Microsoft Adds Enhancements to Defender
Microsoft has added new features to Microsoft Defender. The new features will protect devices from advanced attacks and emerging threats.
Security by Default
Built-in protection is a set of default security settings for Microsoft’s endpoint security platform to protect devices from ransomware attacks and other threats. Tamper protection, which detects unauthorized changes being made to security settings. It prevents unauthorized users and malicious actors from making changes to security settings for real-time and cloud-delivered protection, behavior monitoring, and antivirus.
Administrators can able to toggle protection on or off on an individual device and temporarily disable the setting for troubleshooting purposes. It is enabled with E5 licenses by default.
Zeek Comes to Defender
Microsoft with Corelight support added Zeek integration to Defender for Endpoint, which helps to reduce the time required to detect network-based threats. Zeek is an open-source tool that monitors network traffic packets to uncover malicious network activity. Defenders can scan inbound and outbound traffic. The Zeek integration also allows Defender to detect attacks on nondefault ports, show alerts for password spray attacks, and identify network exploitation attempts such as PrintNightmare.
Zeek will not be a complete replacement of traditional network detection and response technology,it is designed to act as a complementary data source providing network signals.
Detect Firmware Vulnerabilities
Microsoft provided some more details on the Microsoft Defender Vulnerability Management service, which is currently available under public preview.
Microsoft Defender Vulnerability Management can now assess the security of the device’s firmware and report if the firmware is missing security updates to fix vulnerabilities. This is based on vendor recommendations.
Reference: Dark Reading