Discover vulnerabilities and in real-time
Microsoft, it's the name you know. The tech giant also provides a complete endpoint detection and response platform deployed in the cloud. Microsoft ATP has been named a leading endpoint protection service by Gartner in 2019 for its cloud security analytics, threat intelligence capabilities, endpoint behavioral sensors, and automation.
Their platform is unique in that it is the only tool that currently provides built-in endpoint protection capabilities integrated with its operating system.
Microsoft Defender Advanced Threat Protection is particularly favored by organizations that are looking to simplify their tools and subscriptions.
Cloud Security Analytics
Microsoft ATP leverages machine learning, enterprise cloud products (i.e., Office 365), online assets, behavior signals to present valuable insights and remediation steps.
Threat Intelligence
Microsoft's hunters and various intelligence sources culminate in Microsoft ATP to identify attacker tools, techniques, and procedures (TTPs) and alert customers.
Endpoint Behavioral Sensors
Understanding behavioral patterns in network access and IT infrastructure also aids in threat detection initiatives. Behaviors sensors are embedded in Windows 10, collecting and processing signals from the operating system. The data is then sent to a client's private cloud environment for security teams to assess.
Microsoft Defender Advanced Threat Protection Features Overview
Attack Surface Reduction
As the first line of defense for Microsoft ATP, attack surface reduction capabilities ensure the configuration is set correctly. This feature includes network protection and web protection, regulating access to malicious IP addresses, domains, and URLs.
Endpoint Detection and Response
Detect, investigate, and respond to advanced threats with Microsoft ATP's endpoint detection and response capabilities. Building on the "assume breach" mindset, the platform continuously collects behavioral telemetry in six-month periods for historical analysis.
Automated Investigations and Remediation
Reduce the number of false-positives and volume of alerts with Microsoft ATP. The endpoint platform utilizes algorithms and processes (playbooks) to examine alerts and take action immediately to remediate to resolve breaches. Automated investigations are listed for teams, compiled for teams to review.
Threat & Vulnerability Management
The cloud-based nature of Microsoft ATP ensures it can be integrated into hybrid and multi-cloud environments as a security information event and management (SIEM) tool. Microsoft ATP can be integrated into diverse workflows across an enterprise network to ensure business operations are always secure.
Configuration Score
Formerly Secure Score, Microsoft ATP's Configuration score is a part of their platform's Threat & Vulnerability Management dashboard. The ranking reflects the security of applications, operating systems, the network, accounts, and security controls. The higher the score, the more resilient your endpoints are.
Microsoft Threat Experts
As an added managed detection and response service, Microsoft provides on-demand threat experts. Their threat experts come from the Microsoft Defender Security Center and can provide additional clarity on alerts, provide next steps, determine risk and protection in regards to techniques, and seamlessly transition to Microsoft Incident Response or a third-party IR service. Customers have to apply for the Microsoft Threat Experts service to receive a 90-day trial and then pay for a subscription.
Additional Microsoft Services and Solution Integrations
Microsoft offers a wide array of integrated solutions and cloud-based services. Microsoft ATP's compatibility with Office365, Azure suite, Skype, and Microsoft Cloud Services make it a powerhouse in endpoint protection.
Azure Advanced Threat Protection (Azure ATP)
Integrating Azure ATP provides flexibility for performing investigations across activities and identities.
Azure Security Center
Microsoft Defender Advanced Threat Protection is able to protect servers, including EDR capabilities on Windows Servers.
Azure Information Protection
Sensitive data can be secured through Azure Information Protection and Microsoft ATP.
Conditional Access
The Conditional Access evaluation is integrated into Microsoft ATP, making sure only secure devices have access to organization resources.
Cloud App Security
Microsoft Cloud App Security leverages Microsoft ATP's endpoint signals to provide direct visibility into cloud application usage. Detect unsupported cloud services (shadow IT) from all Microsoft ATP monitored machines.
Office 365 Advanced Threat Protection (Office 365 ATP)
Add in Office 365 Advanced Threat Protection to protect your organization from malware and phishing. The integration enables analysts to investigate entry points of attacks to better contain and block threats.
Skype for Business
Integrate Microsoft ATP with Skype for Business to allow analysts to communicate with a compromised device through a user-friendly portal.