Maximise visibility and control over potential attacks
The IT threat landscape is forever changing. Security administrators strive to maximise visibility and control over potential attacks and to minimise the time, cost and effort in taking action. Microsoft Defender ATP (Advanced Threat Protection) is an ISO 27001 certified security product which helps security admins achieve these goals by offering a comprehensive and complete security solution for modern work environments. Agent-less and cloud-based, allows it to constantly be enhanced and updated automatically and hassle-free to provide the very best protection, detection, investigation and response capabilities.
Key features and capabilities
Some of Microsoft Defender ATP’s key features/capabilities include:
- Detection and response – As well as providing traditional EDR capabilities for monitoring, investigating and remediating threats/attacks, Microsoft Defender ATP also offers network protection, app control, reputation analysis, behaviour analysis, and more.
- Automation – By automating the more basic security processes, Microsoft Defender ATP leaves security personnel free to focus on the more challenging issues. This reduces the burden on security teams and leaves the business less susceptible to attack.
- Clear security score – Microsoft Defender ATP provides a real-time security score for your organisation, assessing potential risks and giving recommendations for increasing your score.
- Intelligence – Being based on the Microsoft Intelligent Security Graph, an extensive collection of Microsoft-related global data, Microsoft Defender ATP offers deep and broad threat signals using complex machine learning for intelligent signal correlation.
- Seamless integration – Microsoft Defender ATP seamlessly integrates with all other security services within Microsoft Threat Protection, working together to provide a richer and more complete security setup. These include Microsoft Cloud App Security for a more complete view of cloud apps and services and Azure ATP for identity security.
- Sandboxing – Microsoft Defender ATP uses a sandbox environment to detonate suspicious files in a safe, isolated environment before they can reach and affect your IT environment. Full analyses of detonated files are provided.
- Investigation and hunting – These enhanced features not only allow security staff to investigate current and previous threats/attacks, but to proactively hunt for possible future threats/attacks before they have even happened, using six months of historic data and trends.
- Customisation – Microsoft Defender ATP allows custom IOCs (Indicators of Compromise) to be created based on the security team’s own custom threat intelligence, allowing the security to be adapted to meet their exact needs.
Industry leading optics and detection for endpoint security
MITRE, a research and development corporation who work with the US government, performed an evaluation on how well Microsoft Defender ATP detects cyber-attack techniques used by the attack group APT3 (a.k.a. Boron/UPS). Microsoft Defender ATP was awarded best optics and top detection coverage across the attacker kill chain. As well as detection, Microsoft Defender ATP offers equally impressive protection and response to threats.
Microsoft Defender ATP has also been highly received by several other independent testing bodies, including perfect scores in protection, usability and performance by AV-TEST, 99.8% protection rate in AV-Comparatives tests and a AAA accuracy rating in SE Labs evaluations.
Microsoft Defender ATP is now available in the new Microsoft 365 security suite – Identity & Threat Protection
This new package brings together security value across Office 365, Windows 10, and EM+S in a single offering. It includes best of breed for advanced threat protection services including Microsoft Threat Protection (Azure Advanced Threat Protection (ATP), Microsoft Defender ATP, and Office 365 ATP including Threat Intelligence), as well as Microsoft Cloud App Security and Azure Active Directory.
Also available – New Microsoft 365 Compliance package – Information Protection & Compliance
This new package combines Office 365 Advanced Compliance and Azure Information Protection. It’s designed to help compliance and IT teams perform ongoing risk assessments across Microsoft Cloud services, automatically protect and govern sensitive data throughout its lifecycle, and efficiently respond to regulatory requests leveraging intelligence.