– 17 February 2020. By Adriaan Bekker, Technical Director, Softwerx.

It has been a few years since Microsoft first provided what was then known simply as ‘Windows Defender’ free of charge as an antivirus (AV) solution. But in those days, it was not a true competitor in the field of antivirus protection… then in 2016 things changed. Windows Defender Advanced Threat Protection (ATP) was launched and has quickly evolved into Gartner’s leading endpoint protection solution.

Read on to discover five reasons why it’s time to consider retiring your current antivirus in exchange for ATP.

BACKGROUND

In the early days of ‘Windows Defender’ it was seen as a weaker antivirus option. Where most traditional AV solutions claimed 99.9% success, Windows Defender achieved 94% to 95% depending who you asked. Therefore, it was never a good idea to use Windows Defender as your primary AV solution on its own, and other providers proliferated during this time.

In 2016, Microsoft launched Microsoft Defender Advanced Threat Protection (ATP) which quickly changed the AV landscape. No more were Microsoft lagging behind when it came to AV services and behaviour analytics. Now they were becoming a recognised leader. Over the last three years the solution has gone from strength to strength, and is now seen as a definitive market leader by Gartner.

Let’s look at five of the features that put the ‘advanced’ into ATP which make your traditional AV feel, well… old fashioned!

5 REASONS TO RETIRE YOUR OLD ANITVIRUS

There are many reasons to retire your old antivirus in preference for Microsoft Defender ATP. But we’ve picked the top five:

1. THREAT AND VULNERABILITY MANAGEMENT

The ATP threat and vulnerability management capability means organisations can see their live threat exposure, and also view recommendations on how to reduce their risk. Not only do you get a full inventory of the software you’re using, but you also see all known common vulnerabilities and exposure (CVE) recommendations ranked according to version, published in an easy dashboard as an ‘Exposure score’ and ‘Exposure distribution’ and CVE table:

 

Watch the video on ATP Threat and Vulnerability Management here.

2. ADVANCED HUNTING

Advanced hunting lets you build custom detection rules and explore up to 30 days of your raw historical data. This allows the app’s rules to continually check and respond to suspected breaches or misconfigured machines.

3. AUTOMATED REAL-TIME THREAT ALERTS

Periodic vulnerability scans are not enough. Alerts are provided in real time via an easy-to-read dashboard. where the threat hunting team can investigate these events to ensure issues are actioned and not ignored:

4. AUTOMATED REMEDIATION

Automated remediation to attacks and specific response actions to triggers can be configured in the ATP app. This really helps to free up an engineer’s valuable time and attention. The attack surface of all devices can also be monitored and minimised using the features of Windows Defender ATP and Windows 10 E5. And do you know what the best part is? It’s all directly built into Windows 10!

5. LEVERAGE OTHER MICROSOFT APPS

Windows Defender ATP also integrates with several of Microsoft’s other solutions, thus leveraging other Microsoft technologies in the M365 E5 SKU such as:

  • Microsoft Intune
  • Office 365 ATP
  • Azure ATP
  • Azure Security Center
  • Microsoft Cloud App Security
  • Microsoft Sentinel

If you’re not sure about what these apps do, get in touch with us for more info.

CONCLUSION:

I often get asked, “If it’s so good why don’t more people use it?”

That’s a good question. The challenge is still that organisations can’t purchase Windows Defender ATP on its own – you need the Windows 10 E5 License or the Microsoft 365 E5 license to access it. At first glance this can seem expensive when viewed in isolation. However, when you adopt the full stack of Microsoft technologies, for example, a Microsoft 365 E5 licence, they come packed with valuable features such as MDM, MAM, MFA, DLP and AIP. This means that you can confidently retire most of your existing individual security solutions and adopt one integrated, holistic Microsoft cloud security package.

The five features above are super important factors that other AV’s just can’t match, meaning you’ve got five reasons to re-evaluate M365 E5.

ATP’s got little in common with your old outdated antivirus. ATP is streaks ahead since it’s:

  • Real Time
  • Cloud Powered
  • Fully Integrated with:
    • Microsoft Endpoint Security Stack
    • Microsoft Intelligent Security Graph
    • Microsoft Application Analytics knowledgebase

In a nutshell, retire your old AV, get on-board with ATP.

 

 

 

 

 

 

 

 

 

 

Back to Blog