Last month, Corrata were delighted to announce the integration of our mobile Security and Control solution with Microsoft Defender Advanced Threat Protection (ATP), at the same time we would be joining the Microsoft Intelligent Security Association. We were extremely excited to see how the two solutions would provide a unified view of mobile endpoint security and extend the unrivaled ability to detect, protect and respond to cyber-security threats on iOS and Android. And after just one month, it is clear to see why the integration is such a great fit. But what exactly is Microsoft Defender ATP and how do the two solutions work together?
Microsoft Defender ATP
Microsoft’s mission is to help people in organizations achieve more. Microsoft Defender ATP’s mission is to help security operations to succeed in their jobs of protecting organisations, therefore enabling them to achieve more. Traditional methods of threat protection are no longer adequate as the world of cybersecurity continues to adapt and grow in response to existing security tactics. Microsoft recognised this and developed Microsoft Defender ATP as a unified platform to protect all endpoints from cyber threats, advanced attacks, and data breaches. With endpoint sensors built into all Windows 10 devices, Microsoft customers are fully protected with world-class security, informed by highly accurate, deep level data and behavioral information. However, with customer security as a top priority, Microsoft understand that not all companies have Windows devices across their entire fleet, and therefore have integrated with solutions like Corrata to extend their protection to other systems including iOS and Android. Microsoft Defender ATP users can now leverage the integration across employee iOS and Android devices and can manage their mobile fleet from within the Microsoft Defender management console. Microsoft customers can then gain granular visibility and control as well as threat protection across the entire spectrum of mobile risk. But how exactly does Microsoft Defender ATP provide this security and control and how does this align with Corrata?
Microsoft believe that fixing a problem before it occurs is the best way to keep safe, and like Corrata, strive to detect and eliminate potential threats before they have the chance to infect or compromise a device. Both Microsoft Defender ATP and Corrata use Machine-Learning technology to identify potential threats as they are created to prevent any further risks reaching the device. Corrata’s SafePathML technology provides ML assisted analysis of device activity to identify threats and automatically adjust device behavior at a granular level to protect against these threats. If a zero-day threat is identified, Corrata can block access to malicious sites or servers, disrupt communication with CnC servers, prevent malware download or upgrade encryption levels over insecure connections to prevent the attack from accessing the device or its data.
Anticipating threats and protecting corporate data continues to grow more complex as employees become more mobile, new technologies are developed, and threats grow more advanced. Today, companies need a security solution that is able to evolve and adapt to change alongside the modern workplace. With techniques such as Attack Surface Reduction, host intrusion prevention, vulnerability mitigation, and application control Microsoft Defender ATP is constantly evolving and working to improve their methods to identify emerging threats and prevent attacks before they occur.
Unfortunately, however, not all attacks can be prevented before they reach the device. In response, Microsoft have developed Microsoft Defender ATP to monitor device behavior and use machine learning and security analytics to give security teams the needed optics and tools to detect and investigate even the most advanced attacks across all endpoints. As an endpoint security platform, Microsoft Defender ATP has deeper, granular access to all data in an ATP tenant, allowing them to spot and detect system-level behaviors that can normally escape traditional detection and draw attention to suspicious activity in real-time. When integrated with Corrata, Microsoft Defender ATP gains this granular level of visibility over iOS and Android devices. Corrata delivers visibility to the metadata associated with all device network activity across multiple protocols, including Wi-Fi, cellular, IP, TCP and HTTP. This fine grain approach means Corrata can analyze thousands of discrete data points across each device daily, making it possible to identify threats with an unparalleled degree of accuracy, assisting Microsoft Defender ATP to speed up and significantly improve detection levels.
Every day, corporate IT teams are faced with hundreds of security alerts that require manual, time-consuming responses and remediation actions, putting pressure on resource-limited teams. This can mean threats and attacks go unresolved or ignored for some time, creating serious risks for the company. Microsoft Defender ATP uses artificial intelligence in the place of security analysts to pick out alerts, determine the severity of attacks, begin investigations, and take all necessary actions to remediate the threat from effected endpoints. Like Corrata, Microsoft recognize the importance of acting quickly. This automatic response ensures that threats, once detected, are eliminated quickly and efficiently to minimize the risk to the company and leave time for security professionals to focus on new more complex issues.
Corrata’s vision is to create the Immune System for Mobile. We share with Microsoft a commitment to automated and data driven cyber security for mobile devices. We are delighted to have become part of this journey with Microsoft and look forward to working with the whole Microsoft Defender ATP team and broader organization.