<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">
8478

Discover vulnerabilities and in real-time

microsoft defender advanced threat protection logo transparent pngMicrosoft, it's the name you know. The tech giant also provides a complete endpoint detection and response platform deployed in the cloud. Microsoft ATP has been named a leading endpoint protection service by Gartner in 2019 for its cloud security analytics, threat intelligence capabilities, endpoint behavioral sensors, and automation.

Their platform is unique in that it is the only tool that currently provides built-in endpoint protection capabilities integrated with its operating system.

Microsoft Defender Advanced Threat Protection is particularly favored by organizations that are looking to simplify their tools and subscriptions.

Cloud Security Analytics

Microsoft ATP leverages machine learning, enterprise cloud products (i.e., Office 365), online assets, behavior signals to present valuable insights and remediation steps.

Threat Intelligence

Microsoft's hunters and various intelligence sources culminate in Microsoft ATP to identify attacker tools, techniques, and procedures (TTPs) and alert customers.

Endpoint Behavioral Sensors

Understanding behavioral patterns in network access and IT infrastructure also aids in threat detection initiatives. Behaviors sensors are embedded in Windows 10, collecting and processing signals from the operating system. The data is then sent to a client's private cloud environment for security teams to assess.

 

Microsoft Defender Advanced Threat Protection Features Overview

Attack Surface Reduction

As the first line of defense for Microsoft ATP, attack surface reduction capabilities ensure the configuration is set correctly. This feature includes network protection and web protection, regulating access to malicious IP addresses, domains, and URLs.

Endpoint Detection and Response

Detect, investigate, and respond to advanced threats with Microsoft ATP's endpoint detection and response capabilities. Building on the "assume breach" mindset, the platform continuously collects behavioral telemetry in six-month periods for historical analysis.

Automated Investigations and Remediation

Reduce the number of false-positives and volume of alerts with Microsoft ATP. The endpoint platform utilizes algorithms and processes (playbooks) to examine alerts and take action immediately to remediate to resolve breaches. Automated investigations are listed for teams, compiled for teams to review.

Threat & Vulnerability Management

The cloud-based nature of Microsoft ATP ensures it can be integrated into hybrid and multi-cloud environments as a security information event and management (SIEM) tool. Microsoft ATP can be integrated into diverse workflows across an enterprise network to ensure business operations are always secure.

Configuration Score

Formerly Secure Score, Microsoft ATP's Configuration score is a part of their platform's Threat & Vulnerability Management dashboard. The ranking reflects the security of applications, operating systems, the network, accounts, and security controls. The higher the score, the more resilient your endpoints are.

Microsoft Threat Experts

As an added managed detection and response service, Microsoft provides on-demand threat experts. Their threat experts come from the Microsoft Defender Security Center and can provide additional clarity on alerts, provide next steps, determine risk and protection in regards to techniques, and seamlessly transition to Microsoft Incident Response or a third-party IR service. Customers have to apply for the Microsoft Threat Experts service to receive a 90-day trial and then pay for a subscription.

 

Additional Microsoft Services and Solution Integrations

Microsoft offers a wide array of integrated solutions and cloud-based services. Microsoft ATP's compatibility with Office365, Azure suite, Skype, and Microsoft Cloud Services make it a powerhouse in endpoint protection.

Azure Advanced Threat Protection (Azure ATP)

Integrating Azure ATP provides flexibility for performing investigations across activities and identities.

Azure Security Center

Microsoft Defender Advanced Threat Protection is able to protect servers, including EDR capabilities on Windows Servers.

Azure Information Protection

Sensitive data can be secured through Azure Information Protection and Microsoft ATP.

Conditional Access

The Conditional Access evaluation is integrated into Microsoft ATP, making sure only secure devices have access to organization resources.

Cloud App Security

Microsoft Cloud App Security leverages Microsoft ATP's endpoint signals to provide direct visibility into cloud application usage. Detect unsupported cloud services (shadow IT) from all Microsoft ATP monitored machines.

Office 365 Advanced Threat Protection (Office 365 ATP)

Add in Office 365 Advanced Threat Protection to protect your organization from malware and phishing. The integration enables analysts to investigate entry points of attacks to better contain and block threats.

Skype for Business

Integrate Microsoft ATP with Skype for Business to allow analysts to communicate with a compromised device through a user-friendly portal.

Interested in Microsoft Defender Advanced Threat Protection?

Simply fill out the form and we will have one of our experts reach out to answer any questions you may have.

OR
Contact us

Datashield, a Lumifi company, has been a leading managed cybersecurity services provider for over a decade. Our consultative process and approach to managed detection and response help our clients establish a truly resilient cybersecurity strategy.

 

Contact Us

 

Providing Managed Detection and Response (MDR), Outsourced SOC, SOC as a Service, Threat Hunting, Threat Validation, Threat Remediation, Endpoint Detection and Response (EDR), Email Protection, Device Configuration & Tuning, Vulnerability Management, Perimeter Defense and more.
Services
Technology
Company

© Copyright 2020 DATASHIELD. All rights reserved.