This fall, Microsoft will be releasing a new build of Windows 10 called the Fall Creators Update and while the company has announced features for consumers, it has been quiet on the enterprise front. That changes today as the company is announcing a couple of new security enhancements for the platform that will arrive this fall when the new update starts shipping.
Starting with the Redstone 3 release (Fall Creators Update) Microsoft will finally integrate Windows Defender ATP across the entire threat protection stack which includes protecting, detection, and response pillars. The new centralized management component offers increased visibility and also new Security Analytics that will review Windows security feature utilization and configurations as well as Windows 10 security patch status across Windows 10 endpoints to provide improved visibility into the current status of your network.
Windows Defender Exploit Guard, which I wrote about a few weeks back, is on the agenda for the upcoming release as well. This new feature will make Enhanced Mitigation Experience Toolkit (EMET) native to Windows 10.
Exploit Guard introduces new capabilities that makes exploiting vulnerabilities more difficult and also introduces a new class of intrusion prevention rules derived from the Microsoft Intelligent Security Graph that will limit the threat of advanced attacks including zero day exploits. The goal of this feature is to make the once difficult process of defining the rule-set for attack mitigation that required significant expertise and time to craft, easier to integrate into your environment.
Last year at Ignite, Microsoft announced Windows Defender Application Guard and the feature was expected to arrive with Redstone 2. Seeing as that deadline has come and gone, this security enhancement will be shipped with Redstone 3. This feature will protect your environment if a local user downloads malicious applications from the Internet or a zero-day exploit is encounter in the browser; WDAG is able to isolate the machine from the rest of the network and stop the malicious applications/intruders from reaching other areas of your infrastructure.
For those that are using Windows Defender Device Guard, this feature will now be integrated into Windows Defender ATP’s response capabilities to improve the process of managing the safe application lists.
Microsoft is pitching that they are including all these new security features out of the box without the need to install third-party applications or agents. This is notable as the company has come under fire from Kaspersky who is challenging the company in Europe of anti-competitive practices as that company also sells anti-virus software and are now facing serious pressure from Microsoft.
What the Redmond-based company is doing with their security suite of services is using the immunity through community model. Because they have created what they call ‘graphs’, this provides what is likely the most robust data set of security related incidents available to any company. By harnessing all the users of the Windows environment, if one user is impacted by a new virus or exploit, protection can be immediately deployed to every other user to stop the malicious application from spreading to new users through the Microsoft Graph.
Microsoft is using this type of security mentality on many of its Enterprise products including Office, Windows, and Server. And it’s this type of service that few companies other than Microsoft can offer and is the primary differentiator between its E3 and E5 SKUs.
With Microsoft releasing two feature updates per year, the company doesn’t need each release to have a blockbuster feature but instead needs a few small iterative updates that, over time, make for significant enhancements to the platform. Since the release of Windows 10 in July 2015, Microsoft has been building the foundation of its security service model in its productivity software that the company hopes will provide the long-term stability in this segment as the desktop PC market reaches maturity.