Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Brings Post-Breach Detection To Windows 10 (sdtimes.com)

Posted by yaelk on from the stopping-breaches dept.

mmoorebz writes: Microsoft is recognizing the increasingly sophisticated cyber attacks on enterprises, which is why it is taking a new approach to protect its customers. Today it announced its new post-breach enterprise security service called Windows Defender Advanced Threat Protection, which will respond to these advanced attacks on companies' networks. Attackers these days are using social engineering and zero-day vulnerabilities to break into corporate networks. According to Microsoft, thousands of attacks were reported in 2015 alone. The company found that it currently takes an enterprise more than 200 days to detect a security breach, and 80 days to contain it. When there is such a breach, the attackers can steal company data, find private information, and damage the brand and customer trust in the company.

12 of 79 comments (clear)

  1. Windows 10 by Anonymous Coward · · Score: 4, Funny

    Will Windows Defender Advanced Threat Protection flag Windows 10 itself as a security breach after just a few more Windows updates?

  2. Does it detect Windows 10 as an Advanced Threat? by waspleg · · Score: 5, Insightful

    If so, will it be renamed Microsoft Ouroboros?

  3. What about the other 10% of IT bosses? by Freshly+Exhumed · · Score: 3, Insightful

    From TFA: "After surveying its own customers, the company found that 90% of IT directors want an advanced threat protection solution that identifies an attack quick, before the breach actually occurs."

    Presumably the remaining 10% of Microsoft customers surveyed felt that it is all so pointless, so futile. Windows is a seive. What's the use... we're all doomed... no... point... ... Daisy... Daisy...

    --
    I deny that I have not avoided attaining the opposite of that which I do not want.
  4. Re: So instead of fixing the problem... by Anonymous Coward · · Score: 2, Informative

    You always lose your best people after your stock prices goes up so much.

  5. Snort, Nagios, Fail2Ban, Wireshark, etc. etc. by Anonymous Coward · · Score: 2, Interesting

    Any IT Director of a mid-to-large scale environment who does not have a dedicated intrusion-detection team running open source tools should have his ass fired. Out of a cannon. Into the sun.

  6. Pot, kettle and all that by Opportunist · · Score: 4, Interesting

    Wouldn't the first step be to stop snooping through their user's information themselves?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Pot, kettle and all that by Opportunist · · Score: 2

      How about this: I can turn the siphoning of my private data off when I accept one of those lovely click-through-do-not-read-just-click-accept dialogues where I declare I don't want any tech support from them. Deal?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. Re:Vulnerabilities? by Anonymous Coward · · Score: 5, Insightful

    Does anyone ever set out to hire bad staff?

    No, but these practices ensure that it occurs and that good staff doesn't stay for very long:

    - Maximizing hires of people from the oppressed group of the week
    - Replacing experienced staff with H1-Bs
    - Expecting a new hire to be immediately up to speed on everything the first time they walk into the office
    - Forcing tech employees to seek out training on their own time and dime because "it's expensive"
    - Treating vacation and sick time as frivolities that can be declined at the discretion of management
    - Never allowing or facilitating promotion of tech employees and watching them leave the company after a few years
    - Expecting 24/7/365 availability via phone and email of tech employees

  8. Re:Vulnerabilities? by secretsquirel · · Score: 2

    "And where are these Windows backdoors everyone is always prattling on about?"

    Someone that isn't me can make any changes they want to my device (updates) anytime I'm connected to the internet and there's nothing I can do about it. (except apk hosts file?)

    That isn't backdoored?

  9. Re:Awesome! by Anonymous Coward · · Score: 2, Informative

    Windows Defender has been around since Vista and has gotten better and better. They're committed to it.

  10. Re:Vulnerabilities? by AHuxley · · Score: 3, Interesting

    AC re 'but to my knowledge no one has ever found any." did you forget all the interesting PRISM news back in 2013?
    http://www.dailymail.co.uk/new...
    Microsoft handed the NSA access to encrypted messages
    http://www.theguardian.com/wor...
    "encryption unlocked even before official launch"
    ".. helped the NSA to circumvent its encryption"
    "... routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport""

    --
    Domestic spying is now "Benign Information Gathering"
  11. Re:Awesome! by ITRambo · · Score: 2

    You have a valid point in the MSE was good when released. Then when resources were focusing on Windows 8, MSE fell down in real world testing at AV-Test and AV-Comparatives. Since that time three years ago it has recovered and is once again okay to use.