Level 63
Microsoft is working to help businesses remain protected from serious threats besides vulnerabilities. A new feature of Windows Defender will land in Windows 10 soon which will be aimed at protecting users from security and privacy breaches across endpoints and data thefts besides hack attacks.

Acccording to Microsoft, Windows Defender will be able to use machine learning to improve the operating system's security capabilities. The new feature is called "Advanced Threat Protection" (ATP) and will protect Windows 10 devices by building a profile of how a computer behaves and harness the power of the cloud, going beyond simple signature-based malware protection to submit that big data to Microsoft for analysis. It will warn IT managers if a possible security breach is detected and provide administrators with the recommended steps to fix the issue.

In theory, this should improve the ability of Windows 10 to withstand attacks against exploited or undisclosed "zero-day" vulnerabilities, and social engineering attacks that take advantage of users making mistakes, costing organizations huge amounts of money.

According to Terry Myerson, who is the head of Microsoft's Windows and Devices Group, it takes around 200 days for an organization to find that it has suffered a security breach, plus an extra 80 days to fix the situation. Windows Defender ATP is designed to reduce this time by analyzing the data collected, so any unexpected or unusual system and network behavior and potential damage caused by it can be brought to attention of IT managers.

Under the hood of this feature are the same machine learning systems, security analytics and other capabilities that are used in Microsoft's intelligent security products like Advanced Threat Analytics and Office 365 Advanced Threat Protection.

Myerson said, that in the future they are considering adding more features like the ability to let administrators automatically quarantine potentially compromised devices.

Using Windows Defender ATP does require giving Microsoft access to usage data from all of the devices enrolled. Myerson said that all of the information will be acquired in a way that's not personally or organizationally identifiable, because it's important that the machine learning system behind ATP has access to as much data as possible. ATP builds an intelligent security graph by analyzing aggregate behaviors of big data across a very large number of Windows devices, indexed web addresses, online reputation look-ups, and suspicious files. ATP will also perform historical checks of processes, files, URLs and network connection events, going as far back as 6 months.

"We want to have that machine learning system getting as many of the right signals as possible," he said.

Companies which do not want to share their data with Microsoft will be able to exclude any or all devices from the Windows Defender ATP.

It is not clear when exactly this new security feature will reach the stable release of Windows 10. Myerson said that the company hasn't decided which versions of Windows 10 will get Windows Defender ATP, or what sort of business model will underpin it however since it is based on tools integrated into Windows 10 and supplemented by a cloud backend, it won't require costly infrastructure upgrades. Right now, it's in a private preview with a set number of organizations, securing about 500,000 devices. In the future, Microsoft will make it more broadly available to members of the Windows Insider Program, so they can provide feedback.

Once this is done, Windows Defender ATP will be rolled out to the public.

Av Gurus

Level 29
Malware Hunter
Source: Announcing Windows Defender Advanced Threat Protection

"We designed Windows 10 from the very beginning to be our most secure platform ever. With features like Credential Guard, Device Guard, Windows Hello, and Enterprise Data Protection, Windows 10 offers unique defenses from attacks. Windows Defender, our free anti-malware service, provides protection to almost 300 million devices – every day. And Windows continues to raise the defenses in the system every month as any security issues are investigated and proactively updated through Windows Update.

This ongoing commitment to security has led to strong demand from enterprise customers. From the Department of Defense, which is adopting Windows 10 across all branches of service, starting this year with 4 million devices – to NASCAR to Virgin Atlantic to schools all over the world – we’re excited to see customers with the most demanding requirements move to Windows 10 faster than ever before.

Today, we announce the next step in our efforts to protect our enterprise customers, with a new service, Windows Defender Advanced Threat Protection.

We encourage our customers to upgrade to Windows 10 for our most advanced security protection, with the opportunity to take advantage of Windows Defender Advanced Threat Protection when it becomes available more broadly this year. We are excited to offer this service to protect our customers."

Mod Edit: Merged.
Last edited by a moderator:


Level 17
Great! I hope this will benefit home users too. It's vital now, as more transactions are done online day by day and users expose more sensitive information on the net. It's a bigger deal now that it was some years ago and it's good to see Microsoft heading towards the right direction.


Level 61
Great additional enhancement on Windows Defender but still question remains to be unanswered if Microsoft is willing to break the all boundaries where they will overcome other security products throughout some categories.

They can handle zero day threats and other common viruses/malware; it needs to be consistent on all around.