Microsoft has announced a new service for its enterprise customers to detect, investigate and respond to network threats. Windows Defender Advanced Threat Protection was unveiled yesterday by Terry Myerson, Executive Vice President of the Windows and Devices Group. The new system utilizes data science, historical analysis, and simplified investigation tools to protect organizations using Windows 10.

A notable aspect of the new system involves Microsoft leveraging their large customer base to provide analytics information. The Advanced Threat Protection system is based on information collected from over 1 billion Windows devices, 2.5 trillion indexed URLS, 600 million reputation scores, and a daily analysis of over 1 million suspicious files. This massive data set facilitates the creation of unique behavioral sensors to spot threats with increased speed, using data science and security analytics “that look across aggregate behaviors to identify anomalies.”

The system will also allow enterprise customers to thoroughly investigate network attacks and breaches. According to Myerson, “With time travel-like capabilities, Windows Defender Advanced Threat Protection examines the state of machines and their activities over the last six months to maximize historical investigation capabilities.” Such thorough investigative abilities have become increasingly important as state-sponsored attacks, corporate espionage, and severe financial losses impact companies affected by cybercrime. The historical analysis tools will also come in handy in the criminal and civil litigation that often follow such a breach. 

The new enterprise cybersecurity system is partly a response to Microsoft’s research into the security needs of its enterprise customers.  The company found that it can currently take an organization up to 200 days to detect a security breach and up to 80 days to contain it, with an average cost of $12 million per incident. The new protection system attempts to address these problems by identifying threats more quickly, providing comprehensive and historical intelligence about threats and providing tools for remediation. In addition to data science and historical analysis, Windows Defender Advanced Threat Protection also offers a suite of streamlined investigative tools exposing “process, file, URL, and network connection events” of individual machines and entire networks. 

Microsoft appears to be in the midst of aggressively marketing the latest version of Windows to enterprise customers. Last month the company announced a deal with the US Department of Defense to supply Windows 10 for about 4 million devices this year. Myerson also mentioned Virgin Atlantic and NASCAR as notable Windows 10 enterprise customers.