1 / 23

Become the hunter: Advanced hunting in Windows Defender ATP

Become the hunter: Advanced hunting in Windows Defender ATP. @ HeikeRitter. Heike Ritter Sr. Product Manager. THR3039. Microsoft Threat Protection. Identities. Endpoints. User Data. Cloud Apps. Infrastructure. Servers, Virtual Machines, Databases, Networks. Users and Admins.

aspen-rowland
Download Presentation

Become the hunter: Advanced hunting in Windows Defender ATP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Become the hunter: Advanced hunting in Windows Defender ATP @HeikeRitter Heike Ritter Sr. Product Manager THR3039

  2. Microsoft Threat Protection Identities Endpoints User Data Cloud Apps Infrastructure Servers, Virtual Machines, Databases, Networks Users and Admins Devices and Sensors Email messages and documents SaaS Applications and Data Stores Intelligent Security Graph 6.5 TRILLION signals per day

  3. Windows Defender ATP Built-in. Cloud-powered.​ NEXT GENERATION PROTECTION Protect against all types of emerging threats ENDPOINT DETECTION & RESPONSE Detect, investigate, and respond to advanced attacks SECURITY POSTURE Track and improve your organization security posture ADVANCED HUNTING Advanced threat hunting ATTACK SURFACE REDUCTION Resist attacks and exploitations AUTO INVESTIGATION & REMEDIATION From alert to remediationin minutes at scale Management and APIs

  4. Windows Defender ATP Built-in. Cloud-powered.​ Kernel Cyberdata Memory Files Behavioral sensors part of OS, unparalleled optics through ISG(Microsoft Intelligent Security Graph), ML & analytics, and Threat Intelligence Processes Network Registry …. Intelligence driven Protection, Detection, and Response

  5. Multi-factor authentication Data encryption User accounts Device log-ins Malware Unauthorized data access Attacks SIGNAL User log-ins Phishing Denial of service Spam System updates Enterprise security

  6. Let’s investigate

  7. JacksonElevation of privilegesOutlook connectionFile detailsSearch for SHA

  8. Hunters are in with Advanced hunting

  9. Finding obfuscated command lines* Attackers obfuscate commands, to make it harder to detect them. Read Daniel Bohannan’s Dosfuscation white paper on http://www.danielbohannon.com/ !

  10. Let’s hunt!

  11. Looks familiar? Let’s find those who ignored our warnings!

  12. Let’s hunt!

  13. TECHNET RESOURCES https://aka.ms/technet-wdatp READ MSFT CASE STUDY https://aka.ms/wdatp-cs Sign up for the trialhttps://aka.ms/wdatp

  14. hritter@microsoft.com @HeikeRitter Thank you Heike RitterSr. Product Manager

  15. Thank you! @HeikeRitter Heike Ritter Sr. Product Manager

  16. Take the Microsoft Security challenge and win! Find kiosks with these signs in the Expo Hall, West Building in the Security area. Take the short survey to collect a button Collect all 4 buttons and win prizes! Identity & access management Security management Information protection Threat protection

  17. Please evaluate this sessionYour feedback is important to us! This slide is required. Do NOT delete or alter the slide. Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations

More Related