Microsoft unveils Windows Defender Advanced Threat Protection service for enterprise customers

Microsoft to add a post-breach layer of protection to the Windows 10 security stack

Microsoft has unveiled details of a threat protection service it is developing that, it claims, will help organisations detect and deal with attacks on their networks.

Using a combination of endpoint and cloud-based tools, it is intended to detect threats that have made it past other defences and provide response recommendations.

Due to be available later this year, Windows Defender Advanced Threat Protection is already being trialled by some early adopter customers as well as being used to protect Microsoft's own network, the company revealed.

Full details have yet to be disclosed, but the service is likely to be incorporated into the Windows 10 Enterprise edition of Microsoft's operating system, and thus available only to volume licensing customers.

The new service is being developed because of the increasing sophistication of cyber attacks mounted against corporate networks, and the damage that can be inflicted through lost productivity and loss or theft of confidential information. Microsoft claims that serious breaches cost the average organisation some $12m per incident, in addition to a broader impact on a company's reputation.

"As the attackers' approaches have evolved and become more sophisticated, so too must our approach to provide security to our enterprise customers," said Microsoft's executive vice president for the Windows and Devices Group, Terry Myerson.

He added that 90 per cent of IT directors responding to a survey said they needed a fully-fledged advanced threat protection solution that is capable of identifying attacks sooner and providing remediation.

To address this, Microsoft is building Windows Defender Advanced Threat Protection around software built into Windows 10 endpoints feeding data back to cloud-based services to provide a global view of the threat landscape.

The software giant said that Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioural sensors, cloud-based security analytics, threat intelligence, and by tapping into Microsoft's "intelligent security graph". The latter is being developed to provide analytics on information drawn from more than one billion Windows devices.

The service's security operations data provides an easy way to investigate alerts, explore the corporate network for signs of attacks, and to get detailed file footprints from across the organisation to recommend responses. It will also be able to examine the state of machines and their activities over the preceding six months for historical investigation purposes.

One organisation involved in the trial is IT services supplier Avanade.

"Cyber security is my biggest concern and securing all endpoints in my organisation is my current priority. Windows Defender Advanced Threat Protection is unique in that it can see exactly what's going on across every endpoint, which other solutions are failing to address," said Avanade's IT security director, Greg Petersen.

Because Windows Defender Advanced Threat Protection is being built into Windows 10, it will be automatically kept up-to-date along with Windows itself. No on-premise server infrastructure or ongoing maintenance will be required, claims Microsoft.