MICROSOFT DEFENDER ADVANCED THREAT PROTECTION (ATP)
Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.
BUILT IN, NOT BOLT ON
Benefit From Threat Protection Services Built Into The OS and Leveraging The Microsoft Cloud
CLEAR GARTNER LEADER
Microsoft Defender Advanced Threat Protection (ATP) is built into the OS and is filled with key features and new and innovative capabilities, including:
A new approach to Threat and Vulnerability Management
Built-in, cloud-powered protections
“Deployment” is as easy as it gets by being built directly into the operating system.
Contain the threat
Microsoft Threat Experts
MANAGEMENT AND INTEGRATION
Microsoft Defender ATP supports a wide variety of options to ensure that customers can easily adopt the platform.
Acknowledging that customer environments and structures can vary, Microsoft Defender ATP was created with flexibility and granular control to fit varying customer requirements.
The Microsoft Defender ATP solution is built on top of an integration-ready platform:
It supports integration with a number of security information and event management (SIEM) solutions and also exposes APIs to fully support pulling all the alerts and detection information into any SIEM solution.
It supports a rich set of application programming interface (APIs) providing flexibility for those who are already heavily invested in data enrichment and automation:
Enriching events coming from other security systems with foot print or prevalence information
Triggering file or machine level response actions through APIs
Keeping systems in-sync such as importing machine tags from asset management systems into Microsoft Defender ATP, synchronize alerts and incidents status cross ticketing systems with Microsoft Defender ATP.