« Previous 1 2 3 4 Next »
Endpoint Security for Windows 10
Well-Tempered Computer
Defender Security Center
In version 1703, Microsoft has combined various Windows security functions in the Defender Security Center [3] and made them easily accessible in a central interface. The Defender Security Center combines the following functions:
- Defender features: virus and threat protection.
- Device performance and health: information about device drivers and Windows update states, as well as battery status on mobile devices.
- Firewall and network protection: Defender firewall state with advanced security.
- App & browser control: configuration in Defender SmartScreen for apps, files, and the Edge browser.
- Family options: controlled access to web pages, time control for applications, and allowed access to applications for children.
Defender for Endpoint
Microsoft Defender for Endpoint (formerly Windows Defender Advanced Threat Protection) [4] service for Windows 10, as of version 1607, helps you detect attacks on a network and initiate appropriate countermeasures. Microsoft Defender for Endpoint combines Windows 10 protection measures and cloud technologies in a single tool.
Features include anomaly detection capabilities (registry, filesystem, and network access) and security analysis capabilities in the Microsoft cloud (Bing and SmartScreen reputation, Microsoft Malicious Software Removal Tool, and threat intelligence). Microsoft Defender for Endpoint also supports security features such as AppLocker or Device Guard. The configuration is handled by group policies, System Center Endpoint Configuration Manager, scripts, mobile device management (MDM) tools, or Microsoft Intune.
Whereas Microsoft Defender for Endpoint is a cloud-based service, Microsoft Advanced Threat Analytics (ATA) is a local service installed on servers in the IT infrastructure to detect suspicious activities on the network in real time. ATA comprises the ATA Gateway or ATA Lightweight Gateway, ATA Center, and other components, some of which are optional. The core functionality involves all domain controllers in the enterprise mirroring their network traffic to the ATA gateway. ATA records the data in a database, clearly displays the findings in the ATA Center, and points out threats and possible countermeasures.
Defender Application Control
The technology behind Defender Application Control (WDAC) [5] is also intended to prevent malware from running on and thus infiltrating the system. The tool is primarily intended to protect against new and unknown malware and Advanced Persistent Threats (APTs). WDAC thus provides increased protection in Windows 10 because it prevents any untrusted or non-digitally-signed app from running, including portable apps that run off a USB stick without a local installation.
Administrators can specify the source from which apps are considered trusted. Both universal apps and Win32 apps can be protected with WDAC in this way. When an application is executed, WDAC checks its trustworthiness. An application is considered secure if it has a digital signature from the manufacturer or the Windows Store, and organizations can define their own applications as secure. Administrators use central policies to determine which apps are trusted and how WDAC should be configured in the enterprise.
WDAC protects itself against tampering with hardware and virtualization technologies to isolate the process from all other components. Because WDAC uses Hyper-V as its base, client systems need to meet all the requirements for enabling the Hyper-V role. Compared with other Microsoft technologies (e.g., AppLocker), WDAC plays to its strengths because it is not possible to infiltrate the check process itself.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)