Today, Microsoft unveils Windows Defender Advanced Threat Detection, a major new security service that’s intended to make the Windows 10 operating system even more appealing to large enterprises.
It’s a mouthful of a name, but Advanced Threat Detection is a “very unique” cloud-powered service, coming soon to Microsoft’s Windows Insider beta program, that helps protect against a very real and expensive, problem, Microsoft VP of Windows and Devices Terry Myerson told Business Insider.
Once it’s gone through the Windows Insider program, Windows Defender Advanced Threat Detection will be built right in to enterprise editions of Windows 10 (no word yet on Windows 7 or 8 versions). Microsoft hasn’t said yet when it will be available or if it will cost extra.
Assuming the worst
While most traditional security software is intended to guard against intrusions by bad guys, Advanced Threat Detection starts from the assumption that some attacks are just going to slip through even the tighest defences — and then it helps mitigate the damage before it gets any worse.
“The reality is these breaches may take place,” Myerson says. “Attackers are getting more brazen.”
From Myerson’s perspective, it’s about bolstering Windows 10’s enterprise appeal by expanding its existing security offerings to protect against new kinds of attacks. Incidentally, it also places Microsoft into direct competition into one-time hot startups like FireEye, which take similar approaches to post-breach security.
Microsoft is relying on the lucrative enterprise market to take the plunge and upgrade from Windows 7 or 8 to Windows 10, counting on those customers to help in the march towards one billion users. Bolstering security is an important part of the sales pitch.
“We want to have the best defences built into the product, we want to be there,” Myerson says. “This is the significant next step.”
A major attack method nowadays is so-called social engineering, where an attacker fools a person into giving them information they really shouldn’t, including financial information and account passwords. Just this week, an attacker tricked a Snapchat employee into giving up confidential employee IRS records by posing as CEO Evan Spiegel.
Basically, Advanced Threat Detection taps into data from “1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day,” Myerson says.
The new service compares that massive data collection to a company’s network, via the Microsoft Azure cloud. If Advanced Threat Protection detects a problem, it alerts a company’s IT department if there’s any sign of wrongdoing. From there, the security pros can do their thing and triage the attack before it gets further.
“Unless an attack is extremely unique, unlike any other in the world,” Windows Defender Advanced Threat Detection will find it, Myerson says.
And if you need proof that it works, Myerson says Microsoft has started to use Microsoft Windows Defender Advanced Threat Protection internally.
“We have found some things,” Myerson jokes.