- Apr 25, 2013
- 5,357
Malware can easily send a huge enterprise infrastructure into a tailspin. However, you can get greater protection from malware by using services in the cloud.
Yes, there’s an opportunity to get real-time results from suspicious malware triggers where your system can:
What is MAPS?
The Microsoft Active Protection Service is the cloud service that enables:
What can MAPS do for your enterprise software security?
Enabling MAPS in your system gives you:
The vast data and computing resources available in the cloud allows the fast detection of polymorphic and emerging threats and the application of advanced protection techniques.
At a high level, here's what the MAPS protection looks like:
Figure 1: How the cloud protection and telemetry works from the endpoint and back.
Client machines selectively send telemetry in real-time (for detection), or periodically (for health checks) to the Microsoft Malware Protection Center’s (MMPC) cloud service which includes:
What the data shows
Figure 2: Percentage of protection MAPS can contribute over a six-month period
If we take the System Center Endpoint Protection data as an example, you'll see how MAPS is contributing 10% of protection to enterprise users on SCEP systems.
Imagine living without it – there'll be 10% more machines infected, and 10% more chance of intruders.
Prerequisites
Both Basic membership and Advanced membership enable cloud protection. See the Microsoft Active Protection Service (MAPS) section of the Microsoft System Center 2012 Endpoint Protection Privacy Statement for details.
By default, MAPS Basic is enabled in all of Microsoft’s new antimalware products. For enterprise customers, you have to enable it to get cloud protection from new threats that are coming in.
With the Advanced membership, you can get more information about the malware and/or suspicious behaviour. Such information can give your enterprise infrastructure better protection.
To get your system ready for MAPS, see the Introduction to Endpoint Protection in Configuration Manager.
So, what can you do to protect your enterprise?
Keep MAPS enabled on your system.
Join the Microsoft Active Protection Service Community.
To check if MAPS is enabled in your Microsoft security product, select Settings and then select MAPS:
Figure 3: With the MAPS option enabled, Microsoft anti-malware security product can take full advantage of Microsoft's cloud protection service
Source
Yes, there’s an opportunity to get real-time results from suspicious malware triggers where your system can:
- Consult the cloud upon detecting suspicious malware behaviors.
- Respond by blocking malware based on derived logic from the account ecosystem data, and local signals from the client.
What is MAPS?
The Microsoft Active Protection Service is the cloud service that enables:
- Clients to report key telemetry events and suspicious malware queries to the cloud
- Cloud to provide real-time blocking responses back to the client
- Microsoft Forefront Endpoint Protection
- Microsoft Security Essentials
- System Center Endpoint Protection
- Windows Defender on Windows 8 and later versions
What can MAPS do for your enterprise software security?
Enabling MAPS in your system gives you:
- Greater malware protection through cloud-delivered malware-blocking decisions
- Aggregated protection telemetry
Leverage the latest ecosystem-wide detection techniques offered through the cloud. Microsoft aggregates protection telemetry from over one billion clients, and cross-references them with numerous signals.
The vast data and computing resources available in the cloud allows the fast detection of polymorphic and emerging threats and the application of advanced protection techniques.
At a high level, here's what the MAPS protection looks like:
Figure 1: How the cloud protection and telemetry works from the endpoint and back.
Client machines selectively send telemetry in real-time (for detection), or periodically (for health checks) to the Microsoft Malware Protection Center’s (MMPC) cloud service which includes:
- Threat telemetry – to identify the threats, threat-related resources, and remediation results
- Suspicious behavior – to collect samples, determine what to monitor and remediate
- Heartbeat – to check the system's pulse to know if the antivirus application is still running, and if it has the updated version
- Cloud actions – which include context and a set of instructions from the cloud on how to handle a potential threat (for example, block it).
- Cloud false positive mitigation response – to suppress false positive malware detections
What the data shows
Figure 2: Percentage of protection MAPS can contribute over a six-month period
If we take the System Center Endpoint Protection data as an example, you'll see how MAPS is contributing 10% of protection to enterprise users on SCEP systems.
Imagine living without it – there'll be 10% more machines infected, and 10% more chance of intruders.
Prerequisites
Both Basic membership and Advanced membership enable cloud protection. See the Microsoft Active Protection Service (MAPS) section of the Microsoft System Center 2012 Endpoint Protection Privacy Statement for details.
By default, MAPS Basic is enabled in all of Microsoft’s new antimalware products. For enterprise customers, you have to enable it to get cloud protection from new threats that are coming in.
With the Advanced membership, you can get more information about the malware and/or suspicious behaviour. Such information can give your enterprise infrastructure better protection.
To get your system ready for MAPS, see the Introduction to Endpoint Protection in Configuration Manager.
So, what can you do to protect your enterprise?
Keep MAPS enabled on your system.
Join the Microsoft Active Protection Service Community.
To check if MAPS is enabled in your Microsoft security product, select Settings and then select MAPS:
Figure 3: With the MAPS option enabled, Microsoft anti-malware security product can take full advantage of Microsoft's cloud protection service
Source
