Competing against the accelerating evolution of cyber threats

From C-level executives to Security Operations professionals, businesses are overwhelmed with the rapid pace that new cyber threats are released in the wild. Endpoint security is a key boardroom-level concern.  In November 2015, 71% of C-level IT and security executives put endpoint security at the top of their most vulnerable list [1].

The growing concern is attributed to an emerging threat of sophisticated attacks targeting intellectual property and high business impact (HBI) information. Traditional defenses are rendered ineffective and executives are not confident with the security measures they have in place. A new approach is required. When asked, 82% of C-level IT executives expressed a need for deeper endpoint analytics capabilities that will help with breach detection and response [2].

Unlike pre-breach, post-breach assumes a break has already occurred – acting as a flight recorder and Crime Scene Investigator (CSI). It monitors security events on the endpoint and leverages large-scale correlation and anomaly detection algorithms to alert on evidence of an ongoing attack. Post-breach leverages the attacker’s need to perform multiple actions after the initial breach, such as reconnaissance, hiding and moving across the network to locate high-value assets, and executing information extraction. Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar.

Microsoft’s post-breach solution, Windows Defender Advanced Threat Protection, unifies your endpoint security stack by putting Windows 10 Threat and Exploit Protection and Endpoint Detection and Response (EDR) under one roof.  Through machine learning, behavior analytics, and Microsoft’s global optics, Windows 10 built-in security controls are no longer acting in isolation.  Instead, they become connected, smarter, and more manageable. It involves a single console to centrally manage end-to-end security management lifecycle, and Security Analytics provide visibility into security posture along with providing recommendations for improvements.

While detecting threats is half the battle, security teams are struggling to follow up on the volume of alerts they see. Research from analyst firm EMA found that 88% of organizations receive up to 500 alerts per day that are classified as “severe” or “critical,” and 60% only had three to five full-time employees working those alerts. Eighty-eight per cent of participants said their teams could investigate only 25 or fewer severe/critical events per day. This leaves what David Monahan, research director for Security and Risk Management at EMA, calls “a huge, and frankly insurmountable, daily gap.”

Microsoft has integrated Hexadite’s innovative security automation technology into Windows Defender ATP. This enables Windows Defender ATP to leverage state-of-the-art AI technology to solve alert volume challenges.  Windows Defender ATP automatically investigates alerts, applies artificial intelligence to determine whether a threat is real, and determines what action to take – going from alert to remediation in minutes and at scale. With this addition, Windows Defender ATP now covers the end-to-end threat lifecycle from detection to investigation and response automatically.

With the new security automation capabilities, Windows Defender ATP can not only find breaches; it can fix them. These actions can be run automatically for simple, clear-cut cases, or can be reviewed prior to execution. Either way, time and effort are saved by SecOps, enabling those talented professionals to focus on more complex and strategic problems.

You can find out more about post-Breach security in this free webinar and download a free 90-day trial for Windows Defender Advanced Threat Protection.

[1] promisec Blog: Endpoint Security Infographic

[2] promisec Blog: Endpoint Security Infographic