{"id":15617,"date":"2019-06-25T20:46:31","date_gmt":"2019-06-26T04:46:31","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/06\/25\/news-9366\/"},"modified":"2019-06-25T20:46:31","modified_gmt":"2019-06-26T04:46:31","slug":"news-9366","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/06\/25\/news-9366\/","title":{"rendered":"The evolution of Microsoft Threat Protection, June update"},"content":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Thu, 20 Jun 2019 16:10:35 +0000<\/strong><\/p>\n<p>Since <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\" target=\"_blank\" rel=\"noopener\">our announcement of Microsoft Threat Protection<\/a> at Microsoft Ignite, our goal has been to execute and deliver on our promise of helping organizations protect themselves from today\u2019s sophisticated and complex threat landscape. As we close out our fiscal year, we\u2019ve continued progress on developing Microsoft Threat Protection, launching new capabilities and services. Hopefully, you\u2019ve had a chance to follow our <a href=\"https:\/\/www.microsoft.com\/security\/blog\/the-evolution-of-microsoft-threat-protection\/\" target=\"_blank\" rel=\"noopener\">monthly updates<\/a>.<\/p>\n<p>As we <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/05\/14\/executing-vision-microsoft-threat-protection\/\" target=\"_blank\" rel=\"noopener\">previously<\/a> shared, Microsoft Threat Protection enables your organization to:<\/p>\n<ul>\n<li><strong>Protect its assets <\/strong>from unauthorized users, devices, and apps <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/04\/25\/microsoft-threat-protection-april-update\/\" target=\"_blank\" rel=\"noopener\">with identity-driven security and powerful conditional access policies<\/a>.<\/li>\n<li><strong>Connect the dots<\/strong> between threat signals and develop <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/See-How-Microsoft-Threat-Protection-is-the-Future-of-threat\/ba-p\/360197\" target=\"_blank\" rel=\"noopener\">threat incidents<\/a> by grouping alerts from different parts of your environment, stitching together the elements of a threat.<\/li>\n<li><strong>Empower your defenders<\/strong> by providing in-depth analysis to identify the full scope and impact of a threat.<\/li>\n<\/ul>\n<p>This month, we want to share new capabilities that are starting public previews.<\/p>\n<h3>Efficient remediation and response for identity threats<\/h3>\n<p>Presently, efficient and effective response to identity threats is crucial, and Microsoft Threat Protection is built on the industry\u2019s <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/04\/25\/microsoft-threat-protection-april-update\/\" target=\"_blank\" rel=\"noopener\">most widely used and comprehensive identity security service<\/a>. As more organizations adopt hybrid environments, data is spread across multiple applications, is on-premises and in the cloud, and is accessed by multiple devices (often personal devices) and users. Most organizations no longer have a <em>defined<\/em> network perimeter, making traditional security tools obsolete. Identity is the control plane that is consistent across all elements of the modern organization.<\/p>\n<p>At RSA, <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/03\/14\/evolution-microsoft-threat-protection-rsa-edition-2\/\" target=\"_blank\" rel=\"noopener\">we announced<\/a> a new unified Identity Threat Investigation experience between Azure Active Directory (Azure AD) Identity Protection, Azure Advanced Threat Protection (ATP), and <a href=\"https:\/\/www.microsoft.com\/en-us\/enterprise-mobility-security\/cloud-app-security\" target=\"_blank\" rel=\"noopener\">Microsoft Cloud App Security<\/a>. This experience will go into public preview this month.<\/p>\n<p>Part of the new experience is enabled through Azure AD\u2019s new integration with <a href=\"https:\/\/azure.microsoft.com\/en-us\/features\/azure-advanced-threat-protection\/\" target=\"_blank\" rel=\"noopener\">Azure ATP<\/a>. Also, integration between Azure AD and Microsoft Cloud App Security enables continuous monitoring of user behavior from sign-in through the entire session. Microsoft Threat Protection\u2019s identity services leverage user behavior analytics to create a dynamic <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Introducing-Investigation-Priority-built-on-User-and-Entity\/ba-p\/360853\" target=\"_blank\" rel=\"noopener\">investigation priority score<\/a> (Figure 1) based off signal from Azure AD, Microsoft Cloud App Security, and Azure ATP. The investigation priority is calculated by assessing security alerts, abnormal activities, and potential business and asset impact related to each user. This score can help Security Operations (SecOps) teams focus and respond to the top user threats in the organization.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Microsoft-Threat-Protection-June-update-1b.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89551 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Microsoft-Threat-Protection-June-update-1b.png\" alt=\"\" width=\"1433\" height=\"780\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Microsoft-Threat-Protection-June-update-1b.png 1433w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Microsoft-Threat-Protection-June-update-1b-300x163.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Microsoft-Threat-Protection-June-update-1b-768x418.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Microsoft-Threat-Protection-June-update-1b-1024x557.png 1024w\" sizes=\"auto, (max-width: 1433px) 100vw, 1433px\" \/><\/a><\/p>\n<p><em>Figure 1. The investigation priority view.<\/em><\/p>\n<p>To learn more, read <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/06\/20\/investigating-identity-threats-hybrid-cloud-environments\/\" target=\"_blank\" rel=\"noopener\">Investigating identity threats in hybrid cloud environments<\/a>.<\/p>\n<h3>Game-changing capabilities for endpoint security<\/h3>\n<p>Every month, Microsoft Threat Protection detects over 5 billion endpoint threats through its Microsoft Defender ATP service. Customers have long asked us to extend our industry-leading endpoint security beyond the Windows OS. This was a major driving force for us to deliver endpoint security natively for macOS in limited preview earlier this year. We\u2019re excited <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Windows-Defender-ATP\/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview\/ba-p\/634603\" target=\"_blank\" rel=\"noopener\">to announce<\/a> that Microsoft Defender ATP for macOS is in public preview.<\/p>\n<p>Microsoft Threat Protection\u00a0customers who have turned on the <a href=\"https:\/\/docs.microsoft.com\/windows\/security\/threat-protection\/microsoft-defender-atp\/preview\" target=\"_blank\" rel=\"noopener\">Microsoft Defender ATP preview features<\/a>\u00a0can access Microsoft Defender ATP for Mac via the\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/microsoft-defender-atp\/onboard-configure\" target=\"_blank\" rel=\"noopener\">onboarding section<\/a>\u00a0in the Microsoft Defender Security Center. For more information and resources, including system requirements, prerequisites, and a list of improvements and new features, check out the\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-antivirus\/microsoft-defender-atp-mac\" target=\"_blank\" rel=\"noopener\">Microsoft Defender ATP for Mac documentation<\/a>.<\/p>\n<p>To further enhance your endpoint security, &#8220;live response,&#8221; our new incident response action for SecOps teams, is currently in <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Windows-Defender-ATP\/Incident-response-at-your-fingertips-with-Microsoft-Defender-ATP\/ba-p\/614894\" target=\"_blank\" rel=\"noopener\">public preview.<\/a> Today, your\u00a0employees often\u00a0work beyond the corporate network boundary, whether from home or while traveling. The risk for compromise\u00a0is potentially\u00a0higher when a user is remote. Imagine the executive who\u00a0connects their laptop to hotel Wi-Fi\u00a0and\u00a0is compromised. With current endpoint security services, SecOps would\u00a0need to wait until the\u00a0executive got\u00a0back to the office, leaving a high-value laptop exposed.\u00a0With our new live response, SecOps teams gain instant access to a compromised machine regardless of location,\u00a0as well as the ability to gather any required forensic information.<\/p>\n<p>This powerful\u00a0feature allows you to:<\/p>\n<ul>\n<li>Gather\u00a0a snapshot\u00a0of connections,\u00a0drivers,\u00a0scheduled tasks,\u00a0and\u00a0services,\u00a0as\u00a0well\u00a0as\u00a0search for\u00a0specific files or\u00a0request\u00a0file analysis\u00a0to reach a\u00a0verdict\u00a0(clean,\u00a0malicious, or\u00a0suspicious).<\/li>\n<li>Download malware files for reverse-engineering.<\/li>\n<li>Create a tenant-level library of\u00a0forensic tools\u00a0like\u00a0PowerShell scripts and\u00a0third-party\u00a0binaries that allows\u00a0SecOps to\u00a0gather forensic\u00a0information\u00a0like the\u00a0MFT table, firewall logs, event logs,\u00a0process memory dumps, and more.<\/li>\n<li>Run remediation\u00a0activities\u00a0such as quarantine file,\u00a0stop\u00a0process, remove registry, remove scheduled task,\u00a0and more.<\/li>\n<\/ul>\n<p>To learn\u00a0more,\u00a0try\u00a0the\u00a0live response\u00a0<a href=\"https:\/\/securitycenter.windows.com\/tutorials\" target=\"_blank\" rel=\"noopener\">DIY<\/a>\u00a0or read <a href=\"https:\/\/docs.microsoft.com\/windows\/security\/threat-protection\/microsoft-defender-atp\/live-response\" target=\"_blank\" rel=\"noopener\">Investigate entities on machines using live response<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Microsoft-Threat-Protection-June-update-2.gif\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89552 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Microsoft-Threat-Protection-June-update-2.gif\" alt=\"\" width=\"999\" height=\"430\" \/><\/a><\/p>\n<p><em>Figure 2. Run remediation commands.<\/em><\/p>\n<h3>Experience the evolution of Microsoft Threat Protection<\/h3>\n<p>Take a moment to\u00a0<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\" target=\"_blank\" rel=\"noopener\">learn more about Microsoft Threat Protection<\/a>, read our previous\u00a0<a href=\"https:\/\/www.microsoft.com\/security\/blog\/the-evolution-of-microsoft-threat-protection\/\" target=\"_blank\" rel=\"noopener\">monthly updates<\/a>, and visit\u00a0the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/technology\/threat-protection\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Protection webpage<\/a>.\u00a0Organizations, like <a href=\"https:\/\/customers.microsoft.com\/en-us\/story\/telit-professional-services-microsoft-365\" target=\"_blank\" rel=\"noopener\">Telit<\/a>, have already transitioned to Microsoft Threat Protection and our <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/What-s-New\/SecOps-is-more-effective-thanks-to-Microsoft-Windows-Defender\/m-p\/272925#M145\" target=\"_blank\" rel=\"noopener\">partners<\/a> are also leveraging its powerful capabilities.<\/p>\n<p>Begin a trial of Microsoft Threat Protection services, which also includes our newly launched SIEM, Azure Sentinel, to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/enterprise-mobility-security\/mtptrial\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Protection trial<\/a><\/li>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/free\/\" target=\"_blank\" rel=\"noopener\">Microsoft Azure Sentinel<\/a><\/li>\n<\/ul>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/06\/20\/evolution-of-microsoft-threat-protection-june-update\/\">The evolution of Microsoft Threat Protection, June update<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/06\/20\/evolution-of-microsoft-threat-protection-june-update\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Thu, 20 Jun 2019 16:10:35 +0000<\/strong><\/p>\n<p>Learn about new Microsoft Threat Protection capabilities now in public preview.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/06\/20\/evolution-of-microsoft-threat-protection-june-update\/\">The evolution of Microsoft Threat Protection, June update<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[21482,21869,21871,21494],"class_list":["post-15617","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-endpoint-security","tag-evolution-of-microsoft-threat-protection","tag-evolution-of-microsoft-threat-protection-page","tag-microsoft-cloud-app-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15617","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15617"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15617\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15617"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}