Autoremediation Capabilities Coming to Windows Defender Advanced Threat Protection Service This Year
Windows Defender Advanced Threat Protection (ATP) will soon be able of fixing security issues, instead of just detecting them.
Initially, the Windows Defender ATP service was described by Microsoft as a post-breach analysis tool to be used after an organization had experienced a security issue. Microsoft combines machine learning and security personnel expertise to deliver this forensics support with the service.
However, Microsoft has been working to integrate the service with security automation and remediation technology it acquired when it bought Hexadite, making Windows Defender ATP a tool that can fix security problems, too. Today Microsoft announced that it has completed that integration work. A preview of Windows Defender ATP with the new autoremediation capabilities is expected to be available sometime "later this year," Microsoft's announcement indicated.
The integrated Hexadite technology is designed to take over the forensic work that typically might have been done manually by humans. It uses artificial intelligence technology as part of that process.
Here's how Microsoft's announcement described it:
This [integration of Hexadite's technology] enables Windows Defender ATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting Windows Defender ATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale. With this addition, Windows Defender ATP now covers the end-to-end threat lifecycle from detection to investigation and response automatically.
In late June, Microsoft described a forthcoming "Windows Defender ATP console" that will provide a single-pane security view, showing information from new security features. For instance, it'll show information from Windows Defender Exploit Guard (which blocks macros and executable files) and Windows Defender Application Guard (which protects the operating system from potentially malicious Web content at untrusted sites), among other such integrations. This "smarter" console is expected to appear with arrival of the Windows 10 "fall creators update," which Microsoft indicated would be available on Oct. 17.
The Windows Defender ATP service is currently available to Microsoft 365 Enterprise E5 subscribers, as shown in the table here, although the Hexadite technology aspect is yet to come. Microsoft recently changed its licensing branding to "Microsoft 365" from its older "Secure Productive Enterprise" name. For background on that switch, see this article.
Windows Defender ATP first reached "general availability" status last year when Microsoft released the Windows 10 "anniversary update," according to a Microsoft spokesperson. However, the service still gets new features added, which typically arrive in preview form first.
Microsoft's future plans for Windows Defender ATP include support for Windows Server products as well, "starting with Windows Server 2012 R2 and 2016 releases," Microsoft had indicated back in late June. In addition, Windows Defender ATP support is being planned for "more platforms beyond Windows," Microsoft had said.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.