Download presentation
Presentation is loading. Please wait.
Published byEgbert Pitts Modified over 5 years ago
2
What’s new in the Fall Creators Update for Windows Defender ATP
1/2/ :25 PM BRK2077 What’s new in the Fall Creators Update for Windows Defender ATP © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
3
What will attackers do next?
1/2/2019 What will attackers do next? Social engineering (macros) or 1-day exploits File based user-mode malware Persistence through standard ASEPs Standard PtH tools to move laterally YESTERDAY 0-day exploits Memory-only implants with cross-process orchestration Moves laterally with custom tools MEMORY ONLY ATTACKS 0-day exploits and watering holes Kernel mode exploits and kernel implants to persist KERNEL LEVEL ATTACKS File based Fileless Cybercrime Cyberespionage Optics, anti-tampering & detection © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
4
Windows Defender ATP product journey
1/2/2019 Windows Defender ATP product journey Unified endpoint security solution with Windows 10 threat and endpoint protection and response under one roof Security Analytics Enhanced detection – Application Guard, Exploit Guard, script introspection Windows Security Graph APIs Windows Server support Enhanced detection - memory, injection, kernel, visibility to Windows Defender AV detections Response actions Custom Threat Intelligence Detection and exploration integration with Office 365 ATP Behavior-based, cloud-powered EDR solution Built into Windows 10, agentless and no deployment Rich timeline for investigation and interactive hunting Unparalleled threat optics and deep OS security and big data expertise Anniversary Update Creators Update Fall Creators Update © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
5
Enhancing Windows Defender ATP
1/2/2019 Enhancing Windows Defender ATP Protect, detect, and respond to advanced attacks Built in - EDR extended with AV and exploit protection Extending the promise of protection built deep into Windows across the entire security feature stack – exploit prevention, AV and EDR all with the same ensured best in class performance. Intelligence driven cloud extended Fusing EDR and AV cloud logic and making application control and exploit protection ‘cloud aware’. Creating a cloud driven coordinated defense grid based on our deep OS expertise, data science and security expertise to quickly adapt to changing threats, deploy new defenses, and orchestrate remediation. Putting you in control Extending the single pane of glass for SecOps across alerts and signals from the full Windows security stack. Search and investigate machine timelines over 6 months of data. More options for response. Central management and onboarding covers EDR, AV, exploit mitigation, FW and other features across WSC, SCCM and Intune. Unparalleled threat optics / MS Secure Windows Defender ATP is a key component of the Microsoft Secure stack that brings together signals, detection and investigations across devices, identity and information connecting the 3-ATPs – Windows, Office and Azure. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
6
Fall Creators Update Enhancements drill-down
7
Detecting the bad guys…
1/2/ :25 PM Detecting the bad guys… © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
8
Extending detection capabilities
1/2/ :25 PM Extending detection capabilities Improved script based attack detection (AMSI integration) Windows Defender Exploit Guard integration Windows Defender Application Guard integration Expedited detection speed Kernel-based detection capabilities for known Keylogger attacks Detections of suspicious cross-process reads for credentials thefts Adding Server support © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
9
1/2/ :25 PM Demo: E2E Attack © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
10
Investigate the breach and quickly respond
1/2/ :25 PM Investigate the breach and quickly respond © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
11
Enhancing investigation
1/2/ :25 PM Enhancing investigation Expedited AV events surfacing Complex search capabilities Enhanced VDI support High value and location tagging for assets Enhanced suppression logic Skype integration © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
12
Stronger response Application restriction More granular isolation
1/2/ :25 PM Stronger response Application restriction More granular isolation AV update and scan © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
13
Demo: Investigation and response
1/2/ :25 PM Demo: Investigation and response © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
14
Making data available for your needs…
1/2/ :25 PM Making data available for your needs… © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
15
1/2/ :25 PM Security Graph Cross integration of signals and investigation with Office 365 ATP and Azure ATP for users Data streaming and response APIs exposed through the Graph PowerBI integration © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
16
Demo: Security Graph 1/2/2019 10:25 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
17
Demo: Security Analytics
1/2/ :25 PM Demo: Security Analytics © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
18
Sign up for the trial https://aka.ms/wdatp
1/2/2019 Sign up for the trial Technet resources Read Microsoft case study © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
19
1/2/ :25 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.