Microsoft Brings Post-Breach Detection To Windows 10 (sdtimes.com) 79
mmoorebz writes: Microsoft is recognizing the increasingly sophisticated cyber attacks on enterprises, which is why it is taking a new approach to protect its customers. Today it announced its new post-breach enterprise security service called Windows Defender Advanced Threat Protection, which will respond to these advanced attacks on companies' networks. Attackers these days are using social engineering and zero-day vulnerabilities to break into corporate networks. According to Microsoft, thousands of attacks were reported in 2015 alone. The company found that it currently takes an enterprise more than 200 days to detect a security breach, and 80 days to contain it. When there is such a breach, the attackers can steal company data, find private information, and damage the brand and customer trust in the company.
Windows 10 (Score:4, Funny)
Will Windows Defender Advanced Threat Protection flag Windows 10 itself as a security breach after just a few more Windows updates?
Re: (Score:2)
While that sounds funny, this may very well become a problem.
Re: (Score:1)
Awesome! (Score:1, Troll)
It'll be a great tool while Microsoft maintains it for six months, and then it will be even more worthless than Symantec antivirus but people will still trust it.
Just has been the case with every previous Microsoft antivirus/antimalware effort.
Re: (Score:2, Informative)
Re: (Score:1)
And yet, it still offers no defense against, or even warn, that the operating system is sending your personal, private data to Microsoft.
Re: (Score:1)
I believe the more appropriate choice would be to go on a murder rampage at the office.
Re: (Score:2)
Re: (Score:1)
In order to flush the people out of the building to where you are waiting for them...then, yes...
Re: (Score:3)
Re: (Score:1)
It doesn't look that great on AV-Test. I just checked and it's 3rd from the bottom on protection, if I'm reading it right. (Note - I use MSE/Defender and am not inherently a basher).
Vulnerabilities? (Score:1, Insightful)
Re:Vulnerabilities? (Score:5, Insightful)
Does anyone ever set out to hire bad staff?
No, but these practices ensure that it occurs and that good staff doesn't stay for very long:
- Maximizing hires of people from the oppressed group of the week
- Replacing experienced staff with H1-Bs
- Expecting a new hire to be immediately up to speed on everything the first time they walk into the office
- Forcing tech employees to seek out training on their own time and dime because "it's expensive"
- Treating vacation and sick time as frivolities that can be declined at the discretion of management
- Never allowing or facilitating promotion of tech employees and watching them leave the company after a few years
- Expecting 24/7/365 availability via phone and email of tech employees
Re: (Score:1)
Re: (Score:2)
"And where are these Windows backdoors everyone is always prattling on about?"
Someone that isn't me can make any changes they want to my device (updates) anytime I'm connected to the internet and there's nothing I can do about it. (except apk hosts file?)
That isn't backdoored?
Re:Vulnerabilities? (Score:4, Interesting)
http://www.dailymail.co.uk/new... [dailymail.co.uk]
Microsoft handed the NSA access to encrypted messages
http://www.theguardian.com/wor... [theguardian.com]
"encryption unlocked even before official launch"
".. helped the NSA to circumvent its encryption"
"... routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport""
Re: (Score:1)
Sure it does. But this time it gets a "Geniune Microsoft" sticker to it.
C'mon, you didn't honestly expect MS to invent something? It's the usual "wait to see where the train goes then go and buy one that looks pretty to sell it as our own" spiel.
Re: (Score:2)
I suppose it then matters what the product was before the sticker was slapped on it. Does anyone know who they bought out for this?
Re: So instead of fixing the problem... (Score:2, Informative)
You always lose your best people after your stock prices goes up so much.
Re: (Score:2)
I dunno, fixing symptoms can be pretty darn helpful to a patient when fixing the problem is a challenge (or even when it wasn't). If you send someone out the door with antibiotics and a 106F fever, you might be fixing the original problem, but I think they'd like a little help with the symptoms too.
Re: (Score:2)
Problem: Humans make mistakes.
Solution: None yet
In all seriousness, companies need to make a tradeoff between security and productivity. The biggest security problem is social engineering. You can't solve this problem.
Re: (Score:2)
You don't make money selling another product or service if you fix the symptom.
Re: (Score:2)
Does it detect Windows 10 as an Advanced Threat? (Score:5, Insightful)
If so, will it be renamed Microsoft Ouroboros?
Re: (Score:2)
Complete. Global. Saturation.
Re: (Score:2)
Already getting down voted by shills ;)
Re: (Score:2)
No, you're getting down-voted because comments 1, 3, and 7 already said effectively the same thing and it wasn't particularly interesting or insightful those times, either.
Re: (Score:1)
Nah, I would go with M$ marketdroids burning up their modding rights, clearly modding based upon comments not fulfilling M$ marketing requirements. Settle down, how many ad homini attacks by M$ marketdroids attacks are simply let slide because everyone has become so used to them as normal behaviour for M$ makertdroids they stop bothering modding them or replying to them, except when the mood strikes. Reality is any security software that does not skip past M$ antics as ask the end user whether they want to
What about the other 10% of IT bosses? (Score:4, Insightful)
From TFA: "After surveying its own customers, the company found that 90% of IT directors want an advanced threat protection solution that identifies an attack quick, before the breach actually occurs."
Presumably the remaining 10% of Microsoft customers surveyed felt that it is all so pointless, so futile. Windows is a seive. What's the use... we're all doomed... no... point... ... Daisy... Daisy...
Re: (Score:2)
I would think the other 10% would be interested in an independent system doing threat assessment rather than having it bolted onto the operating system.
Re: (Score:2)
Windows is a seive.
Windows itself is a minority of attack vectors in use today built by a company that while incompetent in many areas does a good job of promptly responding to security concerns.
What's your FUD again?
Re: (Score:2)
What's more disturbing is that 90% see implementing a threat detection system that acts before data is stolen as something they would like to have, not something they already built.
By this stage we should be pushing out tools for testing defences, not creating them.
Snort, Nagios, Fail2Ban, Wireshark, etc. etc. (Score:2, Interesting)
Any IT Director of a mid-to-large scale environment who does not have a dedicated intrusion-detection team running open source tools should have his ass fired. Out of a cannon. Into the sun.
Re: (Score:1)
You can't really fire most of the IT directors out there, now can you?
Pot, kettle and all that (Score:5, Interesting)
Wouldn't the first step be to stop snooping through their user's information themselves?
Re: (Score:2)
Wouldn't the first step be to stop snooping through their user's information themselves?
Your OS is in the hands of hundreds of millions, perhaps a billion or so, non-technical, non-specialist, end users. The despair of the help desk, assuming there even is a help desk, and unable to communicate a useful bug report to a developer.
That is why you build agents like Cortana and Siri into the system, and that is why you use telemetry to the get an accurate picture of how the OS and applications are performing the hands of those who need the most support.
Re: (Score:3)
How about this: I can turn the siphoning of my private data off when I accept one of those lovely click-through-do-not-read-just-click-accept dialogues where I declare I don't want any tech support from them. Deal?
Re: (Score:2)
Wouldn't the first step be to stop snooping through their user's information themselves?
That information is more valuable when it isn't also being sold by hackers on the black market.
Microsoft part of the problem (Score:1)
The reason why it takes so long to detect a breach is the lack of visibility of connections and users to a given computer, the lack of ability to short list suspicious connections in a proper UI, and a lack of tracking files, plus the route they take, if they leave the network.
Implement this and breaches will be a thing of the past.
Re: (Score:1)
Implement this and breaches will be a thing of the past.
A couple of points:
1. These types of systems tend to overwhelm the sysadmins with false positives unless the machine can be limited to running only signed software which is often not practical.
2. Even if all software running on the system is signed and all signed programs are pre-aproved, that still doesn't protect you from zero day exploits in your signed programs.
3. These types of locked down systems tend to be dreadfully inconvenient for the average user. So much so that they start bringing in their own
Wait, 80 days to contain it? (Score:1)
It takes that long to pull the plug?
Compromised system (Score:2)
How are they going to extract anything useful from a compromised system, where the attacked can feed MS with fake normal status?
Even worse, a botnet can be used to push poisonous data at large scale
Re: (Score:2)
An attacker only has to screw up once before a breach is found, and an investigation is launched. Also, when an attacker first gets into a system they are often blind, and could easily trigger an alarm while poking around the numerous systems. Remember, this isn't for your individual user where an attacker can test all their tools beforehand, they are dealing with hidden programs that trigger an alert when something unusual happens, or it simply goes quiet.
Increasingly sophisticated Microsoft cyber attacks (Score:1)
How about designing a 'computer' that can't be compromised by opening an email attachment or clicking on a web link.
Re: (Score:1)
Julian Assange got some post breach detection (Score:1)
Julian Assange got some post breach detection, Swedish style :)
A bad joke, I know....