Advanced Threat Protection Part 5: Microsoft Defender ATP

00:00

Welcome submarines to the industry. 65 Security Administration Course

00:05

I'm your Strugar. Jim Daniels.

00:08

We're on module three m s, 3 65. Threat protection.

00:12

We're going to be wrapping up lesson to advanced threat protection with Microsoft Defender 80 p

00:18

This lesson we're going to earn

00:20

how Windows 10 incorporates security features into the of S

00:25

and expands with those features with defender A teepee.

00:29

We're also going to look at some specific application control methods within Windows Town.

00:35

So to this point, we've really focused on the

00:38

non of s security side where this is the lesson we're actually going to get in with Windows 10.

00:46

Here's some of security innovations with Windows 10

00:50

pre breach threat protection, identity protection, information protection, post breach security management

00:57

Some of these innovations you may or may not implement.

01:00

However, as a security professional, it is your duty to at least know

01:07

what each one is.

01:08

And the scenario which is recommended

01:11

Microsoft Defender 80 p is a platform designed to help enterprise networks prevent, detect, investigate and respond to the advanced threats.

01:21

It does that by offering threatened vulnerability management

01:26

reduction of your tax office

01:27

next generation protection

01:32

endpoint detection and response

01:34

Advance Honey,

01:36

Automated Investigation, remediation

01:40

and for a utilizes the threat experts

01:44

within Defender A TV. You can actually set up email alerts. You send notifications for specific recipients based on new alerts.

01:52

Well, our severity levels could be configured to trigger those notifications.

01:56

Some of the required permissions to configure defender 80 p email notifications.

02:01

You could be sent to manage security settings, which is a role based within defender a teepee where you can be a global or security administrator.

02:10

A tip.

02:12

It's always a good idea to configure e a p in office. 3 65 80 p settings

02:16

for Defender 80 p a large emails so they don't go into junk reform, saying

02:23

If you have a major alert coming through about a security incident,

02:27

you don't want to go into quarantine or jump.

02:30

Here's an example of that, you know are

02:32

it's a new alarm detection,

02:35

and it's detected a malicious document

02:37

as a severity

02:38

category

02:39

as the source as well as time

02:43

and as a direct link so you can see more information about this sort

02:49

as our security center is a unified infrastructure security management system that provides advanced threat protection across your hybrid workloads in the cloud

02:58

as well as on premises.

03:00

Defender 80 p can be integrated with as our security center

03:04

to allow a Teepee Analytics

03:07

behavioral signal collection from servers. Intelligence for emerging threats in a single pane of glass view for server and endpoint. 80 p of ours.

03:16

So this is the dream scenario. If your organization still has a one premise server footprint

03:22

as well as a

03:23

server footprint in azar,

03:25

the security center

03:28

ties on prim and cloud together

03:31

and any grace and would defender a teepee for your in points so you can have a comprehensive view of your endpoints and servers

03:42

all at once.

03:43

Windows Defender, application guard,

03:46

Windows 10 and Microsoft edge

03:50

their next

03:53

administrators defying trusted websites. Cloud internal resource is

03:58

everything else is untrusted zero trust model, right?

04:01

When on trust this side is visited, edge opens up in an isolated hyper V container,

04:09

just container separate from the host of S,

04:12

which for Texas system. In the event that the site is malicious,

04:16

you're gonna solve this from power shoe

04:18

in the control panel or as a policy compliance within NDM such as intern,

04:26

it can be configured

04:28

within group policy

04:30

S E C M or into Indian endpoint management

04:33

application. Gored is fantastic.

04:36

Let's take a look.

04:39

You have your device hardware,

04:41

you have edge the new edge. Chromium browser is actually pretty good. Pretty good word. We're hoping that will be the hope to get rid of their next four once and for all.

04:53

So we're putting a lot of stock in as chromium. That's beside the point.

04:58

So we have our Windows Defender application guard.

05:01

It launches in edge,

05:03

use the platform services. A separate colonel from the S

05:08

suffer. So something bad happens in that untrusted site.

05:13

It doesn't mess up

05:15

your host of s.

05:16

It is a sandbox.

05:19

This is very cool technology.

05:21

Let's look at some application control methods. In Windows 10

05:26

you have a couple of different methods. You have Windows Defender application control,

05:30

an Apple locker.

05:31

Somebody comparisons.

05:33

Defender Application control requires Windows 10 enterprise 17 of now,

05:38

plus or windows 10

05:41

1903 and above doesn't necessarily have to be enterprised. If it's 1919 03 or above

05:46

you control what drivers and acts are allowed.

05:49

When those defender application control policies applied to a computer and affect all device users.

05:56

It's a computer based policy,

05:59

and it supplied you configure with indium. Such a Simpson SC CME Group policy or power show

06:05

ad blocker,

06:06

was introduced on Windows seven.

06:09

Control is why ask? Users are allowed to run.

06:13

Policies can apply it to all users of a computer or individual users and groups.

06:17

And it's deployed through SEC and Group policy and Power Shell.

06:23

One of the key things

06:25

when his defender application control

06:28

allows control over drivers.

06:30

That's something that Apple worker does not.

06:34

When those defender application control

06:36

mitigate security threats by restricting the applications, user are allowed to run

06:42

and the code runs in the kernel system. Core.

06:46

W jak policies also block unsigned scripts and M s eyes.

06:50

And when the power shell runs in constrained language mode,

06:55

All right, let's see if you notice

06:57

Windows 10 Application guard

06:59

functions with I E. 10 plus and the latest versions of Edge, Firefox and Chrome. Is that true? Or is that false?

07:10

False? It only functions with i e. An edge.

07:15

You do not get the application Gore function

07:17

with Windows 10 F. Your users are using Firefox or crime

07:23

or any other third party browser, such as Offer

07:27

Bruce Schneier is a cryptography expert.

07:30

He's been involved in creation of many cryptographic algorithms.

07:34

Chances already already know who he is. If you don't

07:38

there, you know, now you know,

07:40

Bruce said. More people are killed every year about pigs and by sharks.

07:46

That shows how good we are at evaluating risk.

07:50

Can you take away from this?

07:53

What we may necessarily think is a risky use

07:56

isn't necessarily

07:58

the risk is gonna have the big people behind it.

08:01

That's where Defender Export Guard comes in. Utilizes the capabilities of the intelligence security graph

08:09

to identify active exploits and count on behaviors.

08:13

To start these types of attacks at various stages of the cure. Train

08:18

defender exploit guard components, therefore main ones.

08:22

It reduces your attack surface.

08:24

The set of controls prevents malware from getting when the machine, by blocking office scripts and email based threats.

08:31

This far can help protect against zero day attacks.

08:35

Network protection.

08:37

It extends the malware and social engineering protection offer about Windows Defender Smart screen

08:41

in Microsoft Edge to cover network traffic in connective ity on your devices.

08:48

This requires Windows Defender, a V

08:50

controlled folder access.

08:52

This is what I like.

08:54

It protects sensitive data from ransomware about blocking on trusted processes from accessing your protective folders

09:03

so you can actually define certain protective folders within the device itself. Within the hard drive, you can say, OK,

09:11

all of these voters are access restricted, their sensitive

09:16

You get

09:18

take process that you don't know what they are. They're levelled his own. Trusted They're never gonna right

09:22

or edit into this voters.

09:26

Export protection

09:28

is a set of exploit mitigation

09:30

replaces E met in the past. Enhanced mitigation experience took it

09:35

and could be easily configured to protect your system and applications. So it's additional tool kit that comes with defender Export Guard

09:43

To recap this lesson Microsoft Defender 80 p is a platform designed to help enterprise networks prevent,

09:52

detect, investigate

09:54

and respond to advanced threats.

09:56

Windows Defender 80 p can be integrated into as your security center

10:01

Windows application. Gord opens untrusted sites and isolated hyper V enable container

10:07

for sandbox type protection.

10:11

Thank you for joining me on this lesson.