalware (ELAM) Shields Up Persisted Store PLATFORM OS Hardening IExtension Validation (IEV) Device Guard AMSI Smart Cloud calls MVI – Microsoft Virus Initiative AMSI – Antimalware Scan Interface UAC – User Account Control

#3 Empower IT Pros

Optimized for the enterprise Empower IT Pros Optimized for the enterprise Windows 10 and Windows Defender optimized for the enterprise Optimized for the enterprise

IE blocking feature for Java shipped Empower IT Pros Windows 10 features improved IE extension security measures Attack targets are shifting On IE shifting to plugins IE blocking feature for Java shipped Defender IExtension Validation (IEV)

Empower IT Pros Config Mgr./Microsoft Intune/SCOM 4/16/2017 Empower IT Pros Config Mgr./Microsoft Intune/SCOM Config Manager provides a complete SCEP Management solution for Enterprises Microsoft Intune provides a complete management solution for Remote/BYOD scenarios Operations Manager provides a Windows Server Antimalware Management Pack © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Empower IT Pros Full featured manageability options in-box w/ Defender 4/16/2017 Empower IT Pros Full featured manageability options in-box w/ Defender OMADM Enables agentless management of the Antimalware Client PowerShell Rich set of commands for management WMI v2 Events and management of Antimalware client Command Line Direct access and manipulation of Antimalware Client Group Policy The standard way to set machine-wide scanning policies and preferences © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Empower IT Pros Cleaning Advanced malware 150 MB download Manual process

Empower IT Pros Cleaning Advanced Malware Win10 OS 2-3 MB download Automated process Windows Defender Offline (WDO) Windows 10

Empower IT Pros Demo: WDO, cleaning advanced malware

Empower IT Pros Microsoft Intune – BYOD – agentless endpoint protection Windows 7 or Windows 8.1 device 25MB endpoint protection agent 125MB definitions (signatures) Windows 10 Windows Defender w/ OMA-DM enables agentless endpoint protection (25 MB) Windows Defender definitions are reused (125 MB)

Empower IT Pros Windows Server Antimalware 4/16/2017 2:39 PM Empower IT Pros Windows Server Antimalware What it is… Comprehensive real-time antimalware protection On by Default on new Installs of Server Optimized configuration for Server Roles Full featured manageability interface What SKUs of Server? Windows Server vNext Standard Windows Server vNext Datacenter Windows Server vNext Essentials Nano Server © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Empower IT Pros Windows Server Antimalware 4/16/2017 2:39 PM Empower IT Pros Windows Server Antimalware Optimized configuration for Server Roles Performance Worked with Server roles teams Diligently improved performance Automatic-Exclusions Optimizing “On Access Scan” exclusions per server role – no guesswork required Updated dynamically through Definition Updates – based on changes to roles/new threats Dynamic Configuration as roles are added/removed - additive © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Empower IT Pros Optimized for enterprise MANAGEMENT ANTIMALWARE System Center Configuration Manager, Microsoft Intune, SCOM and Endpoint Protection MANAGEMENT Endpoint Protection Management Software Updates + SCUP Settings Management Operating System Deployment Software Distribution Exchange Connector ANTIMALWARE w/ manageability ANTIMALWARE Windows Available only in Windows 10 (or full functionality only in Windows 10) System Center Endpoint Protection/Intune/Windows Defender Dynamic Translation Behavior Monitoring Vulnerability Shielding Windows Defender Offline Internet Explorer AppLocker Secure Events MVI Doc UAC – AM Secure Boot through UEFI Windows Resource Protection Early Launch Antimalware (ELAM) Persisted Store PLATFORM OS Hardening IExtension Validation (IEV) Device Guard AMSI Shields Up - Smart Cloud calls MVI – Microsoft Virus Initiative AMSI – Antimalware Scan Interface UAC – User Account Control Available only in Windows 10 (or full functionality only in Windows 10)

OS provides local context Summary Current State OS provides local context Secure ETW Persisted Store AMSI UAC-AM Shields Up Future State MVI Prog. IEV OS does not expose rich local context Windows Defender consumes local context Extensive, Global sensors Windows Defender Cloud Shields Up - Smart Cloud calls Windows Defender has extensive global sensors Malware authors have an asymmetric advantage Empower IT Pros (seamless integration) OMA-DM, WMI, GPO, PS, CMD Offline cleaning/WDO BYOD deployment Intune Server AM/Auto-exclusions Security products not optimized for enterprises Windows Defender is optimized for enterprise

OS provides local context Summary Old State Current State w/ Windows 10 OS provides local context Secure ETW Persisted Store AMSI UAC-AM Shields Up Current State Future State MVI Prog. IEV OS does not expose rich local context Windows Defender consumes local context Extensive, Global Sensors Windows Defender Cloud Shields Up - Smart Cloud calls Windows Defender has extensive global sensors Malware authors have an asymmetric advantage Empower IT Pros (optimized for enterprise) OMA-DM, WMI, GPO, PS, CMD Offline cleaning/WDO BYOD deployment Intune Server AM/Auto-exclusions Security products not optimized for enterprises Windows Defender is optimized for enterprise

Let’s beat malware. Deploy the Future Windows 10 + Windows Defender – rich local context Windows Defender – extensive, global sensors Windows Defender – optimized for enterprise

Q&A

Please evaluate this session 4/16/2017 2:39 PM Please evaluate this session Your feedback is important to us! Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 2:39 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.