Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Microsoft Releases Integrated Threat Protection in Public Preview

Microsoft this week announced the preview availability of Microsoft Threat Protection, a unified pre and post breach enterprise defense suite that aims to natively integrate across products. 

Microsoft this week announced the preview availability of Microsoft Threat Protection, a unified pre and post breach enterprise defense suite that aims to natively integrate across products. 

The integrated solution aims to provide security defenses across endpoint, identity, email, and applications, through capabilities such as detection, prevention, investigation and automatic response to sophisticated attacks.

Microsoft Threat Protection builds on the Microsoft 365 security suite, leveraging tools such as Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for email and collaboration tools, Azure ATP for identity-based threats, and Microsoft Cloud App Security (MCAS) for SaaS applications.  

The suite, Microsoft says, features expanded threat detection and automated investigation and response capabilities, and cross-product visibility, courtesy of automated incident response in Office 365 ATP, integration of MCAS and Defender ATP, integration of Azure ATP with Defender ATP, and more. 

Microsoft Threat Protection now allows security teams to correlate alerts and automate investigation and response, self-heal assets, and simplify attack indicators. Furthermore, it offers a central view of all detections and impacted assets, as well as actions that have been taken, and related evidence. 

To correlate alerts across threat vectors and identify the full scope of a threat, Microsoft is using the concept of “incidents.” Basically, all of the related alerts across the suite are shown to the customer in the form of a single incident. 

Threat information is shared in real time between suite’s products, so the toolset can help stop the progression of an attack by orchestrating and triggering actions on the individual products, such as blocking malicious code and initiating automatic investigation and remediation. 

AI-powered automatic actions and playbooks are employed to restore impacted assets to a secure state, while security teams can view results of investigations and self-healing actions in Action Center, to approve or undo them. 

Security teams can also create custom queries over raw data, leverage their unique organizational knowledge (proprietary indicators of compromise, behavioral patterns, or free-form research) to identify any signs of compromise. With Threat Protection, security teams have query-based access to 30 days of historic raw signals and alerts across both endpoint and Office 365.  

The integrated Microsoft Threat Protection solution has been released in public preview for customers with Microsoft 365 Security E5 and all M365 E5 licenses. Threat Protection can be turned on by navigating to Settings > Microsoft Threat Protection > Opt-in / Opt-out in Microsoft 365 security center. 

Related: Microsoft Announces New Security Capabilities Across Platforms

Related: Microsoft Unveils New Security Tools for Azure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...