Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Defender Antivirus: Next-gen AV

Published byHope Scott Modified over 5 years ago

Similar presentations

Presentation on theme: "Windows Defender Antivirus: Next-gen AV"— Presentation transcript:

1 Windows Defender Antivirus: Next-gen AV
10/13/2018 6:14 AM Windows Defender Antivirus: Next-gen AV Amitai Senior Program Manager, Windows Active Defense © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 https://aka.ms/wdav 10/13/2018 6:14 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 What you’ll hear today Bob from Texas and Ransomware
The evolving threat landscape and the role of cloud based protection Balancing productivity and security What others say about us Call to action

4 The story about Bob

5 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 10/13/2018 6:14 AM :53:00pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 10/13/2018 6:14 AM :53:00pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 10/13/2018 6:14 AM :53:00pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 10/13/2018 6:14 AM :53:00pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Now technical

11 10/13/2018 6:14 AM :53:21pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 10/13/2018 6:14 AM :53:21pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Something is detected 2017-04-20 10:53:21pm 10/13/2018 6:14 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Service receives query
10/13/2018 6:14 AM :53:21pm Service receives query © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 File is deemed suspicious, sample requested
:53:21pm File is deemed suspicious, sample requested © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Sample finishes uploading
:53:23pm Sample finishes uploading © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Determined as malware, signature sent back 2017-04-20 10:53:28pm
10/13/2018 6:14 AM :53:28pm Determined as malware, signature sent back © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 10/13/2018 6:14 AM :53:28pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 10/13/2018 6:14 AM Only 8 seconds after clicking, Windows Defender AV blocked a new strain of ransomware variant that wasn’t ever seen before :53:29pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 10/13/2018 6:14 AM Only 8 seconds after clicking, Windows Defender AV blocked a new strain of ransomware variant that wasn’t ever seen before :53:29pm © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21

22 https://aka.ms/wdav 10/13/2018 6:14 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Windows Defender AV’s unique optics
Microsoft 2016 10/13/2018 6:14 AM Windows Defender AV’s unique optics 1.2 billion Devices/monthly 200 billion s/monthly 3 billion Cloud queries/daily 2 million New file samples/daily 80 billion Metadata of files 2.5 trillion URLs index © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Instant Threat intelligence sharing with Office 365

25 96% 0.01% 3% 0.4% malware seen once and never again seen on 1001+
Polymorphism 3% seen 2–10 0.4% seen 11–100

26 End-to-end latency 10/13/2018 6:14 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 What if I don’t turn on Cloud Protection?
10/13/2018 6:14 AM What if I don’t turn on Cloud Protection? 28 computers are now infected 25% of malware is less than 1 day old © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Windows Defender Exploit Guard Balancing productivity and security
10/13/2018 6:14 AM Windows Defender Exploit Guard Balancing productivity and security 0-day blocked Attack Surface Reduction Set of rules to customize the attack surface Controlled Folder Access Protecting data against access by untrusted processes Exploit Protection Mitigations against memory based attacks (EMET evolved!) Network Protection Blocking outbound calls to low reputation sources © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 How to configure

31 How to configure System Center Configuration Manager (SCCM) Intune
10/13/2018 6:14 AM How to configure System Center Configuration Manager (SCCM) Intune 3rd party MDM PowerShell Group Policy WMI End user UI (IT admin has the ability to disable) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Powerful knobs Extended cloud check Cloud protection level
10/13/2018 6:14 AM Powerful knobs Extended cloud check Cloud protection level PUA protection © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 10/13/2018 6:14 AM Monitor © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 How to monitor Windows Defender ATP SCCM Dashboard
10/13/2018 6:14 AM How to monitor Windows Defender ATP SCCM Dashboard Windows Analytics: Update Compliance EventLog (Windows Event Log collection to SIEM) Soon: Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 https://aka.ms/wdav 10/13/2018 6:14 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 AV-Test.org test scores (relative)

37 AV-Test.org test scores (absolute)

38 AV-Comparatives.org Test Scores (AVC)
10/13/2018 6:14 AM AV-Comparatives.org Test Scores (AVC) © AV-Comparatives 2017 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 AV-Comparatives.org Test Scores (AVC)
10/13/2018 6:14 AM AV-Comparatives.org Test Scores (AVC) © AV-Comparatives 2017 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 AV-Comparatives.org Test Scores (AVC)
10/13/2018 6:14 AM AV-Comparatives.org Test Scores (AVC) © AV-Comparatives 2017 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 What others are saying about us… in the news
Ex top Mozilla dev to Windows users: Ditch all antivirus except Microsoft's Defender @SwiftOnSecurity as well as Google engineers on twitter: Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV Gartner: “Microsoft's future vision as “very forward-thinking and technically elegant””

42 https://aka.ms/wdav 10/13/2018 6:14 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 Why do we say it is next-gen AV?
10/13/2018 6:14 AM Why do we say it is next-gen AV? Little reliance on traditional signatures ML powered—on the box and in the cloud Built-in Ransomware protection and recovery Attack surface reduction to protect against file-less attacks At the same time Agentless—easy to configure and manage with your existing IT stack If you own Windows you already own it Years of experience in operating systems and security © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 MMPC Portal

45 Windows Defender Security Intelligence
10/13/2018 6:14 AM Windows Defender Security Intelligence © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46

47 Related content Breakout Sessions Theater Sessions Labs
Tech Ready 15 10/13/2018 Related content Breakout Sessions Next-Gen AV: Windows Defender Antivirus unleashed—Tuesday 11:30am (BRK3063) Windows Defender Exploit Guard: Reducing the Attack Surface while balancing productivity and security—Wednesday 2:15pm (BRK2084) Ransomware: Don't pay the ransom—Thursday 11:30am (BRK3065) Theater Sessions Windows Defender Exploit Guard: Reducing the Attack Surface while balancing productivity and security—Monday 6:05pm (THR2257) Deploying Windows Defender AV and more with Configuration Manager—Wednesday 10:50am (THR2218) Don’t be the first victim of new malware, turn Windows Defender AV Cloud Protection on!—Thursday 1:40pm (THR1081) Labs WAD-ILL304: Windows Defender Antivirus—configure and deploy policies and check out reports— Thursday 3:30pm © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

48 10/13/2018 6:14 AM Resources Whitepaper: Evolution of malware protection Demo website: AV Documentation: EG Documentation: Security Intelligence: Evaluation Guide + Script: © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

49 Please evaluate this session Your feedback is important to us!
10/13/2018 6:14 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

50 Q & A

51 https://aka.ms/wdav 10/13/2018 6:14 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

52 10/13/2018 6:14 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Windows Defender Antivirus: Next-gen AV"

Similar presentations

MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
customer.

customer.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.

demo Demo.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z01234567893.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
Protect your endpoints from malware threats with Windows Defender

Protect your endpoints from malware threats with Windows Defender
MIX 09 4/17/2018 4:41 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/17/2018 4:41 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
Migrating home folders to OneDrive for Business

Migrating home folders to OneDrive for Business
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise

Similar presentations

Ads by Google