It’s important to uphold resilience through intelligence if you’re to address any evolving threats. Nomathemba Games, MCC Lead at First Distribution takes us through an introduction of the mountain of a manager that Advanced Threat Protection is, all at the CIO Cloud and Security Summit. #CIOCSS
Nomathemba Games, MMC Lead at First Distribution, shows us the benefit of upholding resilience to address evolving threats through intelligence, by introducing the mountain of a manager. “Advanced Threat Protection as a product suite is a unified pre and post-breach enterprise defense suite,” she opens.
Quite the juggernaut for the job as, it delivers detection, prevention, investigation and response across all endpoints, identities, emails and applications, and provides integrated protection against sophisticated attacks. With this unified threat protection solution, security professionals are able to stitch together threat signals that each of this products receive and can determine the full scope of the impact of the threat, how it entered the environment, what it affected, how its currently impacting the organization and what is happening in the occurrence. “Microsoft ATP, takes automatic action to prevent or stop the attack itself and self-heal affected mailboxes, endpoints and user identities,” she remarks. With this all-round perspective, no stones are left unturned and it looks like you’ve got a loyal one on your team because all your flanks are covered.
So how does this manager diligently do his job? Through the integration of three assets. Microsoft Defender ATP, that comes with end-point protection and powerful tools for threat hunting and responding to threats. Office 365 ATP which covers email protection, threat protection policies, reports, threat investigation & response capabilities and automated investigation & response capabilities. And as the last arrow in his quiver… Azure ATP, that encompasses active directory protection and monitors, protects, identifies and remediates. Though, he does one more have trick up his sleeve which is the Microsoft Cloud App Security which is specifically tailored to protect your applications.
Microsoft Defender ATP, started off as enterprise product Microsoft Defender Anti-virus. But with the latest technological advances, “Microsoft has started to shift into productizing a lot of their workloads and things that are available to businesses and re-sellers in the licensing world,” Nomathemba says, owing to the fact that the Defender is operating from an end-point perspective. It is a comprehensive solution that protects while it detects, and automates the investigations and response on threats at the end-point. It continually collects end-user behaviors and attacker techniques at endpoints so that you are able to identify an alert or any suspicious or malicious activity that might be taking place in the environment. It also provides a security team with tools that will give them the ability to investigate forensic evidence and understand the scope of the breach so that the necessary action is taken.
Office 365 ATP is built to safeguard an organization against malicious threats mostly in regard to emails. It covers three core components when addressing attacks; identities, attachments and links. From an identity perspective, it surveils the sender and who they claim to be. From attachments, it verifies whether the attachment is safe to be opened and through links it monitors whether it is a safe to click on. It helps you manage this through threat protection policies, allowing you to have the ability to define the appropriate level of security needed for your organization. The manager also provides you with reports in form of real time viewing of your ATP performance. Including threat investigation and response capabilities that use leading technology tools that help you investigate, understand, simulate and prevent threats.
Azure ATP, is a cloud based security solution that leverages on premise active directory. “Using signals, it helps you identify, detect and investigate advanced threats,” she says. It also avails compromised identities and malicious insider actions directed at your organization. With this eye in the sky, not much gets past. “It helps professionals in the security world understand and detect threats in hybrid environments and gives them the capabilities to monitor uses, entity behavior and activities through analytics,” Nomathemba adds on. It also protects user identities and credentials stored in your active directories and facilitates remediation of any challenges in your organization.
“Most security breaches occur at the end-point section, from the email perspective or from an operating system perspective, most breaches occur in ransomware attacks and phishing scams as it starts from there but gets messier,” she both concludes and warns. But with such a vigilant and rigorous manager, all shady characters are unlikely to operate in the office.