Posts

An Introduction to Windows Server 2019 Windows Defender Advanced Threat Protection

Security is one of the biggest investments that Microsoft has made to its latest Windows Servers releases.

Notably, the Windows Server 2019 biggest security feature is the support for Windows Defender Advanced Threat Protection (ATP).

ATP is a technology that Microsoft provides for preventive protection of users’ devices. It conducts  automated security investigations and responds accordingly.

The ATP is a unified platform that offers a preventive and automated response.

This support feature was only available for Windows 10 devices; and now, it can be accessed on the WS2019 platform, as well as other latest Server versions.

How Windows Defender Advanced Threat Protection Provides Security

Here are some methods that ATP uses to maximize the security of the Windows Server 2019.

1. Robust Cloud Control Services

This security platform offers a complete solution through cloud control with no additional deployments or infrastructural requirements.

There are no delay experiences, and the system will always remain up to date, without bringing any  complications related to incompatibility.

The platform offers intelligent protection and response measures. It plays a pivotal role in actively protecting cyber threats, detecting potential data breaches, automating security incidents, and improving the security environment.

Here are some tasks that the Windows Server ATP cloud control services do to enhance security.

  • Reduces the total surface area of attack by eliminating all available loopholes and pathways that hackers can utilize.
  • The Intelligent Security Graph (ISG) gives all the resources needed for offering protection against the most advanced ransomware and other forms of attacks.
  • Endpoint detection and response helps to monitor behaviors by using machine learning and security analytics that stop possible threats.
  • Performs automatic investigations and resolutions that give specific course of actions for diffusing complex threats in minutes.
  • Provides real-time visibility into how the system security performs. By assessing the risks, you get the best recommendation to increase resilience.
  • Implements flexible queries between endpoints and gives historical data for building and enabling custom detection.

2. Automated Security Measures

The automated security measures increase the security of your platform by performing several background checks and delivering notifications without human intervention.

This pre-breach protection feature works through the following ways:

  • Protects the network by scanning the connected devices automatically.
  • Blocks all unpatched security risks such as zero-day vulnerabilities.
  • All files and devices with no clear reputation are blocked from accessing the network.
  • Devices are protected when web-based threats and hardware are isolated.
  • The malware defense strategies of all applications running on the system are updated frequenlty to avoid a possible breach.
  • The dynamism of the cloud unattended approach defends the machine against known and unknown malware threats.
  • Behavioral monitoring blocks malicious and suspicious activities using advanced runtime analysis

3. Innovative Endpoint Detection and Response (EDR)

The Innovative EDR feature ensures that your system is protected using any or all of the following approaches:

  • Using advanced behavioral analytics and machine learning technologies to detect unseen security threats, spot attacks, and discover zero-day vulnerabilities.
  • Investigating security evidences across endpoints and uncovering the magnitude of security breaches via the security center.
  • Using six months of historical data to carry out interactions and search for possible exploits. Data collection is done in seconds, saving a lot of time in tracking and resolving errors.
  • Using customized Indicators of Compromise (IOC) to get alerts on the specific threats.
  • Performing deep inspection of suspicious files and preparing a full analysis within minutes.

4. Clear Visuals of Security Threats

This built-in feature in Windows enables the exchange of signals to take place between each application and the Microsoft Intelligent Security Graph, providing enhanced visibility to security threats.

5. Synchronization of Defense Needs

Whenever Microsoft 365 shares your detection and exploration controls across the network, it ensures that all your defense needs are managed from a central location.

Synchronization speeds up the response and recovery time.

Moving from Windows Server 2019 to Windows Server Defender Advanced Threat Protection

If your current setup is using ATP, you can preview some of its features by installing the build preview of the Windows Server, and test it on the Windows Defender ATP.

You can follow the following procedure to onboard your machine:

  1. Go to the Windows Defender Security Center
  2. Click on settings
  3. Here, you will have an option of selecting the Operating System that you will use for the onboarding process. After selecting your preferred option, you will receive a confirmation to that effect.
  4. You can leave the chosen deployment method as the default one, which enables the machine to run the onboarding scripts locally. Note that every deployment can run on a limited number of computers.
  5. Download the Package by clicking on the link shown on the wizard
  6. Run a detection test (this will test all the deployed machines as earlier indicated).
  7. Once the verification process is completed, you will see a confirmation message.

The verification that a particular machine has been properly onboarded and responds to the new service is done by running a detection script, as described below:

  1. Open the command prompt window
  2. At the command prompt, apply the command below:
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\test-WDATP-test\invoice.exe');Start-Process 'C:\test-WDATP-test\invoice.exe'

3. Once the script executes, the command window  closes automatically

A successful execution marks the test as complete, which triggers a confirmation message that is sent in a few minutes.

An Overview of the Windows Defender ATP for Windows Server 2019

The use of ATP on the Windows Server 2019 is straightforward. After the onboarding process, you will see new alerts and recommendations on the dashboard.

To keep the alerts active, you can create a test alert after onboarding. The test alert also helps to monitor the connections at any given time.

There are several filters, actions, and events in the Windows Defender Security Center, which you can use to make the most of your server security settings.

Conclusion

With the introduction of the Windows Server 2019 Windows Defender ATP, users have a single solution that protects, detects, and responds to advanced threats.

Microsoft Server 2019 takes customer security seriously and prioritizes every effort to prevent unauthorized penetration.