Windows 10 Security Boost Targets Business PCs

Microsoft launches a new Windows 10 security feature designed to give IT leaders more insight into recognizing and addressing cyber-attacks.

Kelly Sheridan, Staff Editor, Dark Reading

March 1, 2016

3 Min Read
<p align="left">(Image: Pete_Flyer/iStockphoto)</p>

9 Windows 10 Apps For A Productivity Edge

9 Windows 10 Apps For A Productivity Edge

9 Windows 10 Apps For A Productivity Edge (Click image for larger view and slideshow.)

Microsoft has announced a new Windows 10 security feature specifically intended for business devices.

Windows Defender Advanced Threat Protection builds on protection already integrated into the OS. Safeguards such as Device Guard, Credential Guard, Passport, and Windows Hello are some of its measures.

"The ability for [hackers] to compromise networks is incredible," said Yusuf Mehdi, CVP of Microsoft's Windows and Devices Group, in a briefing with InformationWeek. It takes an average of about 200 days for a business to detect a security breach, he explained, and another 80 days to contain it.

[Get ready: Microsoft HoloLens is available for pre-order.]

Advanced Threat Protection is intended to shorten that dangerous time frame by providing a layer of post-breach protection in Windows 10. It's a solution in high demand -- 90% of surveyed IT directors expressed need for a tool to identify and respond to cyber-attacks, Microsoft EVP Terry Myerson wrote in a blog post.

When a breach occurs, ATP provides key information, including who conducted the attack, which PCs were affected, and how the attacks are linked. The feature relies on a combination of cloud-based security analytics, Windows behavioral sensors, and threat intelligence.

The tool accesses data from Microsoft intelligent security graph, which identifies problems based on information from 2.5 trillion indexed URLs on the Web and one billion Windows devices submitting anonymous information.

A built-in dashboard lets administrators explore their entire network for signs of a breach and determine how attackers targeted particular machines. They can also access detailed file footprints across the business to inform attack responses.

This does not only apply to current cyber-attacks, but those that occur over time. ATP lets admins view the state of any given machine over a six-month time frame so they can pinpoint when something went wrong and how it happened.

Admins can also investigate files and URLs by submitting them to isolated virtual machines through a cloud-based detonation service.

The ATP tool will be natively built into Windows 10, though you'll need the Enterprise edition to access the feature, said Mehdi. Machines will be continuously updated via cloud and work with the rest of the Microsoft security suite.

Windows Insiders will start to see code associated with ATP in upcoming builds of Windows 10, likely within the next month, but the exact timing is to be announced. However, the code won't directly affect them unless they are participating in Microsoft's limited testing group.

News of the Advanced Threat Protection arrives shortly after Microsoft published an update on a few initiatives it's taking to improve cloud security in the enterprise.

One of these was the general availability of Microsoft Cloud App Security, which is based on technology Redmond acquired when it bought Adallom last year. The security offering, which is intended to bring IT more visibility and control to Azure and Office 365, will roll out in April 2016.

The built-in security features of Windows 10 were strong enough to receive approval from the US Department of Defense (DoD). Over a one-year time frame, the DoD will upgrade 4 million devices to the new OS. It's a massive project and significant endorsement for a system that Microsoft wants on one billion devices by July 2018.

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

About the Author(s)

Kelly Sheridan

Staff Editor, Dark Reading

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights