By Rob Lefferts / Partner Director, Windows & Devices Group, Security & Enterprise
From C-level execs to Sec-Ops pros, our customers tell us they are overwhelmed with the rapid pace new cyber threats are released in the wild. That's why at Microsoft staying ahead of the security challenges our customers are facing and shifting the industry to next-generation security defenses are critical strategies to addressing these threats.
Today, we're announcing Windows Defender Advanced Threat Protection (ATP) will include automated investigation and remediation capabilities later this year. This takes enterprise security to a new level enabling our customers to move faster from device, data and insight to action against modern-day threats.
Understanding the security challenge
Since we announced Windows Defender Advanced Threat Protection, it has continually evolved with new detection capabilities, investigation and hunting tools and response options. With the Windows 10 Fall Creators Update, new prevention capabilities were added, as well as capabilities to stop attacks as they happen, enabling companies to use the full power of the Windows security stack for preventative protection. We also enhanced our single pane of glass experience so security operations (SecOps) teams get full visibility into their Windows endpoint security and a rich toolset to take action using the Windows Defender ATP console.
Now 18 months since launching Windows Defender ATP, customers have more visibility into threats than ever before. In fact, Windows Defender ATP processes 970 million malicious security events per day per day from across the Microsoft enterprise and consumer eco-system, making the Intelligent Security Graph richer every day. This staggering figure shows the magnitude of the threat landscape being surfaced to customers, yet visibility is simply not enough.
From visibility to action
While detecting threats is half the battle, security teams are struggling to follow up on the volume of alerts they see. Research from analyst firm EMA found that 88 percent of organizations receive up to 500 alerts per day that are classified as "severe" or "critical", and 60 percent only had three to five full-time employees (FTEs) working those alerts. 88 percent of participants said their teams could investigate only 25 or fewer severe/critical events per day. This leaves what David Monahan, research director for Security and Risk Management at EMA calls "a huge, and frankly insurmountable, daily gap."
We can help - with built-in security automation in Windows Defender ATP
Following the recent acquisition of Hexadite, a leader in security automation, we are happy to announce we have successfully integrated Hexadite's innovative security automation technology into Windows Defender ATP. This enables Windows Defender ATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting Windows Defender ATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale. With this addition, Windows Defender ATP now covers the end-to-end threat lifecycle from detection to investigation and response automatically.
Here's a sneak peek at what's coming:
With the new security automation capabilities, Windows Defender ATP can not only find breaches; it can fix them. These actions can be run automatically for simple, clear-cut cases, or can be reviewed prior to execution. Either way, time and effort is saved by SecOps, enabling those talented professionals to focus on more complex and strategic problems. In addition, the organization's security team moves faster, thereby better executing on their critical mission.