#microsoft #response #corporate

Microsoft and Ziften – Fighting Attacks and Zero Day Exploits

by David Shefter

November 8, 2017

access_time 4 min read

Today we announced a collaboration with Microsoft that brings together Ziften’s Zenith® systems and security operations platform, and Windows Defender Advanced Threat Protection (ATP) delivering a cloud-based, “single pane of glass” to detect, view, investigate, and respond to advanced cyber-attacks and breaches on Windows, macOS, and Linux-based devices (desktops, laptops, servers, cloud, etc).

Windows Defender ATP plus Ziften Zenith is a security service that enables enterprise customers to detect, investigate, respond and remediate advanced threats on their networks, off-network, and in the data center and cloud.

Imagine a single solution across all the devices in your enterprise, providing scalable, state of the art security in a cost-effective and easy to use platform. Enabling enterprises across to the globe to secure and manage devices through this ‘single pane of glass’ delivers the promise of lower operational costs with true enhanced security delivering real time global threat protection with information gathered from billions of devices worldwide.

Microsoft and Ziften Architecture

The diagram below provides an overview of the service components and integration between Windows Defender ATP and Ziften Zenith.

Figure 1: Microsoft and Ziften Architecture

Endpoint investigation capabilities let you drill down into security alerts and understand the scope and nature of a potential breach. You can submit files for deep analysis, receive the results and take remediation without leaving the Windows Defender ATP console.

Detect and Contain Threats

With the Windows Defender ATP and Ziften Zenith integration, organizations can readily detect and contain threats on Windows, macOS, and Linux systems from a single console. Windows Defender ATP and Ziften Zenith provide:

  • Behavior-based, cloud-powered, advanced attack detection. Find the attacks that make it past all other defenses (post breach detection).
  • Rich timeline for forensic investigation and mitigation. Easily investigate the scope of any breach or suspected behaviors on any machine through a rich, 6-month machine timeline.
  • Built in unique threat intelligence knowledge base. Threat intelligence to quickly detect attacks based on monitoring and data from billions of devices.

The diagram below illustrates many of the macOS and Linux threat detection and response capabilities now available with Windows Defender ATP.

Figure 2: Threat Detection and Containment

Bottom line, if you’re looking to secure your endpoints and infrastructure, you need to take a hard look at Windows Defender ATP and Ziften Zenith. If you’re interested, you can request a Free Trial here: https://ziften.com/microsoft-and-ziften.