Microsoft are adding “down-level” support to Windows Defender Advanced Threat Protection (ATP), making it available to protect machines running Windows 7 and Windows 8.1.
Microsoft are building a behavioural based Endpoint Detection and Response (EDR) solution specifically for the older Windows editions. For Windows 10 devices, they recommend that it be run alongside Windows Defender Antivirus which, in these “down-level” scenarios, they call System Center Endpoint Protection (SCEP).
A public preview will be made available in “spring” 2018.
Windows Defender Advanced Threat Protection is the difference between Windows 10 E3 and Windows 10 E5 and:
“provides preventative protection, detects attacks and zero-day exploits, and gives you centralized management for your end-to-end security lifecycle”
Its aim is to help organisations detect and investigate cyber attacks in a faster, more efficient manner using a combination of behavioural analytics, machine learning and human researchers.
For organisations with devices still running Windows 7 SP1 and/or Windows 8.1 (which is many), this will enable a stronger security baseline across the desktop as Windows Defender Advanced Threat Protection offers several tools and reports to help improve and maintain an organisation’s security.
ITAM should be integral to the successful running of WDATP – or similar tools. While Security Operations and Security Management teams will, most likely, be the ones using the tools – knowing how many devices there are, where they are and what type of OS they’re running will be key to ensuring proper protection. If devices are missing from asset scans, that might indicate a potential security problem.
There are advanced features within Windows Defender Advanced Threat Protection that can be turned on, if there are other licenses present.
For example, the “Office 365 Threat Intelligence connection” enables a centralised security report across Windows devices and Office 365 mailboxes. Being able to produce a report of all users licensed with Windows 10 E5 and Office 365 E5 (or the Threat Intelligence add-on) will make it possible to check that this feature is enabled and working everywhere it should be.
Microsoft have also extended Windows Defender ATP to run cross-platform across Linux, iOS, Android and macOS, through work with solutions from BitDefender, LookOut, Ziften and SentinelOne.
Again, ITAM being able to present a complete overview of all devices – not just Windows desktops but all mobile devices too – will be hugely beneficial to the success of such a deployment.
Do you have that level of insight into your mobile estate currently? Even if it’s unlikely that you’ll deploy Windows 10 E5 and Windows Defender ATP, as ITAM and Security become ever more entwined – visibility of phones, tablets, smart watches etc. will surely be a key part of Next Generation ITAM.