What's new

Microsoft unveils new Windows 10 threat protection service


Super Moderator
Staff member
Microsoft's coming Windows Defender Advanced Threat Protection service will be built into Windows 10 for enterprise users to detect and respond to more sophisticated attacks.

By Mary Jo Foley for All About Microsoft | March 1, 2016 -- 11:06 GMT (03:06 PST)

Microsoft is working on Windows Defender Advanced Threat Protection, a new service aimed at enterprises for detecting and responding to advanced attacks.

The client piece of the service will be built into Windows 10, and will be available soon to Windows Insiders as part of a "Redstone" preview test build, officials said.

Microsoft already offers an antivirus service called Windows Defender. It originally was a free download for Windows XP, and is currently built into Windows 10.

Windows Defender Advanced Threat Protection, codenamed "Seville," goes beyond what's in plain old Defender. It is a post-breach service meant to help detect threats that have made it past other defenses, provide users with means to investigate breaches and offer suggested responses.

The coming service makes use of an "intelligent security graph" that Microsoft is building in its Azure cloud. That graph includes non-personally identifiable data; files that are being detonated daily; and threat analysis data collected from sensors, as well as security experts inside and outside Microsoft from around the world.

The service is something Microsoft built itself and not something based on technology it acquired from any companies it has acquired, said Windows and Devices chief Terry Myerson. It builds on machine-intelligence work from the Azure team. It is a complement to the existing email protection services from Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.

Myerson said "security is driving the interest" for Windows 10 among enterprise customers.

Enterprises using the new service will decide which machines on their network to opt into the service and data collected will be examined against patterns from the cloud. IT will get access to a dashboard that will indicate which machines are "probably" compromised, Myerson said.

Windows Defender Advanced Threat Protection customers will be able to specify particular files to detonate by opening those files in a virtual machine in Microsoft's cloud, not on their own networks. (I believe this distributed malware detonation service is what has been known internally as "Project Sonar," and which I blogged about a year ago.)

Myerson said the company hasn't yet made decisions about which versions of Windows 10 will incorporate the service, though it is for businesses and not consumers. He declined to specify target general availability dates, but I've heard from my sources the current plan is to deliver this in the third calendar quarter of 2016.