Today's announcement builds on security features that the company unveiled at its Ignite 2016 conference, which include Defender Advanced Threat Protection (ATP) and Office ATP being able to communicate with one another through the Windows Security Center. This will allow IT admins to "easily follow an attack across endpoints and email in a seamless and integrated way."
- Enriched Detection. As I’ve said before, methods and means attackers use are increasingly varied, complex and well-funded. The sensors we have today across the network traffic channeled through end points and the cloud are powerful. However, cyber threats won’t stop, and neither will we. With the Creators Update we will expand Windows Defender ATP sensors to detect threats that persist only in memory or kernel level exploits. This will enable IT administrators to monitor loaded drivers and in-memory activities, and to detect various patterns of injection, reflective loading, and in-memory modifications indicating potential kernel exploits.
- Enriched Intelligence. We already add on to our Microsoft Threat Intelligence (TI) with industry partners like FireEye iSIGHT Threat Intelligence. In the Creators Update, we’ll enable IT administrators to feed their own intelligence into the Windows Security Center for alerts on activities based on their own indicators of compromise. This added level of insight will enrich machine learning models to identify and block malware more quickly and better protect their unique environment.
- Enhanced Remediation. We will also deliver new remediation actions in Windows Defender ATP that will give IT administrators the tools to isolate machines, collect forensics, kill and clean running processes and quarantine or block files with a single click in the Windows Security Center and further reduce response time.