Windows Defender Advanced Threat Protection (ATP) Creators Update preview. With the Creators Update, ATP will get its most generous update so far. Sagiv explains that Microsoft has listened to its customers and understands the responsibility of keeping organizations safe.
“We’re diligently tracking advances in sophisticated attacks, and listening to feedback from our Windows Defender ATP customers. We leverage our cloud service to continuously introduce new features, and are adding major enhancements to the OS-integrated sensor technologies in the Windows Creators Update.”
You can register for Creators Update trial to experience the new capabilities yourself.
Windows Creators Update improves our OS memory and kernel sensors to enable detection of attackers who are employing in-memory and kernel-level attacks – shining a light into previously dark spaces where attackers hid from conventional detection tools.
The new user entity adds identity as a pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track attackers moving laterally across the network.
Alert page now includes a new process tree visualization that aggregates multiple detections and related events into a single view that helps security teams reduce the time to resolve cases by providing the information required to understand and resolve incidents without leaving the alert page.
SecOps can hunt for evidence of attacks, such as file names or hashes, IP addresses or URLs, behaviors, machines, or users.
When detecting an attack, security teams can now take immediate action: isolate machines, ban files from the network, kill and quarantine running processes or files, or retrieve an investigation package from a machine to provide forensic evidence – with a click of a button.