MICROSOFT WILL BEEF UP the security credentials of Windows 10 when it releases its Fall Creators Update this autumn.
The update will enable Windows 10 to use data from Microsoft's cloud-based services to better respond to emerging threats - such as recent ransomware outbreaks - in order to better protect client PCs.
The new capabilities, claimed Avi Sagiv, principal program manager of Windows Defender ATP at Microsoft in a security blog post, is intended to "stop attacks as they happen… [moving] beyond detection, investigation, and response".
Using cloud-based services, Microsoft claims that it will move Windows 10 "from a world of isolated defences to a smart, interconnected, and coordinated defence grid that is more intelligent, simple to manage, and ever-evolving".
Windows 10 security would also be made easier to manage for systems administrators and corporate security professionals.
A number of new tools will be introduced, including Windows Defender Exploit Guard, which will give companies more control in terms of restricting the code that can run on corporate PCs, including tools to mitigate exploits at runtime. Websites known to be hosting malicious code can also be automatically blocked based on intelligence distributed by the Windows Defender SmartScreen knowledge base.
The Update will also enable administrators to set their own 'attack surface reduction' (ASR) smart rules to enable them to, for example, block Microsoft Office files containing malicious macros that surreptitiously attempt to download and execute content from the internet.
New features will also enable organisations to apply security features native to Windows 10 to legacy applications without having to recompile them first.
Microsoft also claims that it will make security management of a fleet of Windows 10 PCs simpler, with what it promises will be a "single pane of glass view across the Windows security stack". In practice, this will mean:
- Access to Windows Defender SmartScreen alerts and events that can show which employee clicked on a specific URL, despite a warning message;
- At-a-glance access to Windows Defender Antivirus detections and connections blocked by Windows Defender Firewall;
- The ability to view Device Guard events highlighting unauthorised applications that have been blocked, but which may still be present within the organisational environment;
- Access to alerts when Windows Defender Application Guard has isolated and blocked attacks targeting web browsers running on Windows 10 client PCs.
And that's not all. Sagiv suggests that Microsoft will be augmenting the detection dictionary in Windows Defender ATP to include new indicators of attacks. "Some of these new detections include dynamic script-based attacks, network explorations, and keylogging alerts," according to Sagiv.
There will also be enhanced security analytics and a new set of security graph APIs to better integrate Windows Defender ATP with organisations' security and information and event management (SIEM) systems.
"Finally, we plan to extend Windows Defender ATP to also cover the Windows Server platform, starting with Windows Server 2012 R2 and 2016 releases," said Sagiv, who tantalisingly added that Microsoft is planning to extend support to "more platforms beyond Windows". µ
Archaic prototype shows Redmond has come a long way in hardware design
And woe betide if you're called Mohammed too
Lack of proper comms gets a frosty reception from Project Zero's Travis Ormandy
Wine 3.0 brings support for Windows apps to Google's mobe OS