Maximise visibility and control over potential attacks

Last updated: 18th April 2019

The IT threat landscape is forever changing. Security administrators strive to maximise visibility and control over potential attacks and to minimise the time, cost and effort in taking action. Windows Defender ATP (Advanced Threat Protection) is an ISO 27001 certified security product which helps security admins achieve these goals by offering a comprehensive and complete security solution for modern work environments. Agent-less and cloud-based, allows it to constantly be enhanced and updated automatically and hassle-free to provide the very best protection, detection, investigation and response capabilities.


Key features and capabilities

Some of Windows Defender ATP’s key features/capabilities include:

  • Detection and response – As well as providing traditional EDR capabilities for monitoring, investigating and remediating threats/attacks, Windows Defender ATP also offers network protection, app control, reputation analysis, behaviour analysis, and more.
  • Automation – By automating the more basic security processes, Windows Defender ATP leaves security personnel free to focus on the more challenging issues. This reduces the burden on security teams and leaves the business less susceptible to attack.
  • Clear security score – Windows Defender ATP provides a real-time security score for your organisation, assessing potential risks and giving recommendations for increasing your score.
  • Intelligence – Being based on the Microsoft Intelligent Security Graph, an extensive collection of Microsoft-related global data, Windows Defender ATP offers deep and broad threat signals using complex machine learning for intelligent signal correlation.
  • Seamless integration – Windows Defender ATP seamlessly integrates with all other security services within Microsoft Threat Protection, working together to provide a richer and more complete security setup. These include Microsoft Cloud App Security for a more complete view of cloud apps and services and Azure ATP for identity security.
  • Sandboxing – Windows Defender ATP uses a sandbox environment to detonate suspicious files in a safe, isolated environment before they can reach and affect your IT environment. Full analyses of detonated files are provided.
  • Investigation and hunting – These enhanced features not only allow security staff to investigate current and previous threats/attacks, but to proactively hunt for possible future threats/attacks before they have even happened, using six months of historic data and trends.
  • Customisation – Windows Defender ATP allows custom IOCs (Indicators of Compromise) to be created based on the security team’s own custom threat intelligence, allowing the security to be adapted to meet their exact needs.


Industry leading optics and detection for endpoint security

MITRE, a research and development corporation who work with the US government, performed an evaluation on how well Windows Defender ATP detects cyber-attack techniques used by the attack group APT3 (a.k.a. Boron/UPS). Windows Defender ATP was awarded best optics and top detection coverage across the attacker kill chain. As well as detection, Windows Defender ATP offers equally impressive protection and response to threats.

Windows Defender ATP has also been highly received by several other independent testing bodies, including perfect scores in protection, usability and performance by AV-TEST, 99.8% protection rate in AV-Comparatives tests and a AAA accuracy rating in SE Labs evaluations.

Leave a Reply

Your email address will not be published. Required fields are marked *

Pugh Catalogue

Subscribe today