Advanced Threat Protection Part 5: Microsoft Defender ATP

Welcome submarines to the industry. 65 Security Administration Course I'm your Strugar. Jim Daniels. We're on module three m s, 3 65. Threat protection. We're going to be wrapping up lesson to advanced threat protection with Microsoft Defender 80 p This lesson we're going to earn how Windows 10 incorporates security features into the of S and expands with those features with defender A teepee. We're also going to look at some specific application control methods within Windows Town. So to this point, we've really focused on the non of s security side where this is the lesson we're actually going to get in with Windows 10. Here's some of security innovations with Windows 10 pre breach threat protection, identity protection, information protection, post breach security management Some of these innovations you may or may not implement.

‍

However, as a security professional, it is your duty to at least know what each one is. And the scenario which is recommended Microsoft Defender 80 p is a platform designed to help enterprise networks prevent, detect, investigate and respond to the advanced threats. It does that by offering threatened vulnerability management reduction of your tax office next generation protection endpoint detection and response Advance Honey, Automated Investigation, remediation and for a utilizes the threat experts within Defender A TV. You can actually set up email alerts. You send notifications for specific recipients based on new alerts. Well, our severity levels could be configured to trigger those notifications. Some of the required permissions to configure defender 80 p email notifications. You could be sent to manage security settings, which is a role based within defender a teepee where you can be a global or security administrator.

‍

A tip. It's always a good idea to configure e a p in office. 365 80 p settings for Defender 80 p a large emails so they don't go into junk reform, saying If you have a major alert coming through about a security incident, you don't want to go into quarantine or jump. Here's an example of that, you know are it's a new alarm detection, and it's detected a malicious document as a severity category as the source as well as time and as a direct link so you can see more information about this sort as our security center is a unified infrastructure security management system that provides advanced threat protection across your hybrid workloads in the cloud as well as on premises.

‍

Defender 80 p can be integrated with as our security center to allow a Teepee Analytics behavioral signal collection from servers. Intelligence for emerging threats in a single pane of glass view for server and endpoint. 80 p of ours. So this is the dream scenario. If your organization still has a one premise server footprint as well as a server footprint in azar, the security center ties on prim and cloud together and any grace and would defender a teepee for your in points so you can have a comprehensive view of your endpoints and servers all at once. Windows Defender, application guard, Windows 10 and Microsoft edge their next administrators defying trusted websites. Cloud internal resource is everything else is untrusted zero trust model, right? When on trust this side is visited, edge opens up in an isolated hyper V container, just container separate from the host of S, which for Texas system. In the event that the site is malicious, you're gonna solve this from power shoe in the control panel or as a policy compliance within NDM such as intern, it can be configured within group policy S E C M or into Indian endpoint management application. Gored is fantastic. Let's take a look.

‍

You have your device hardware, you have edge the new edge. Chromium browser is actually pretty good. Pretty good word. We're hoping that will be the hope to get rid of their next four once and for all. So we're putting a lot of stock in as chromium. That's beside the point. So we have our Windows Defender application guard. It launches in edge, use the platform services. A separate colonel from the S suffer. So something bad happens in that untrusted site. It doesn't mess up your host of s. It is a sandbox. This is very cool technology. Let's look at some application control methods. In Windows 10 you have a couple of different methods. You have Windows Defender application control, an Apple locker. Somebody comparisons. Defender Application control requires Windows 10 enterprise 17 of now, plus or windows 10 1903 and above doesn't necessarily have to be enterprised.

‍

If it's 1919 03 or above you control what drivers and acts are allowed. When those defender application control policies applied to a computer and affect all device users. It's a computer based policy, and it supplied you configure with indium. Such a Simpson SC CME Group policy or power show ad blocker, was introduced on Windows seven. Control is why ask? Users are allowed to run. Policies can apply it to all users of a computer or individual users and groups. And it's deployed through SEC and Group policy and Power Shell. One of the key things when his defender application control allows control over drivers. That's something that Apple worker does not. When those defender application control mitigate security threats by restricting the applications, user are allowed to run and the code runs in the kernel system. Core. W jak policies also block unsigned scripts and M s eyes.

‍

And when the power shell runs in constrained language mode, All right, let's see if you notice Windows 10 Application guard functions with I E. 10 plus and the latest versions of Edge, Firefox and Chrome. Is that true? Or is that false? False? It only functions with i e. An edge. You do not get the application Gore function with Windows 10 F. Your users are using Firefox or crime or any other third party browser, such as Offer Bruce Schneier is a cryptography expert. He's been involved in creation of many cryptographic algorithms. Chances already already know who he is. If you don't there, you know, now you know, Bruce said. More people are killed every year about pigs and by sharks. That shows how good we are at evaluating risk. Can you take away from this? What we may necessarily think is a risky use isn't necessarily the risk is gonna have the big people behind it.

‍

That's where Defender Export Guard comes in. Utilizes the capabilities of the intelligence security graph to identify active exploits and count on behaviors. To start these types of attacks at various stages of the cure. Train defender exploit guard components, therefore main ones. It reduces your attack surface. The set of controls prevents malware from getting when the machine, by blocking office scripts and email based threats. This far can help protect against zero day attacks. Network protection. It extends the malware and social engineering protection offer about Windows Defender Smart screen in Microsoft Edge to cover network traffic in connective ity on your devices. This requires Windows Defender, a V controlled folder access. This is what I like. It protects sensitive data from ransomware about blocking on trusted processes from accessing your protective folders so you can actually define certain protective folders within the device itself.

‍

Within the hard drive, you can say, OK, all of these voters are access restricted, their sensitive You get take process that you don't know what they are. They're levelled his own. Trusted They're never gonna right or edit into this voters. Export protection is a set of exploit mitigation replaces E met in the past. Enhanced mitigation experience took it and could be easily configured to protect your system and applications. So it's additional tool kit that comes with defender Export Guard To recap this lesson Microsoft Defender 80 p is a platform designed to help enterprise networks prevent, detect, investigate and respond to advanced threats.

‍

Windows Defender 80 p can be integrated into as your security center Windows application. Gord opens untrusted sites and isolated hyper V enable container for sandbox type protection. Thank you for joining me on this lesson. Over. See you next time. Take care