Advanced hunting provides a query-based threat-hunting tool that lets you proactively find breaches and create custom detections.
To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.Įndpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
:strip_icc()/i.s3.glbimg.com/v1/AUTH_59edd422c0c84a879bd37670ae4f538a/internal_photos/bs/2020/U/X/0UaXgpTMOvnrHRlyzBXg/ms-defender.png "ms defender")
This set of capabilities also includes network protection and web protection, which regulate access to malicious IP addresses, domains, and URLs. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. The attack surface reduction set of capabilities provides the first line of defense in the stack. To further enhance your ability to assess your security posture and reduce risk, a new Defender Vulnerability Management add-on for Plan 2 is available.įor more information on the different vulnerability management capabilities available to you, see Compare Microsoft Defender Vulnerability Management offerings. For more information on what capabilities are available for non-Windows platforms, see Microsoft Defender for Endpoint for non-Windows platforms.īuilt-in core vulnerability management capabilities use a modern risk-based approach to the discovery, assessment, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. The capabilities on non-Windows platforms may be different from the ones for Windows. Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Defender for Endpoint to identify attacker tools, techniques, and procedures, and generate alerts when they are observed in collected sensor data.Ĭentralized configuration and administration, APIs Defender for Endpoint uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:Įndpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.Ĭloud security analytics: Leveraging big-data, device learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
0 kommentar(er)
