Microsoft announced increased capability coming to the Windows 10 built-in malware protection service Windows Defender. The new abilities will be labeled Windows Defender Advanced Threat Protection and will be available this year.
While Windows Defender can protect a single machine, it is not very useful in the enterprise environment as it lacks central reporting and management. Windows Defender Advanced Threat Protection appears to address that problem using client technology that will be built into Windows 10 and a cloud infrastructure. It will work similarly to Microsoft’s Office 365 Advanced Threat Protection and Advanced Threat Analytics. It is able to detect advanced attacks that simple file-based antivirus with definition signatures might not pick up, it will recommend responses to threats including testing files in isolated virtual environments, and it will use a computer’s activity of the past 6 months to provide an attack timeline.
As for the central reporting, it seems to have that down:
Windows Defender Advanced Threat Protection is a new security service that will enable enterprise customers to detect, investigate, and respond to advanced attacks on their networks. Building on the existing security features and services Windows 10 offers today, Windows Defender Advanced Threat Protection provides a new post-breach layer of protection to the Windows 10 security stack.