Detect, investigate and respond

to advanced and targeted attacks

with Windows Defender ATP
Jerry Smith
Windows Senior Product Manager
 “TH ER E A R E TWO KINDS OF BIG COMPA NIES,
THOSE WH O’ V E BEEN HACKED, AND THOSE
WH O DON’T KNOW TH EY’V E BEEN H A CKED.”
JAMES COMEY, DIRECTOR FBI

200+
Median number of days
80 $3TRILLION $3.5MILLION
attackers are present on a Days after detection to Impact of lost productivity Average cost of a data
victims network before full recovery and growth breach (15% YoY increase)
detection
 HOW DO BR EA CH ES OCCUR ?

Malware and
vulnerabilities are
not the only thing
46% 99.9%
of compromised systems had of exploited Vulnerabilities were
to worry about no malware on them used more than a year after the
CVE was published

Fast and effective

phishing attacks 23% 50%
leave you little of recipients opened phishing of those who open and click
time to react messages (11% clicked on attachments do so within the
attachments) first hour
 AT TACKS HAPPEN FAST AND ARE H A R D TO STOP

If an attacker sends an email …23 people will open it… …11 people will open the …and six will do it in the
to 100 people in your attachment… first hour.
company…
 THE WINDOWS 10 DEFENSE STACK

PRE-BREACH

Device
Device
protection Threat
Identity
resistance Information
Identity Information
Threat
protection protection protection protection
resistance

SmartScreen
Device Health SmartScreen
Built-in 2FA Device
Built-in
protection
2FA / Device protection /
Attestation
attestation Drive encryption AppLocker
Drive encryption
Account
AppLocker
lockdown Account lockdown
Device Guard Windows Information Device Guard
Enterprise Data
Credential
Device Guard
Guard Credential Guard
Protection Protection
Windows Defender
Device Control MicrosoftDefender
Windows Passport Microsoft Passport
Security policies Windows Hello :) Conditional access
Windows Hello ;) Conditional
Windows access
Defender
Network/Firewall
Application Guard
 ADDING A POST-BREACH MINDSET

PRE-BREACH POST-BREACH

Breach detection
Device
Device
protection Threat
Identity
resistance Information
Identity Information
Threat Breach detection
investigation &
protection protection protection protection
resistance investigation & response
response

SmartScreen
Device Health SmartScreen
Built-in 2FA Device
Built-in
protection
2FA / Device protection / Windows
Windows Defender
Defender
ATP
Attestation
attestation Drive encryption AppLocker
Drive encryption Advanced Threat Protection
Account
AppLocker
lockdown Account lockdown
Device Guard Windows Information Device Guard
Enterprise Data (ATP)
Credential
Device Guard
Guard Credential Guard
Protection Protection
Windows Defender
Device Control MicrosoftDefender
Windows Passport Microsoft Passport
Security policies Windows Hello :) Conditional access
Windows Hello ;) Conditional
Windows access
Defender
Network/Firewall
Application Guard
 WINDOWS 7 SECURIT Y FEATURES

Breach detection
Device Threat Identity Information
protection resistance protection protection investigation &
response
PRE-BREACH POST-BREACH
 WINDOWS 10 SECURIT Y FEATURES

Breach detection
Device Threat Identity Information
protection resistance protection protection investigation &
response
PRE-BREACH POST-BREACH
 Windows Defender
Advanced Threat Protection
Detect advanced attacks and remediate breaches

Built in to Windows 10
No additional deployment & infrastructure.
Continuously up-to-date, lower costs.

Behavior-based, cloud-powered breach detection

Actionable, correlated alerts for known and unknown adversaries.
Real-time and historical data.

Rich timeline for investigation

Easily understand scope of breach. Data pivoting
across endpoints. Deep file and URL analysis.

Unique threat intelligence knowledge base

Unparalleled threat optics provide detailed actor profiles
1st and 3rd party threat intelligence data.
https://www.microsoft.com/en-
us/WindowsForBusiness/Windows-ATP
 Multi-factor authentication

Data encryption

User accounts

Device log-ins
Malware
Unauthorized data access

Attacks

User log-ins

Phishing Denial of service

System updates
Enterprise security
 Windows Defender
Advanced Threat Protection
Detect advanced attacks and remediate breaches

Built in to Windows 10
No additional deployment & infrastructure.
Continuously up-to-date, lower costs.

Behavior-based, cloud-powered breach detection

Actionable, correlated alerts for known and unknown adversaries.
Real-time and historical data.

Rich timeline for investigation

Easily understand scope of breach. Data pivoting
across endpoints. Deep file and URL analysis.

Unique threat intelligence knowledge base

Unparalleled threat optics provide detailed actor profiles
1st and 3rd party threat intelligence data.
Thank You!