There isn’t much an organization can do to reduce the number of security threats it faces on a daily basis. Hackers will be hackers. They constantly develop new techniques and tools that allow them to carry out as many attacks as possible. However, organizations can make the job of a hacker more difficult by reducing the attack surface.
The attack surface is made up of all the vulnerabilities that a hacker might be able to access on the network, computing devices, software code or physical assets. When you shrink the attack surface by closing or eliminating potential vulnerabilities, you limit the options of hackers and can better focus your defenses.
Attack surface reduction is one of the core capabilities of Microsoft Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP is a unified endpoint detection and response platform that provides protection against actions and applications used by emerging threats. Attack surface reduction protects against file-less and file-based attacks with host intrusion prevention, vulnerability mitigation and application control.
This feature uses rules to enable or disable specific behaviors that would indicate the presence of a threat, such as ransomware and executable files and scripts that attempt to download or run files in Office applications or webmail. Windows Defender ATP also includes rules for suspicious scripts and abnormal application behavior.
A recent update to Windows Defender ATP includes two new rules, which brings the grand total to 14, each of which targets malware techniques commonly used by hackers. The two new rules focus on preventing Outlook and Adobe Reader from creating child processes at the workstation level. This would eliminate attacks that use macros and vulnerability exploits to download malware. When any attack surface reduction rule is activated and an application or file is blocked, an alert from the Action Center is displayed on the user’s device.
In addition to attack surface reduction, Windows Defender ATP offers a number of features that reduce the risk and impact of data breaches by enabling intelligent threat protection, detection, investigation and response. Windows Defender ATP uses next-generation antivirus, behavior monitoring, machine learning and security analytics to ensure that security teams have the tools and visibility to detect and investigate advanced threats.
Automated response to security incidents takes you from alert to remediation in minutes. Cloud-based artificial intelligence automatically investigates each new alert, assesses the complexity and severity of the threat, and takes the appropriate action to remediate.
To make sure your organization is prepared to deal with the most sophisticated threats, security teams can use Secure Score to run reports on devices across your security infrastructure. As we discussed in an earlier post, Secure Score identifies the Office 365 services in use, analyzes your settings and activity patterns, and compares them to the Microsoft baseline. You’ll then receive a score that tells you the state of security, as well as recommendations for improvement.
Security threats are constantly increasing in number and sophistication. Let us show you how Windows Defender ATP reduces the attack surface, detects advanced threats, automates the response to security incidents, and helps you stay up to date with security best practices.
Written and composed by Principal, Steve Soper