Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Microsoft Security Crime Windows

Microsoft Brings Post-Breach Detection To Windows 10 (sdtimes.com) 79

mmoorebz writes: Microsoft is recognizing the increasingly sophisticated cyber attacks on enterprises, which is why it is taking a new approach to protect its customers. Today it announced its new post-breach enterprise security service called Windows Defender Advanced Threat Protection, which will respond to these advanced attacks on companies' networks. Attackers these days are using social engineering and zero-day vulnerabilities to break into corporate networks. According to Microsoft, thousands of attacks were reported in 2015 alone. The company found that it currently takes an enterprise more than 200 days to detect a security breach, and 80 days to contain it. When there is such a breach, the attackers can steal company data, find private information, and damage the brand and customer trust in the company.
This discussion has been archived. No new comments can be posted.

Microsoft Brings Post-Breach Detection To Windows 10

Comments Filter:
  • Windows 10 (Score:4, Funny)

    by Anonymous Coward on Tuesday March 01, 2016 @08:01PM (#51618659)

    Will Windows Defender Advanced Threat Protection flag Windows 10 itself as a security breach after just a few more Windows updates?

  • Awesome! (Score:1, Troll)

    by kimvette ( 919543 )

    It'll be a great tool while Microsoft maintains it for six months, and then it will be even more worthless than Symantec antivirus but people will still trust it.

    Just has been the case with every previous Microsoft antivirus/antimalware effort.

    • Re: (Score:2, Informative)

      by Anonymous Coward
      Windows Defender has been around since Vista and has gotten better and better. They're committed to it.
    • You have a valid point in the MSE was good when released. Then when resources were focusing on Windows 8, MSE fell down in real world testing at AV-Test and AV-Comparatives. Since that time three years ago it has recovered and is once again okay to use.
      • It doesn't look that great on AV-Test. I just checked and it's 3rd from the bottom on protection, if I'm reading it right. (Note - I use MSE/Defender and am not inherently a basher).

  • Vulnerabilities? (Score:1, Insightful)

    by AHuxley ( 892839 )
    Using Microsoft products is the way into the corporate network. Stop buying junk products with backdoors, air gap, hire good staff and then secure your networks.
  • by waspleg ( 316038 ) on Tuesday March 01, 2016 @08:12PM (#51618719) Journal

    If so, will it be renamed Microsoft Ouroboros?

    • Complete. Global. Saturation.

      • by waspleg ( 316038 )

        Already getting down voted by shills ;)

        • No, you're getting down-voted because comments 1, 3, and 7 already said effectively the same thing and it wasn't particularly interesting or insightful those times, either.

          • by rtb61 ( 674572 )

            Nah, I would go with M$ marketdroids burning up their modding rights, clearly modding based upon comments not fulfilling M$ marketing requirements. Settle down, how many ad homini attacks by M$ marketdroids attacks are simply let slide because everyone has become so used to them as normal behaviour for M$ makertdroids they stop bothering modding them or replying to them, except when the mood strikes. Reality is any security software that does not skip past M$ antics as ask the end user whether they want to

  • by Freshly Exhumed ( 105597 ) on Tuesday March 01, 2016 @08:14PM (#51618733) Homepage

    From TFA: "After surveying its own customers, the company found that 90% of IT directors want an advanced threat protection solution that identifies an attack quick, before the breach actually occurs."

    Presumably the remaining 10% of Microsoft customers surveyed felt that it is all so pointless, so futile. Windows is a seive. What's the use... we're all doomed... no... point... ... Daisy... Daisy...

    • I would think the other 10% would be interested in an independent system doing threat assessment rather than having it bolted onto the operating system.

    • Windows is a seive.

      Windows itself is a minority of attack vectors in use today built by a company that while incompetent in many areas does a good job of promptly responding to security concerns.

      What's your FUD again?

    • by AmiMoJo ( 196126 )

      What's more disturbing is that 90% see implementing a threat detection system that acts before data is stolen as something they would like to have, not something they already built.

      By this stage we should be pushing out tools for testing defences, not creating them.

  • by Anonymous Coward

    Any IT Director of a mid-to-large scale environment who does not have a dedicated intrusion-detection team running open source tools should have his ass fired. Out of a cannon. Into the sun.

  • by Opportunist ( 166417 ) on Tuesday March 01, 2016 @08:37PM (#51618825)

    Wouldn't the first step be to stop snooping through their user's information themselves?

    • Wouldn't the first step be to stop snooping through their user's information themselves?

      Your OS is in the hands of hundreds of millions, perhaps a billion or so, non-technical, non-specialist, end users. The despair of the help desk, assuming there even is a help desk, and unable to communicate a useful bug report to a developer.

      That is why you build agents like Cortana and Siri into the system, and that is why you use telemetry to the get an accurate picture of how the OS and applications are performing the hands of those who need the most support.

      • How about this: I can turn the siphoning of my private data off when I accept one of those lovely click-through-do-not-read-just-click-accept dialogues where I declare I don't want any tech support from them. Deal?

    • Wouldn't the first step be to stop snooping through their user's information themselves?

      That information is more valuable when it isn't also being sold by hackers on the black market.

  • by Anonymous Coward

    The reason why it takes so long to detect a breach is the lack of visibility of connections and users to a given computer, the lack of ability to short list suspicious connections in a proper UI, and a lack of tracking files, plus the route they take, if they leave the network.

    Implement this and breaches will be a thing of the past.

    • by Anonymous Coward

      Implement this and breaches will be a thing of the past.

      A couple of points:

      1. These types of systems tend to overwhelm the sysadmins with false positives unless the machine can be limited to running only signed software which is often not practical.

      2. Even if all software running on the system is signed and all signed programs are pre-aproved, that still doesn't protect you from zero day exploits in your signed programs.

      3. These types of locked down systems tend to be dreadfully inconvenient for the average user. So much so that they start bringing in their own

  • It takes that long to pull the plug?

  • How are they going to extract anything useful from a compromised system, where the attacked can feed MS with fake normal status?

    Even worse, a botnet can be used to push poisonous data at large scale

    • An attacker only has to screw up once before a breach is found, and an investigation is launched. Also, when an attacker first gets into a system they are often blind, and could easily trigger an alarm while poking around the numerous systems. Remember, this isn't for your individual user where an attacker can test all their tools beforehand, they are dealing with hidden programs that trigger an alert when something unusual happens, or it simply goes quiet.

  • "Microsoft .. post-breach enterprise security service called Windows Defender Advanced Threat Protection"

    How about designing a 'computer' that can't be compromised by opening an email attachment or clicking on a web link.
    • by kruug ( 4451395 )
      That has been the goal, the issue is that the goal posts are constantly moving. As soon as one hole is patched, at least one more is found elsewhere. No system is 100% secure, and never will be. There will always be exploits and ways in. Think of the bogus "Microsoft Support" phone calls that are out there. These are people initiating a connection to a remote "hacker". How do you secure against that at the OS level?
  • Julian Assange got some post breach detection, Swedish style :)

    A bad joke, I know....

The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford