The Windows Defender Advanced Threat Protection (ATP) is a platform provided by developers of Microsoft for preventive protection of their devices. It is still active a security breach, conducts an automated investigation, and responds accordingly.
Security is one of the biggest investments the Microsoft community directs to its Windows Servers releases. The Windows Server 2019 biggest security feature is the support for Windows Defender Advanced Threat Protection. The ATP is a unified platform that offers a preventive and automated response. This support feature was only available for Windows 10 devices; WS2019 has made it accessible in its platform as well as other Server versions.
What is Windows Defender Advanced Threat Protection?
This security platform offers a complete solution through cloud control with no additional deployment or infrastructure needed. There are no delay experiences, and the system will always remain up to date without bringing in any further complications related to incompatibility.
The platform offers intelligent protection and response. Very active in the protection of cyber threats, detects potential data breaches, automation of security incidents and improving security posture.
Windows Server ATP cloud control takes charge of the following services:
- Reduce the total surface area of attack by eliminating all available loopholes and pathways that hackers can utilize.
- The intelligent Security Graph (ISG) gives all the resources needed to offer protection to the most advanced ransomware and other forms of attacks.
- Endpoint detection and response helps to monitor behaviors using machine learning and security analytics to stop possible threats. Detection and response from the endpoint enable the investigation and response of threats.
- Automatic investigation and resolution gives the exact course of action and diffuses complex threats in minutes.
- You can always have a look at the real-time visibility of how system security scores. By assessing the risks, you get the best recommendation to increase resilience.
- Implementation of flexible queries between endpoints gives historical data that can build and enable custom detection
Increase your security platform by getting notifications and help without human intervention. The pre-breach protection feature work through the following actions:
- Protecting the network by scanning connected to devices
- Block all unpatched vulnerabilities such as zero delays
- All files and devices with no clear reputation are blocked from accessing the network
- Devices are protected when web-based threats and hardware are isolated
- All applications running on the system have their malware defense strategy changed to avoid a possible breach
- The dynamism of its cloud unattended approach defends the machine against known and unknown malware threats.
- Behavioral monitoring blocks malicious and suspicious behaviors using advanced runtime analysis
Innovative Endpoint Detection and Response (EDR)
Innovative EDR Means your system remains protected using any or all of the following approaches:
- The feature uses its advanced behavioral analytics and machine learning to detect the unseen security threats by spotting attacks and zero delays.
- The security center investigates evidence across the endpoints and uncovers the magnitude of a security breach.
- The ATP uses interactive interaction and hunting using six months of historical data to search for possible exploits. Data collection is done in seconds saving you more time instead of tracking and tracing errors, which may take hours.
- You can use customized Indicators of Compromise (IOC) to get an alert on the specific alert
- Allows for deep inspection of suspicious files and prepare a full analysis within minutes
Since it is a built-in windows application, the signals exchange takes place between the application and the Microsoft Intelligent Security Graph.
All your defense needs are controlled from a central location when Microsoft 365 shares your detection and exploration controls across the network. Synchronization speeds up response and recovery time.
Moving from Windows Server 2019 to Windows Server Defender Advanced Thread protection
If the current setup is using ATP, you can preview some of its features by installing the build preview of Windows Server and test it on Windows Defender ATP. Follow the following procedure to Onboard your machine
- Head to the Windows Defender Security Center
- Click on settings
- Here you will have an option of selecting the Operating System that you will use for the Onboarding process. Once you have selected, you will receive a confirmation to that effect
- You can leave the chosen deployment method as the default one. This enables the machine to run the Onboarding scripts locally. Note that every deployment can run to a limited number of computers.
- Download the Package by clicking on the link shown on the wizard
- Run detection test (this will test all the deployed number of machines as earlier indicated). Once the verification is done, you will see a confirmation message.
The verification that a particular machine has been properly onboarded and responds to the new service is done by running a detection script as shown below:
- Open the command prompt window
- At the command prompt, use the command below
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\test-WDATP-test\invoice.exe');Start-Process 'C:\test-WDATP-test\invoice.exe'
- Once the script executes the command window successfully closes automatically
A successful execution means the test will be marked as complete and a confirmation will follow in a few minutes
An Overview of Windows Defender ATP for Windows Server 2019
The use of ATP on Windows Server 2019 is straightforward. After the onboarding process, you will see new alerts and recommendations on the dashboard. To maintain a state of active alertness, create a test alert after onboarding. The test alert also helps to monitor the connection at any given time.
There are several filters, action, and events found in the Windows Defender Security Center.
With the integration of the Windows Server 2019 Windows Defender ATP, you will have a single solution that protects, detects and respond to advanced threats. The developers of Microsoft Server 2019 take customer security seriously and treat it as a priority. Security threats mean working with different partners in the industry to ensure Windows Defender Advanced Threat Protection can also give the same services to Android and iOS devices as well as Linux and MacOs installations.