Advanced Threat Protection Part 5: Microsoft Defender ATP
6 hours 59 minutes
Welcome submarines to the industry. 65 Security Administration Course
I'm your Strugar. Jim Daniels.
We're on module three m s, 3 65. Threat protection.
We're going to be wrapping up lesson to advanced threat protection with Microsoft Defender 80 p
This lesson we're going to earn
how Windows 10 incorporates security features into the of S
and expands with those features with defender A teepee.
We're also going to look at some specific application control methods within Windows Town.
So to this point, we've really focused on the
non of s security side where this is the lesson we're actually going to get in with Windows 10.
Here's some of security innovations with Windows 10
pre breach threat protection, identity protection, information protection, post breach security management
Some of these innovations you may or may not implement.
However, as a security professional, it is your duty to at least know
what each one is.
And the scenario which is recommended
Microsoft Defender 80 p is a platform designed to help enterprise networks prevent, detect, investigate and respond to the advanced threats.
It does that by offering threatened vulnerability management
reduction of your tax office
next generation protection
endpoint detection and response
Automated Investigation, remediation
and for a utilizes the threat experts
within Defender A TV. You can actually set up email alerts. You send notifications for specific recipients based on new alerts.
Well, our severity levels could be configured to trigger those notifications.
Some of the required permissions to configure defender 80 p email notifications.
You could be sent to manage security settings, which is a role based within defender a teepee where you can be a global or security administrator.
It's always a good idea to configure e a p in office. 3 65 80 p settings
for Defender 80 p a large emails so they don't go into junk reform, saying
If you have a major alert coming through about a security incident,
you don't want to go into quarantine or jump.
Here's an example of that, you know are
it's a new alarm detection,
and it's detected a malicious document
as a severity
as the source as well as time
and as a direct link so you can see more information about this sort
as our security center is a unified infrastructure security management system that provides advanced threat protection across your hybrid workloads in the cloud
as well as on premises.
Defender 80 p can be integrated with as our security center
to allow a Teepee Analytics
behavioral signal collection from servers. Intelligence for emerging threats in a single pane of glass view for server and endpoint. 80 p of ours.
So this is the dream scenario. If your organization still has a one premise server footprint
as well as a
server footprint in azar,
the security center
ties on prim and cloud together
and any grace and would defender a teepee for your in points so you can have a comprehensive view of your endpoints and servers
all at once.
Windows Defender, application guard,
Windows 10 and Microsoft edge
administrators defying trusted websites. Cloud internal resource is
everything else is untrusted zero trust model, right?
When on trust this side is visited, edge opens up in an isolated hyper V container,
just container separate from the host of S,
which for Texas system. In the event that the site is malicious,
you're gonna solve this from power shoe
in the control panel or as a policy compliance within NDM such as intern,
it can be configured
within group policy
S E C M or into Indian endpoint management
application. Gored is fantastic.
Let's take a look.
You have your device hardware,
you have edge the new edge. Chromium browser is actually pretty good. Pretty good word. We're hoping that will be the hope to get rid of their next four once and for all.
So we're putting a lot of stock in as chromium. That's beside the point.
So we have our Windows Defender application guard.
It launches in edge,
use the platform services. A separate colonel from the S
suffer. So something bad happens in that untrusted site.
It doesn't mess up
your host of s.
It is a sandbox.
This is very cool technology.
Let's look at some application control methods. In Windows 10
you have a couple of different methods. You have Windows Defender application control,
an Apple locker.
Defender Application control requires Windows 10 enterprise 17 of now,
plus or windows 10
1903 and above doesn't necessarily have to be enterprised. If it's 1919 03 or above
you control what drivers and acts are allowed.
When those defender application control policies applied to a computer and affect all device users.
It's a computer based policy,
and it supplied you configure with indium. Such a Simpson SC CME Group policy or power show
was introduced on Windows seven.
Control is why ask? Users are allowed to run.
Policies can apply it to all users of a computer or individual users and groups.
And it's deployed through SEC and Group policy and Power Shell.
One of the key things
when his defender application control
allows control over drivers.
That's something that Apple worker does not.
When those defender application control
mitigate security threats by restricting the applications, user are allowed to run
and the code runs in the kernel system. Core.
W jak policies also block unsigned scripts and M s eyes.
And when the power shell runs in constrained language mode,
All right, let's see if you notice
Windows 10 Application guard
functions with I E. 10 plus and the latest versions of Edge, Firefox and Chrome. Is that true? Or is that false?
False? It only functions with i e. An edge.
You do not get the application Gore function
with Windows 10 F. Your users are using Firefox or crime
or any other third party browser, such as Offer
Bruce Schneier is a cryptography expert.
He's been involved in creation of many cryptographic algorithms.
Chances already already know who he is. If you don't
there, you know, now you know,
Bruce said. More people are killed every year about pigs and by sharks.
That shows how good we are at evaluating risk.
Can you take away from this?
What we may necessarily think is a risky use
the risk is gonna have the big people behind it.
That's where Defender Export Guard comes in. Utilizes the capabilities of the intelligence security graph
to identify active exploits and count on behaviors.
To start these types of attacks at various stages of the cure. Train
defender exploit guard components, therefore main ones.
It reduces your attack surface.
The set of controls prevents malware from getting when the machine, by blocking office scripts and email based threats.
This far can help protect against zero day attacks.
It extends the malware and social engineering protection offer about Windows Defender Smart screen
in Microsoft Edge to cover network traffic in connective ity on your devices.
This requires Windows Defender, a V
controlled folder access.
This is what I like.
It protects sensitive data from ransomware about blocking on trusted processes from accessing your protective folders
so you can actually define certain protective folders within the device itself. Within the hard drive, you can say, OK,
all of these voters are access restricted, their sensitive
take process that you don't know what they are. They're levelled his own. Trusted They're never gonna right
or edit into this voters.
is a set of exploit mitigation
replaces E met in the past. Enhanced mitigation experience took it
and could be easily configured to protect your system and applications. So it's additional tool kit that comes with defender Export Guard
To recap this lesson Microsoft Defender 80 p is a platform designed to help enterprise networks prevent,
and respond to advanced threats.
Windows Defender 80 p can be integrated into as your security center
Windows application. Gord opens untrusted sites and isolated hyper V enable container
for sandbox type protection.
Thank you for joining me on this lesson.
Over. See you next time. Take care