Microsoft Brings Post-Breach Detection To Windows 10 (sdtimes.com)

← Back to Stories (view on slashdot.org)

Microsoft Brings Post-Breach Detection To Windows 10 (sdtimes.com)

Posted by yaelk on Tuesday March 1, 2016 @11:59AM from the stopping-breaches dept.

mmoorebz writes: Microsoft is recognizing the increasingly sophisticated cyber attacks on enterprises, which is why it is taking a new approach to protect its customers. Today it announced its new post-breach enterprise security service called Windows Defender Advanced Threat Protection, which will respond to these advanced attacks on companies' networks. Attackers these days are using social engineering and zero-day vulnerabilities to break into corporate networks. According to Microsoft, thousands of attacks were reported in 2015 alone. The company found that it currently takes an enterprise more than 200 days to detect a security breach, and 80 days to contain it. When there is such a breach, the attackers can steal company data, find private information, and damage the brand and customer trust in the company.

44 of 79 comments (clear)

Min score:

Reason:

Sort:

Windows 10 by Anonymous Coward · 2016-03-01 12:01 · Score: 4, Funny

Will Windows Defender Advanced Threat Protection flag Windows 10 itself as a security breach after just a few more Windows updates?
1. Re:Windows 10 by gweihir · 2016-03-01 14:38 · Score: 1
  
  While that sounds funny, this may very well become a problem.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re:Windows 10 by Zaowulf · 2016-03-02 03:45 · Score: 1
  
  How many times has the solution to a problem been "turn off your antivirus?" This will likely be at least as bad.
Awesome! by kimvette · 2016-03-01 12:02 · Score: 1, Troll

It'll be a great tool while Microsoft maintains it for six months, and then it will be even more worthless than Symantec antivirus but people will still trust it.
Just has been the case with every previous Microsoft antivirus/antimalware effort.

--
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
1. Re:Awesome! by Anonymous Coward · 2016-03-01 15:56 · Score: 2, Informative
  
  Windows Defender has been around since Vista and has gotten better and better. They're committed to it.
2. Re:Awesome! by davester666 · 2016-03-01 19:48 · Score: 1
  
  And yet, it still offers no defense against, or even warn, that the operating system is sending your personal, private data to Microsoft.
  
  --
  Sleep your way to a whiter smile...date a dentist!
3. Re:Awesome! by ITRambo · 2016-03-01 20:10 · Score: 2
  
  You have a valid point in the MSE was good when released. Then when resources were focusing on Windows 8, MSE fell down in real world testing at AV-Test and AV-Comparatives. Since that time three years ago it has recovered and is once again okay to use.
4. Re:Awesome! by bad-badtz-maru · 2016-03-02 02:36 · Score: 1
  
  It doesn't look that great on AV-Test. I just checked and it's 3rd from the bottom on protection, if I'm reading it right. (Note - I use MSE/Defender and am not inherently a basher).
5. Re: Awesome! by davester666 · 2016-03-02 06:42 · Score: 1
  
  I believe the more appropriate choice would be to go on a murder rampage at the office.
  
  --
  Sleep your way to a whiter smile...date a dentist!
6. Re: Awesome! by Curate · 2016-03-02 13:26 · Score: 1
  
  Burning down the building would be another acceptable solution.
7. Re: Awesome! by davester666 · 2016-03-02 14:23 · Score: 1
  
  In order to flush the people out of the building to where you are waiting for them...then, yes...
  
  --
  Sleep your way to a whiter smile...date a dentist!
Vulnerabilities? by AHuxley · 2016-03-01 12:03 · Score: 1, Insightful

Using Microsoft products is the way into the corporate network. Stop buying junk products with backdoors, air gap, hire good staff and then secure your networks.

--
Domestic spying is now "Benign Information Gathering"
1. Re:Vulnerabilities? by Anonymous Coward · 2016-03-01 13:16 · Score: 5, Insightful
  
  Does anyone ever set out to hire bad staff?
  No, but these practices ensure that it occurs and that good staff doesn't stay for very long:
  - Maximizing hires of people from the oppressed group of the week
  - Replacing experienced staff with H1-Bs
  - Expecting a new hire to be immediately up to speed on everything the first time they walk into the office
  - Forcing tech employees to seek out training on their own time and dime because "it's expensive"
  - Treating vacation and sick time as frivolities that can be declined at the discretion of management
  - Never allowing or facilitating promotion of tech employees and watching them leave the company after a few years
  - Expecting 24/7/365 availability via phone and email of tech employees
2. Re:Vulnerabilities? by Anonymous Coward · 2016-03-01 13:24 · Score: 1
  
  I think you've just described the hiring practices of all the Top 500 companies in the US, including Microsoft.
3. Re:Vulnerabilities? by secretsquirel · 2016-03-01 14:16 · Score: 2
  
  "And where are these Windows backdoors everyone is always prattling on about?"
  Someone that isn't me can make any changes they want to my device (updates) anytime I'm connected to the internet and there's nothing I can do about it. (except apk hosts file?)
  That isn't backdoored?
4. Re:Vulnerabilities? by AHuxley · 2016-03-01 17:26 · Score: 3, Interesting
  
  AC re 'but to my knowledge no one has ever found any." did you forget all the interesting PRISM news back in 2013?
  http://www.dailymail.co.uk/new...
  Microsoft handed the NSA access to encrypted messages
  http://www.theguardian.com/wor...
  "encryption unlocked even before official launch"
  ".. helped the NSA to circumvent its encryption"
  "... routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport""
  
  --
  Domestic spying is now "Benign Information Gathering"
Does it detect Windows 10 as an Advanced Threat? by waspleg · 2016-03-01 12:12 · Score: 5, Insightful

If so, will it be renamed Microsoft Ouroboros?
What about the other 10% of IT bosses? by Freshly+Exhumed · 2016-03-01 12:14 · Score: 3, Insightful

From TFA: "After surveying its own customers, the company found that 90% of IT directors want an advanced threat protection solution that identifies an attack quick, before the breach actually occurs."
Presumably the remaining 10% of Microsoft customers surveyed felt that it is all so pointless, so futile. Windows is a seive. What's the use... we're all doomed... no... point... ... Daisy... Daisy...

--
I deny that I have not avoided attaining the opposite of that which I do not want.
1. Re:What about the other 10% of IT bosses? by aaarrrgggh · 2016-03-01 15:30 · Score: 1
  
  I would think the other 10% would be interested in an independent system doing threat assessment rather than having it bolted onto the operating system.
2. Re:What about the other 10% of IT bosses? by thegarbz · 2016-03-01 23:04 · Score: 1
  
  Windows is a seive.
  Windows itself is a minority of attack vectors in use today built by a company that while incompetent in many areas does a good job of promptly responding to security concerns.
  What's your FUD again?
3. Re:What about the other 10% of IT bosses? by AmiMoJo · 2016-03-02 01:21 · Score: 1
  
  What's more disturbing is that 90% see implementing a threat detection system that acts before data is stolen as something they would like to have, not something they already built.
  By this stage we should be pushing out tools for testing defences, not creating them.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:Does it detect Windows 10 as an Advanced Threat by sexconker · 2016-03-01 12:14 · Score: 1

Complete. Global. Saturation.
Re: So instead of fixing the problem... by Anonymous Coward · 2016-03-01 12:21 · Score: 2, Informative

You always lose your best people after your stock prices goes up so much.
Snort, Nagios, Fail2Ban, Wireshark, etc. etc. by Anonymous Coward · 2016-03-01 12:23 · Score: 2, Interesting

Any IT Director of a mid-to-large scale environment who does not have a dedicated intrusion-detection team running open source tools should have his ass fired. Out of a cannon. Into the sun.
1. Re:Snort, Nagios, Fail2Ban, Wireshark, etc. etc. by Sax+Russell+5449D29A · 2016-03-01 13:43 · Score: 1
  
  You can't really fire most of the IT directors out there, now can you?
  
  --
  -SR
Re:Does it detect Windows 10 as an Advanced Threat by waspleg · 2016-03-01 12:33 · Score: 1

Already getting down voted by shills ;)
Pot, kettle and all that by Opportunist · 2016-03-01 12:37 · Score: 4, Interesting

Wouldn't the first step be to stop snooping through their user's information themselves?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:Pot, kettle and all that by westlake · 2016-03-01 14:54 · Score: 1
  
  Wouldn't the first step be to stop snooping through their user's information themselves?
  Your OS is in the hands of hundreds of millions, perhaps a billion or so, non-technical, non-specialist, end users. The despair of the help desk, assuming there even is a help desk, and unable to communicate a useful bug report to a developer.
  That is why you build agents like Cortana and Siri into the system, and that is why you use telemetry to the get an accurate picture of how the OS and applications are performing the hands of those who need the most support.
2. Re:Pot, kettle and all that by penguinoid · 2016-03-01 14:59 · Score: 1
  
  Wouldn't the first step be to stop snooping through their user's information themselves?
  That information is more valuable when it isn't also being sold by hackers on the black market.
  
  --
  Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
3. Re:Pot, kettle and all that by Opportunist · 2016-03-01 20:13 · Score: 2
  
  How about this: I can turn the siphoning of my private data off when I accept one of those lovely click-through-do-not-read-just-click-accept dialogues where I declare I don't want any tech support from them. Deal?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:So instead of fixing the problem... by Sowelu · 2016-03-01 12:41 · Score: 1

I dunno, fixing symptoms can be pretty darn helpful to a patient when fixing the problem is a challenge (or even when it wasn't). If you send someone out the door with antibiotics and a 106F fever, you might be fixing the original problem, but I think they'd like a little help with the symptoms too.
Re:buzzword much? by tnk1 · 2016-03-01 12:44 · Score: 1

I suppose it then matters what the product was before the sticker was slapped on it. Does anyone know who they bought out for this?
Re:So instead of fixing the problem... by subanark · 2016-03-01 12:50 · Score: 1

Problem: Humans make mistakes.
Solution: None yet
In all seriousness, companies need to make a tradeoff between security and productivity. The biggest security problem is social engineering. You can't solve this problem.
Microsoft part of the problem by Anonymous Coward · 2016-03-01 13:02 · Score: 1

The reason why it takes so long to detect a breach is the lack of visibility of connections and users to a given computer, the lack of ability to short list suspicious connections in a proper UI, and a lack of tracking files, plus the route they take, if they leave the network.
Implement this and breaches will be a thing of the past.
1. Re:Microsoft part of the problem by Anonymous Coward · 2016-03-01 18:34 · Score: 1
  
  Implement this and breaches will be a thing of the past.
  A couple of points:
  1. These types of systems tend to overwhelm the sysadmins with false positives unless the machine can be limited to running only signed software which is often not practical.
  2. Even if all software running on the system is signed and all signed programs are pre-aproved, that still doesn't protect you from zero day exploits in your signed programs.
  3. These types of locked down systems tend to be dreadfully inconvenient for the average user. So much so that they start bringing in their own devices and otherwise looking for ways to conduct "shadow" IT to get around your secure, but user unfriendly systems.
Re:Does it detect Windows 10 as an Advanced Threat by Sarten-X · 2016-03-01 13:10 · Score: 1

No, you're getting down-voted because comments 1, 3, and 7 already said effectively the same thing and it wasn't particularly interesting or insightful those times, either.

--
You do not have a moral or legal right to do absolutely anything you want.
Wait, 80 days to contain it? by fustakrakich · 2016-03-01 13:44 · Score: 1

It takes that long to pull the plug?

--
“He’s not deformed, he’s just drunk!”
Re:So instead of fixing the problem... by CanadianMacFan · 2016-03-01 13:58 · Score: 1

You don't make money selling another product or service if you fix the symptom.
Compromised system by manu0601 · 2016-03-01 15:18 · Score: 1

How are they going to extract anything useful from a compromised system, where the attacked can feed MS with fake normal status?
Even worse, a botnet can be used to push poisonous data at large scale
1. Re:Compromised system by subanark · 2016-03-01 16:18 · Score: 1
  
  An attacker only has to screw up once before a breach is found, and an investigation is launched. Also, when an attacker first gets into a system they are often blind, and could easily trigger an alarm while poking around the numerous systems. Remember, this isn't for your individual user where an attacker can test all their tools beforehand, they are dealing with hidden programs that trigger an alert when something unusual happens, or it simply goes quiet.
Increasingly sophisticated Microsoft cyber attacks by tetraverse · 2016-03-01 16:36 · Score: 1

"Microsoft .. post-breach enterprise security service called Windows Defender Advanced Threat Protection"

How about designing a 'computer' that can't be compromised by opening an email attachment or clicking on a web link.
Julian Assange got some post breach detection by Anonymous Coward · 2016-03-01 19:52 · Score: 1

Julian Assange got some post breach detection, Swedish style :)
A bad joke, I know....
Re:How about making windows secure? by ITRambo · 2016-03-01 20:16 · Score: 1

Not everyone hated Vista. Many OEM's saddled it with 512-MB of RAM and single core slow CPU's. With 3 or more GB of RAM 64-bit Vista runs conventional programs as fast as Windows 7. Our shop only built custom PC's with 64-bit Vista that had 4-GB RAM or more. These ran circles around 32-bit XP machines, after fully booted. Vista is, and always will be, the slowest booting OS that MS every made. Once booted, it runs okay.
Re:Increasingly sophisticated Microsoft cyber atta by kruug · 2016-03-08 05:59 · Score: 1

That has been the goal, the issue is that the goal posts are constantly moving. As soon as one hole is patched, at least one more is found elsewhere. No system is 100% secure, and never will be. There will always be exploits and ways in. Think of the bogus "Microsoft Support" phone calls that are out there. These are people initiating a connection to a remote "hacker". How do you secure against that at the OS level?