Threats are everywhere. What is advanced threat protection and how it can help you in mitigation?
Microsoft Advanced Threat Protection
Microsoft Advanced Threat Protection is a cloud-based service for protecting enterprises from cyber-attacks. Advanced Threat Protection is a cloud-based service for protecting enterprises from cyber-attacks. It provides the necessary enterprise-grade security capabilities to detect, investigate, and respond to advanced attacks on enterprise networks.
Advanced Threat Protection is Microsoft’s unified offering for customers of Microsoft 365 and Enterprise Mobility + Security (EMS). The service provides advanced threat protection capabilities to detect, investigate, and respond to advanced attacks on enterprise networks. This includes protection for both inbound and outbound threats.
This complements existing security solutions with built-in intelligence. Also, it can help security operations teams respond faster and more efficiently to attacks. Moreover, it is available as part of Microsoft 365 E5 and EMS E5.
Customers can also purchase Network Cyber Protection standalone. Also, through a volume licensing agreement with Software Assurance coverage.
Advanced Threat Analytics
Input Controls is a service within Microsoft Advanced Threat Protection. It provides the ability for security operations administrators to define rules that classify files based on their content. Also, administrators can then use these classifications to determine which files are sent to the cloud protection service for further analysis.
This service is a cloud-based service within Microsoft Network Cyber Protection. So, this analyzes data in real-time from cloud services and on-premises security solutions. Also, it provides a centralized access point to investigate threats, detect advanced threats, and perform forensic analysis on attacks.
One such example is VirusTotal, which scans executables using more than 50 antivirus products simultaneously. If some antivirus software detects a potential threat. It will break the execution flow to alert the user or stop it altogether.
Advanced Malware Protection
It provides protection against malware and ransomware running on endpoints. This is done by analyzing suspicious files and blocking those that are known malicious or have behavior indicative of a threat.
This service is a cloud-based security service within Microsoft Network Cyber Protection. It protects enterprise networks from targeted attacks and zero-day exploits by using an adaptive system that learns and blocks exploits as they are encountered in the wild.
Security Incident Management
This platform provides the ability to detect, investigate, and respond to advanced attacks on enterprise networks. Also, this intelligence helps security operations teams respond faster and more efficiently to attacks. So, the team can use this service to monitor, detect, investigate, and respond to incidents in real-time.
That is rather than having to wait for the next business day for analysis of logs collected during an attack. So, this service also offers on-premises integration with other Microsoft services. This includes Azure Active Directory, Azure Information Protection, System Center Configuration Manager, and Windows Defender Advanced Threat Protection.
On November 15, 2018, Microsoft announced the acquisition of Adallom for $320 million. This acquisition will be used to bolster the security offerings for Microsoft 365. Also, for commercial customers of Azure Active Directory Premium.