Microsoft is currently testing its next major Windows 10 update with its Insider community, ahead of its release later this year as the Fall Creators Update. Insiders have already got a taste of what to expect from that update in recent previews, and Microsoft has also revealed details of the accessibility improvements that it will bring.
Today, Microsoft announced the "next generation security" features coming in the Fall Creators Update, promising that they'll "make life harder for the bad guys."
Microsoft will be integrating Windows Defender Advanced Threat Protection (ATP) "across the whole Windows threat protection stack to protect, detect and respond with rich, centralized management." Earlier this month, the company announced its planned acquisition of Hexadite, to "deliver a new generation of security capabilities", and said that its automatic incident detection, investigation and remediation solutions would be integrated into ATP, although it's not yet clear if that process will be completed by the time the Fall Creators Update is released.
Microsoft says it's "hardening the Windows platform" with additional capabilities, including Windows Defender Exploit Guard, a new feature making EMET [Enhanced Mitigation Experience Toolkit] native to Windows 10." It explained:
By integrating the power of EMET along with new vulnerability mitigations, Exploit Guard includes prevention capabilities that help make vulnerabilities dramatically more difficult to exploit. In addition Exploit Guard delivers a new class of capabilities for intrusion prevention.
Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organziations from advanced threats, including zero day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective.
Windows Defender Application Guard will "isolate and contain the threat" if a user on a corporate network accidentally downloads malicious software via their browser, or if a zero day exploit is encountered. "WDAG isolates and contains the threat, securing your devices, apps, data and network," Microsoft's Rob Lefferts said today. "Windows Defender ATP will provide optics on detection and response so Sec-Ops will have full visibility to any threats that have been encountered."
Windows Defender Device Guard will enhance application control with new integration into ATP, "streamlining the management of the safe application lists to ease customer adoption through automation."
Microsoft also touted the machine learning capabilities of its cloud platform in helping users to stay better protected with Windows Defender Antivirus. "With its cloud based protection and its rich behavioral and ML models, Windows Defender Antivirus is able to render verdicts on malware in seconds, even the very first time the malware has been seen," Lefferts said.
And on top of these new threat detection and protection tools, Microsoft is also enhancing the analytics experience for network administrators:
New Security Analytics capabilities will analyze Windows security feature utilization and configurations as well as Windows 10 security patch status across Windows 10 end points. New developer APIs will create opportunities for our customers and developers to automate systems with all the rich data from alerts, machines timelines, file and user data as well as enable external systems to instruct Windows Defender ATP to programmatically perform remediation actions.
You can find out more about the new features in Windows Defender Advanced Threat Protection in this Windows Security blog post on Microsoft TechNet. You can also get a further overview of how Microsoft is improving security for businesses in Windows 10 in the video below:
Source: Windows Blog