The last year has seen a spate of cyberattacks, hacks and leaks across governments, companies and consumers, making it important for operating systems to offer improved security features. Microsoft, the behemoth of PC OS, is adding improved detection and investigation of, and response to, such attacks in its Windows Defender Advanced Threat Protection (ATP) in its upcoming Windows 10 Creators Update.
“We’re diligently tracking advances in sophisticated attacks, and listening to feedback from our Windows Defender ATP customers,” Avi Sagiv, principal program manager, Windows Defender ATP, said in the company’s official blog post announcing the launch of the new OS feature Monday.
The Windows 10 Creators Update will bring improved memory and kernel sensors, which will detect memory and kernel level attackers. The company claims the improvement to the OS will cover previous blind spots which shielded attackers from conventional detection tools. The company also said it has already tested the technology against the Zero Day attacks in December.
Additionally, the new update will increase ransomware detection and also help avert cyberattacks, using Microsoft’s machine learning detection library, which will counter ever-changing attack trends. The new detection rules set by this technology will store security data for six months on your PC and analyze it , so that the system can notice attacks which hadn’t been detected previously.
The update will also allow customers to determine their own detection rules if they don’t want to opt for the default settings.
With the new update, the entire Windows security stack will be accessible in one single window. You will be able to see multiple attack detections in this window, which could allow corporate security teams to analyze attacks better.
Windows Defender Antivirus detections and Device Guard blocks will emerge first. The update will simply use your user profile on the PC to track attackers across the network you are on.
SecOps, the Windows security operations program, will actively look for evidence of cyberattacks across file names, IP addresses and URLs. For corporate users, such detection will also move across the company’s cloud inventory. However, the blog post does not make it clear how the permissions for such detection will be regulated.
When an attack takes place, the update will also allow security teams to first isolate the compromised machine, which could go a long way in preventing large-scale cyberattacks. It will then ban the malicious files from the network, kill and quarantine the infected processes and most importantly, retrieve an investigation package, which Microsoft claims could provide forensic evidence of a cyberattack.
The new security features from Microsoft are expected to help companies and consumers ensure their security against cyberattacks. As they grow more sophisticated, OS security features also need to improve to cope.