Microsoft defends previous Windows releases
Microsoft defends previous Windows releases
Microsoft are adding “down-level” support to Windows Defender Advanced Threat Protection (ATP), making it available to protect machines running Windows 7 and Windows 8.1.
Microsoft are building a behavioural based Endpoint Detection and Response (EDR) solution specifically for the older Windows editions. For Windows 10 devices, they recommend that it be run alongside Windows Defender Antivirus which, in these “down-level” scenarios, they call System Center Endpoint Protection (SCEP).
A public preview will be made available in “spring” 2018.
What is Windows Defender ATP?
Windows Defender Advanced Threat Protection is the difference between Windows 10 E3 and Windows 10 E5 and:
“provides preventative protection, detects attacks and zero-day exploits, and gives you centralized management for your end-to-end security lifecycle”
Its aim is to help organisations detect and investigate cyber attacks in a faster, more efficient manner using a combination of behavioural analytics, machine learning and human researchers.
What does this mean for ITAM?
For organisations with devices still running Windows 7 SP1 and/or Windows 8.1 (which is many), this will enable a stronger security baseline across the desktop as Windows Defender Advanced Threat Protection offers several tools and reports to help improve and maintain an organisation’s security.
ITAM should be integral to the successful running of WDATP – or similar tools. While Security Operations and Security Management teams will, most likely, be the ones using the tools – knowing how many devices there are, where they are and what type of OS they’re running will be key to ensuring proper protection. If devices are missing from asset scans, that might indicate a potential security problem.
There are advanced features within Windows Defender Advanced Threat Protection that can be turned on, if there are other licenses present.
For example, the “Office 365 Threat Intelligence connection” enables a centralised security report across Windows devices and Office 365 mailboxes. Being able to produce a report of all users licensed with Windows 10 E5 and Office 365 E5 (or the Threat Intelligence add-on) will make it possible to check that this feature is enabled and working everywhere it should be.
Non-Windows devices
Microsoft have also extended Windows Defender ATP to run cross-platform across Linux, iOS, Android and macOS, through work with solutions from BitDefender, LookOut, Ziften and SentinelOne.
Again, ITAM being able to present a complete overview of all devices – not just Windows desktops but all mobile devices too – will be hugely beneficial to the success of such a deployment.
Do you have that level of insight into your mobile estate currently? Even if it’s unlikely that you’ll deploy Windows 10 E5 and Windows Defender ATP, as ITAM and Security become ever more entwined – visibility of phones, tablets, smart watches etc. will surely be a key part of Next Generation ITAM.
Further Reading
- Announcing support for Windows 7 & 8.1:
https://blogs.windows.com/business/2018/02/12/announcing-windows-defender-atp-support-for-windows-7-and-windows-8-1/ - Foiling Dofoil with WDATP:
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/04/hunting-down-dofoil-with-windows-defender-atp/
Can’t find what you’re looking for?
More from ITAM News & Analysis
-
Software Vendor Insights: What do the numbers tell us about the opportunities for ITAM negotiations?
What software vendor insights can be gained from the latest financial results from Amazon, Google, Broadcom, Salesforce, IBM and SAP? An important part of ITAM is paying close attention to the health of the companies we ... -
Flexera is first SAM tool vendor verified for Oracle E-Business Suite applications
Flexera has announced that it has been verified as the first software asset management (SAM) tool vendor for Oracle E-Business Suite applications. Almost anyone with an Oracle estate will be familiar with the company’s License Management ... -
ITAMantics - March 2024
Welcome to the March 2024 edition of ITAMantics, where George, Rich and Ryan discuss the month’s ITAM news. Up for discussion this month are. Listen to the full ITAMantics podcast above or queue it up from ...