Skip to main content
Microsoft Security

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen.

Windows Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP), Microsoft’s unified endpoint security platform. Much like how Microsoft Defender ATP integrates multiple capabilities to address the complex security challenges in modern enterprises, Windows Defender Antivirus uses multiple engines to detect and stop a wide range of threats and attacker techniques at multiple points.

These next-generation protection engines provide industry-best detection and blocking capabilities. Many of these engines are built into the client and provide advanced protection against majority of threats in real-time. When the client encounters unknown threats, it sends metadata or the file itself to the cloud protection service, where more advanced protections examine new threats on the fly and integrate signals from multiple sources.

These next-generation protection engines ensure that protection is:

My team continuously enhances each of these engines to be increasingly effective at catching the latest strains of malware and attack methods. These enhancements show up in consistent top scores in industry tests, but more importantly, translate to threats and malware outbreaks stopped and more customers protected.

Here’s a rundown of the many components of the next generation protection capabilities in Microsoft Defender ATP:

In the cloud:

On the client:

Together with attack surface reduction—composed of advanced capabilities like hardware-based isolation, application control, exploit protection, network protection, controlled folder access, attack surface reduction rules, and network firewall—these next-generation protection engines deliver Microsoft Defender ATP’s pre-breach capabilities, stopping attacks before they can infiltrate devices and compromise networks.

As part of Microsoft’s defense-in-depth solution, the superior performance of these engines accrues to the Microsoft Defender ATP unified endpoint protection, where antivirus detections and other next-generation protection capabilities enrich endpoint detection and response, automated investigation and remediation, advanced hunting, threat and vulnerability management, managed threat hunting service, and other capabilities.

These protections are further amplified through Microsoft Threat Protection, Microsoft’s comprehensive, end-to-end security solution for the modern workplace. Through signal-sharing and orchestration of remediation across Microsoft’s security technologies, Microsoft Threat Protection secures identities, endpoints, email and data, apps, and infrastructure.

The enormous evolution of Microsoft Defender ATP’s next generation protection follows the same upward trajectory of innovation across Microsoft’s security technologies, which the industry recognizes, and customers benefit from. We will continue to improve and lead the industry in evolving security.

 

Tanmay Ganacharya (@tanmayg)
Principal Director, Microsoft Defender ATP Research

 

 

 


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft Defender ATP community.

Follow us on Twitter @MsftSecIntel.