Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protect your endpoints from malware threats with Windows Defender

Published byCurtis Shields Modified over 6 years ago

Similar presentations

Presentation on theme: "Protect your endpoints from malware threats with Windows Defender"— Presentation transcript:

1 Protect your endpoints from malware threats with Windows Defender
Microsoft 2016 3/9/ :38 PM BRK2205 Protect your endpoints from malware threats with Windows Defender Amitai Rottem @AmitaiTechie Randy Treit @RTreit Windows Defender Engineering © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 What you’ll hear today Windows Defender’s unique optics
The evolving threat landscape & the role of cloud based protection Demo! What’s on your computer – the Windows Defender endpoint What others think about Windows Defender Call to action

3 What’s my name? Windows Defender Also known as…
3/9/ :38 PM What’s my name? Windows Defender Also known as… System Center Endpoint Protection (SCEP) Forefront Endpoint Protection (FEP) Microsoft Security Essentials (MSE) OneCare © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 The Windows 10 defense stack
3/9/2018 The Windows 10 defense stack PRE-BREACH POST-BREACH Device protection Device Health attestation  Device Guard Device Control Security policies Threat resistance SmartScreen AppLocker Device Guard Windows Defender Network/Firewall Built-in 2FA Account lockdown Credential Guard Microsoft Passport Windows Hello :) Identity protection Information protection Device protection / Drive encryption Enterprise Data Protection Conditional access Windows Defender ATP Breach detection investigation & response Device protection Threat resistance Identity protection Information protection Breach detection investigation & response Conditional Access Windows Defender ATP Device integrity Device control BitLocker and BitLocker to Go Windows Information Protection SmartScreen Windows Firewall Microsoft Edge Device Guard Windows Defender Windows Hello :) Credential Guard © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

5 Windows Defender’s unique optics
Used by MS Security Ecosystem Windows Defender Advanced Threat Protection Cyber Security Services, Digital Crime Unit (DCU) Protects your Services O365 , Skype, OneDrive, Azure, Bing, Windows Store Threat Insights used to bolster Endpoint Protection Protects your Servers Manageable EPP built-into Windows Server 2016 Available for most SKUs Protects your Devices Manageable EPP built-into Windows

6 Windows Defender’s unique optics
Microsoft 2016 3/9/ :38 PM Windows Defender’s unique optics 1.2 billion Devices/monthly 200 billion s/monthly 1 billion Cloud queries/daily 2 million New file samples/daily 80 billion Metadata of files 2.5 trillion URLs index © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Today’s Protection is Too Reactive
Today’s malware looks like this Malware’s lifecycle is faster than signature based protection can react 30% of the devices are infected in the first 4 hours by hour 20 signature updates catch up with the rate of infection Which results in this . 85% have seen-only-once wrappers AV engine evasion Payload Auto-fuzzing our engine in their labs Hourly cadence ~500 families Monthly cadence Humans write ~150 generic sigs/day Remaining malware achieves malicious goal within 7 hours

8 Demo Time to Protect reduced from Hours to Seconds
Block at First Sight Prevent infection of patient Zero Block at Second Sight Collect - Analyze - Reach a Verdict synchronously on a file first seen

9 Windows Defender – Cloud Protection
Build 2014 3/9/2018 Windows Defender – Cloud Protection No Verdict (very rare) Evaluate metadata Windows Defender Cloud Protection Command & Control Request file Send file metadata Generate new malware file End User Click! End User 2 Attacker © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Windows Defender – Block at First Sight
Build 2014 3/9/2018 Windows Defender – Block at First Sight Machine Learning Classification: Malware Automated file processing Windows Defender Cloud Protection Time to Monetize: Hours $ Time to Protect: Seconds Command & Control Confirm file received File runs – user infected Malware Blocked End User End User 2 Click! Attacker © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Unique optics feed cloud intelligence
Microsoft 2016 3/9/ :38 PM Unique optics feed cloud intelligence Unique optics 2 million New file samples/daily 1.1 petabytes Of unique files 1 billion Cloud queries/daily 2.5 trillion Index URLs 80 billion Metadata of files 1.2 billion Device/monthly 200 billion s Samples Cloud Protection Machine Learning models Fuzzy hashing algorithms Malware/ Clean Classification © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 WD Cloud/BaFS: Experience and Outcome
Experience Impact Minimal Experience with client protection only Protection Impact Infected End Users in the 1st 24 hours Experience Impact Minimal Protection Impact Infected Experience with Cloud Protection in Win10 Anniversary End Users in the 1st 1 hour Protection Impact Safe with mSec delay Experience Impact mSec End Users after 8 hours Protection Impact: Safe with up to 10 Sec delay Experience Impact Up to 10 sec Experience with Cloud Protection in the next releases End Users in the 1st minutes Protection Impact Safe with mSec delay Experience Impact mSec End Users after a few min

13 We’re not just traditional signatures…
Microsoft 2016 3/9/ :38 PM We’re not just traditional signatures… Blocking technologies Antimalware Scan Interface (AMSI) Boot sector blocking Scan & block boot start drivers System Protected Process for anti-tampering Monitoring Secure ETW Persisted store Kernel & Network monitoring Server SKU Optimization for Windows Containers In most SKUs, including Nano © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Potentially Unwanted Applications (PUA)
What is PUA? Applications that perform actions you may not expect or desire Bundling Advertisement injection Bitcoin miners Only for commercial customers Managed via Intune / SCCM settings Over 2,200 large enterprises using PUA feature

15 What others are saying about us
In the news Microsoft's Antivirus Scores Soar Microsoft Aces Antivirus Test Microsoft Sheds Reputation as an Easy Mark for Hackers June 2016 Customers’ reaction “In internal testing -caught 99.5% of malware” We like that it’s already on the box and included in our license

16 Microsoft Malware Protection Center (MMPC)
Customers can submit samples Investigation result sent back Malware encyclopedia

17 New & cool Enhanced Notifications Windows Defender Offline
Recent summary Scan completed Windows Defender Offline When prompted When suspicious

18 Call to action Try Windows Defender – Enable Cloud Protection
Test drive Cloud Protection (instructions are part of the session material) Send us feedback, be part of conversation Via Windows Insiders, TAP or directly: Visit MMPC & TechNet to learn more @AmitaiTechie & @RTreit

19 Deploy, ramp-up on new services and onboard new users with Microsoft FastTrack:

20 Join the Microsoft Tech Community to collaborate, share, and learn from the experts:

21 Please evaluate this session
3/9/ :38 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 3/9/ :38 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Protect your endpoints from malware threats with Windows Defender"

Similar presentations

customer.

customer.
demo User Signs Up Temporary Account is Created Email with Verification Link Sent User Clicks Link Account is Activated Login.Register(userName,

demo User Signs Up Temporary Account is Created with Verification Link Sent User Clicks Link Account is Activated Login.Register(userName,
News in ConfigMgr EWUG 1610.

News in ConfigMgr EWUG 1610.
Manage Office 365 more effectively: what’s new in Office 365 admin?

Manage Office 365 more effectively: what’s new in Office 365 admin?
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
Journey to Microsoft Secure Cloud

Journey to Microsoft Secure Cloud
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Microsoft 2016 6/4/2018 11:15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.

Microsoft /4/ :15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
Plan performance and bandwidth for Microsoft Office 365

Plan performance and bandwidth for Microsoft Office 365
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Microsoft 2016 6/17/2018 4:24 AM BRK4012 Dive deep on Skype Web SDK & Skype for Business App SDK - Build apps across Web, IOS & Android Srividhya Chandrasekaran Amit.

Microsoft /17/2018 4:24 AM BRK4012 Dive deep on Skype Web SDK & Skype for Business App SDK - Build apps across Web, IOS & Android Srividhya Chandrasekaran Amit.
Microsoft Ignite 2016 6/17/2018 4:41 AM BRK4016

Microsoft Ignite /17/2018 4:41 AM BRK4016
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Best practices to secure Windows 10 with already included features

Best practices to secure Windows 10 with already included features
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

Similar presentations

Ads by Google