Windows Defender is built into Windows 10 as a core feature, and already offers basic threat detection for all those running the operating system. But on the request of many of its customers, Microsoft is leveraging machine learning to detect threats faster than ever before.
The first step of combating and threat is registering that an attack has taken place. This can take up to 200 days with traditional techniques in some enterprises, according to Microsoft research, so its new system hopes to do it much faster. Looking back at the last six months of system logs and activities, ATP can detect when non-typical activity takes place, allowing for manual follow ups to confirm the breach.
There’s even simplified investigation tools that circumvent the need to look through raw log files, and the ability to send files and URLs to isolated virtual machines for deeper examination. This will help responders to correctly formulate a plan to deal with the breach and figure out a method to close up the flaw in security that allowed it to take place.
The big reason Microsoft is excited for ATP, though, is that it sits alongside Windows Defender and other anti-virus and anti-malware tools without intrusion. Since it operates in a different manner, it can augment existing security, and due to its regular updates through the Windows 10 Insider program, it will be kept at the forefront of detection and malware combat.
This means there’s zero deployment cost or effort on the enterprise end, which many businesses will appreciate.
Already deployed in more than 500,000 test cases, Microsoft hopes that this added feature will encourage other businesses and individuals to switch over to Windows 10 now, with a look to enjoy the benefits of ATP in the near future.