Tag: Defender ATP

My Book Project : Windows 10 for Enterprise Administrators

[Post Migrated from TechNet]

With more and more customers adopting Windows 10 as preferred Operating System as their preferred platform for their Endpoint Devices, the need of upgrading skills for our IT administrators with the know how of new tools, upgrade strategies, deployment of new features/capabilities and ongoing management of Windows 10 devices is definitely catching up.

Windows 10 brings a whole lot of new capabilities both from Manageability and Security perspective for IT administrators.  If you haven’t read some of my previous posts around Security with Windows 10, following articles will give you some insight.

  1. Threat Mitigation in Windows 10
  2. Windows Device Guard against Malware Intrusion

I have been working as Tech Reviewer of this Book on Windows 10 for Enterprise administrators for few months now and its finally got published.
As a Tech Reviewer my responsibility was to ensure that the Technical topics are explained accurately and has consistent information, with working set of scripts and codes.  The sole objective of the book is to help IT administrators with the knowledge of new capabilities, Deployment tools, tips and tricks to manage a Windows 10 environment better.

The Authors did a great job in bringing the right content and concepts to ensure our Windows 10 administrators are successful in their day to day job.

Here are some screenshots of the book preface

Book is available for Sale here :
https://www.packtpub.com/networking-and-servers/windows-10-enterprise-administrators

Hope you all will like it.

Cheers




What is Windows Defender ATP ?

I get to hear a lot of confusion between Windows Defender and Windows Defender ATP and people don’t often get the difference between the two,

lets understand the difference.

Windows Defender is an Anti malware / Anti Virus solution part of Windows 10 itself, it helps protect you from known malware/Viruses which has already been discovered and there is a definition available for it. So think of this like similar Anti Virus capability provided by known vendors like McAfee, Symantec etc.

Besides protecting you from known malware, Windows Defender also has inbuilt machine learning and heuristics to detect malware in realtime based on behaviour analysis. If you want to see a glimpse of what Defender AV can do in real time, watch this video below.

 

Windows Defender ATP on the other hand is an Endpoint detection and Response ( EDR) solution from Microsoft which enables identifying and detecting suspicious and malicious activities on the endpoint PCs and help you take remedial actions for containment.

So if there is a persistent attack scenario where attackers are doing initial recon and lateral movement activity to find out critical and high value assets for them to compromise, this activity gets detected in the Defender ATP console and helps organizations to confine it before the attackers are able to compromise your high value assets.

Here is a quick overview of Windows Defender ATP and some of the example activities of compromise it can help detect and remediate.

Defender ATP can run irrespective of the fact what Anti Malware you are using.

Hope that clears out the confusion.

Do subscribe to my channel on YouTube for more informative demos on InfoSec.

Cheers