Wowsers’ (Security) Chief!
I was always amazed by the bumbling ‘Inspector Gadget’ as a child and that Penny and Brain were always a number of steps ahead in the crime solving game. Keeping their illustrious Inspector looking good and keeping the world safe.
I didn’t expect a lot of parallels about this blog and that last paragraph – I really only wanted to use ‘Wowsers Chief’ in the title!
What ‘wows’ me today is the amazing improvements that are being made to Microsoft Defender Advanced Threat Protection (Name change from Windows Defender Advanced Threat Protection because it now runs on Mac!). I’ve written some blogs and have a short VLog on WD-ATP which is now out of date because the good humans over at the MD-ATP team keep adding great features and integration pieces!
One of the common misconceptions about MD-ATP is what it does. Antivirus is a component of this but MD-ATP is so much more! Behavioural analysis, timeline detail on activities, machine isolation, automated investigation/remediation, secure score, threat analytics, advanced hunting, file detonation, investigation packages and the list goes on! Head on over to some other MD-ATP blogs etc to get the low down on the basics of what it does…… I’m prepared to wait.
So now you’re up to speed – what’s new?
There are some out of box reports that the team is actively looking for feedback on. They’re useful for a stats report if you’re into that. Some useful threat category and threat detection information to help you determine where you need to focus efforts and some good Health reports – but it’s early days and I expect some changes.
The Threat and Vulnerability Management section is what wows me at the moment!
This well put together dashboard lets me see what the risks are in my environment and similar to the other secure score concepts Microsoft are using, provides me with an exposure score. But this time lower is better! I can get an idea from this page what the top security recommendations are, where I need to focus my efforts and some vulnerable software that I really need to patch! You can see in my test environment that it’s not just Microsoft apps that get the attention they deserve! There’s even a list of top exposed machines where you can target computers, particularly if the have a high risk profile (talk to me about Conditional Access and dynamic device and user threat assessment!)
Next up is a security recommendations page that again gives me some great insight as to why I should target updating. What are the current weaknesses and exploits that I’m at risk of? Notice that I don’t need to visit the 300 app vendors that I’m using in my environment and visit their exploits information pages to get this.
The software Inventory page is a great section under threat management to see some scary stuff about the applications in use in your environment and their threats and what you should target – some similarities to the security recommendations but useful from an app point of view.
This gets even better when you integrate MD-ATP with Microsoft Cloud App Security or MCAS for short. They throw in some amazing usage information, security information and application compliance information to help you know where you stand and be informed about the ‘shadow IT’ applications that are putting you at risk.
Now this on it’s own is awesome, but the pieces of information in the screen shots above are integrated into the threat assessment and hunting tasks that you would need to do when investigating a suspicious event that makes life so much easier.
It’s not only the wealth of information presented to me in a very meaningful manner, but also the way in which the interface has been crafted. Its obvious a lot of thought has been put into designing this interface to make it easier to move backwards and forwards throughout an investigation, without losing my context that I really like.
I’d love to show you the integration with MCAS but that’s for another blog topic. I think I’ve reached my limit on this one! Keep in mind that this is only the new stuff that I’ve mentioned in this blog post!
Also keep in mind that breakfast is the most important meal of the day!