Windows Defender Advanced Threat Protection To Receive Additional Safeguards
Microsoft this week announced that protection services from Bitdefender, Lookout and Ziften will be added to its Windows Defender Advanced Threat Protection (ATP) service.
Windows Defender ATP is Microsoft's post-breach analysis service that uses machine learning and expert analysis to provide security forensics information for organizations. It also will get autoremediation capabilities, which are expected to arrive later this year. The partnerships announced today will light up Windows Defender Security Center as a single pane for viewing security analyses coming from Windows Defender ATP as well as from security partner solutions.
Bitdefender, Lookout and Ziften are "the first of several strategic partnerships coming for Windows Defender ATP," Microsoft's announcement stated. Currently their integrated solutions are available at the preview stage.
Bitdefender GravityZone Cloud is integrated with Windows Defender ATP at the public preview stage, adding protection for Mac and Linux devices. The Bitdefender GravityZone Cloud service applies machine learning to "predict and block advanced attacks," according to Bitdefender's description. Users can "view comprehensive threat intelligence information on malware and suspicious files, such as threat type, threat category, and many other relevant details," Microsoft's announcement indicated. The integrated solution also adds "real-time" protection against malware, according to Deepakeswaran Kolingivadi, group product manager at Bitdefender.
"Bitdefender's Gravityzone Advanced Business Security for Mac and Linux offers comprehensive protection in real-time by using sophisticated machine learning models to detect and stop malware in their pre-execution stage," Kolingivadi explained, via e-mail. The solution addresses problems like ransomware, advanced persistent threats, backdoors, key-loggers and potentially unwanted applications, he added.
The Lookout Mobile Endpoint Security integration with Windows Defender ATP is at the preview stage and will add protection for Android and iOS mobile devices. It specifically adds protections for "app, device, network and web and content vectors." When integrated, users will see analytics and alerts in the Windows Defender ATP console. Lookout expects the integrated products will be "generally available by early 2018," but it's possible to sign up for an early preview, according to Lookout's announcement.
Ziften also is offering a preview (with signup) of its Windows Defender ATP integration. The integration of the Ziften Zenith systems and security operations platform provides added protection for advanced attacks on macOS and Linux devices. It adds "post-breach detection, investigation, and response to any asset, anywhere," according to Ziften's announcement.
Windows Defender ATP has the ability to track individual device event history "for up to six months," according to Microsoft. Organizations also get search capabilities across this historical data "across all their endpoints."
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.