Security News

Microsoft this week announced a new feature in Microsoft Defender Advanced Threat Protection that is designed to block and contain malicious behavior. Called "Endpoint detection and response in block mode," the capability is meant to provide post-breach blocking of malware and other malicious behaviors, by taking advantage of Microsoft Defender ATP's built-in machine learning models, Microsoft says.

Microsoft's range of Defender Advanced Threat Protection endpoint security tools recently added a new family member, with the preview release of Microsoft Defender ATP for Android. Previewing Android security in Microsoft Defender ATP. Defender ATP for Android is intended to keep relatively loose control over unmanaged devices.

Microsoft this week announced the public preview availability of the Android version of its Defender Advanced Threat Protection software and the general availability of the Linux variant. Microsoft introduced Defender ATP in Windows 10 in 2016, but has since expanded its reach to other Windows versions, as well as to macOS and Linux, and now mobile devices.

Microsoft has added support for Linux and Android to Microsoft Defender ATP, its unified enterprise endpoint security platform. "Adding Linux into the existing selection of natively supported platforms by Microsoft Defender ATP marks an important moment for all our customers. It makes Microsoft Defender Security Center a truly unified surface for monitoring and managing security of the full spectrum of desktop and server platforms that are common across enterprise environments," noted Helen Allas, a principal program manager at Microsoft.

Microsoft has extended the protection capabilities of Microsoft Defender Advanced Threat Protection with the addition of a Unified Extensible Firmware Interface scanner. With hardware and firmware-level attacks increasing in frequency over the past several years, Microsoft has decided to expand its security solution's capabilities to ensure it can continue to keep users secure.

Vectra Integrates Cognito with Microsoft Defender ATP and Azure Sentinel to Form a SOC Visibility Triad. San Jose, Calif-based threat detection firm Vectra has integrated its network threat detection and response Cognito platform with Microsoft Defender and Microsoft Azure Sentinel to deliver Gartner's concept of the SOC Visibility Triad. Gartner introduced the idea of the SOC Visibility Triad in March 2019. The new native integration between Vectra's Cognito and Microsoft's Defender and Sentinel is designed to provide the SOC with full oversight of the state of the infrastructure, and better ability to respond to suspicious events.

Delta Risk, a leading provider of SOC-as-a-Service and security services, announced the integration of Microsoft Defender Advanced Threat Protection with its cloud-native Security Orchestration and Automation platform, ActiveEye. Delta Risk provides Managed Detection and Response for both new and existing Defender ATP customers who need an experienced partner to help them quickly identify and respond to endpoint threats with a 24×7 security operations center.

Microsoft is now providing all of its Defender ATP (Advanced Threat Protection) customers with tamper protection, which is meant to prevent unauthorized changes to security features. read more

AttackIQ, a leader in the continuous security validation market to help organizations achieve cyber resiliency, announced the integration of its AttackIQ Platform with Microsoft Defender Advanced...

Microsoft’s unified endpoint security solution is now publicly available for Mac users, following two months of limited preview.  read more