Category: Windows defender

My Session at Economic Times–Microsoft Security 360 Conclave

ETCISO.in and Microsoft organized a one-day conclave to enable CISOs enhance their security stance in the era of flux and transformation. The conclave served as a platform for top CISOs and security experts to deliberate on the latest opportunities, challenges and trends in the enterprise cybersecurity space.

It was really speaking at this event on “ Top Security Myth busters” which was all about various myths within the security community and in organizations for their internal cyber security and compare them with things happening in reality. This session also had some demos on some of Microsoft’s investments in threat detection capabilities and remediation accross Email Security, Endpoint Security and Identity protection.

If you happened to attend this event in person,  I really hope you liked it.

If you couldn’t attend it in person, the sessions were streamed LIVE and now available On-Demand below.

My Session starts at ~ 4:28:00

Cheers,

Iftekhar



My Book Project : Windows 10 for Enterprise Administrators

[Post Migrated from TechNet]

With more and more customers adopting Windows 10 as preferred Operating System as their preferred platform for their Endpoint Devices, the need of upgrading skills for our IT administrators with the know how of new tools, upgrade strategies, deployment of new features/capabilities and ongoing management of Windows 10 devices is definitely catching up.

Windows 10 brings a whole lot of new capabilities both from Manageability and Security perspective for IT administrators.  If you haven’t read some of my previous posts around Security with Windows 10, following articles will give you some insight.

  1. Threat Mitigation in Windows 10
  2. Windows Device Guard against Malware Intrusion

I have been working as Tech Reviewer of this Book on Windows 10 for Enterprise administrators for few months now and its finally got published.
As a Tech Reviewer my responsibility was to ensure that the Technical topics are explained accurately and has consistent information, with working set of scripts and codes.  The sole objective of the book is to help IT administrators with the knowledge of new capabilities, Deployment tools, tips and tricks to manage a Windows 10 environment better.

The Authors did a great job in bringing the right content and concepts to ensure our Windows 10 administrators are successful in their day to day job.

Here are some screenshots of the book preface

Book is available for Sale here :
https://www.packtpub.com/networking-and-servers/windows-10-enterprise-administrators

Hope you all will like it.

Cheers




What is Windows Defender ATP ?

I get to hear a lot of confusion between Windows Defender and Windows Defender ATP and people don’t often get the difference between the two,

lets understand the difference.

Windows Defender is an Anti malware / Anti Virus solution part of Windows 10 itself, it helps protect you from known malware/Viruses which has already been discovered and there is a definition available for it. So think of this like similar Anti Virus capability provided by known vendors like McAfee, Symantec etc.

Besides protecting you from known malware, Windows Defender also has inbuilt machine learning and heuristics to detect malware in realtime based on behaviour analysis. If you want to see a glimpse of what Defender AV can do in real time, watch this video below.

 

Windows Defender ATP on the other hand is an Endpoint detection and Response ( EDR) solution from Microsoft which enables identifying and detecting suspicious and malicious activities on the endpoint PCs and help you take remedial actions for containment.

So if there is a persistent attack scenario where attackers are doing initial recon and lateral movement activity to find out critical and high value assets for them to compromise, this activity gets detected in the Defender ATP console and helps organizations to confine it before the attackers are able to compromise your high value assets.

Here is a quick overview of Windows Defender ATP and some of the example activities of compromise it can help detect and remediate.

Defender ATP can run irrespective of the fact what Anti Malware you are using.

Hope that clears out the confusion.

Do subscribe to my channel on YouTube for more informative demos on InfoSec.

Cheers




Windows Defender Detects Malicious Macros in Real time.

We are seeing an increasing trend of Microsoft office files are being used as Trojans to download malicious payloads by using legitimate features like VB Macros.

If you are running Windows Defender as your default AV, check out this video as how Defender uses its client side ML with AMSI to detect malicous VB macro and blocks it in real time.

This feature doesn’t require any definition.

let me know what you think.

Cheers