Home > Categories > IT Asset Management > Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection

Software Category

IT Asset Management

Write Review

Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection

Microsoft unveiled the addition of its Windows 10 Tamper Protection controls for enterprise users of Microsoft Defender back in 2019. As of February 20, 2020, Microsoft has added the controls to the public version as well. Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.

The increasing sophistication of cyberattacks against corporate networks is a constant source of tension for businesses. The cost of an average cyberbreach in 2019, according to IBM, was $8.19 million per incident, up from $3.54 million in 2006. This is in addition to reputational damage and breaches of trust, which further erode business value and confidence. “One thing I often see is the somewhat sophisticated criminal groups are starting to use the aftermath of breaches to do even more targeted social engineering or phishing attacks at scale. It’s not just the fact that a breach occurred; it’s that all of our company’s data is somehow in there,” said Paul Gigliardi, CISO for SecurityScorecard.

During a cyberattack, an attacker will often try to disable security features, antivirus protection and administrative controls. The purpose is to pave the way for easier access to your data. Tamper Protection helps to prevent:

  • Disabling virus threat protection
  • Disabling real-time protection
  • Turning off behavior monitoring
  • Disabling antivirus
  • Disabling cloud-delivered protection
  • Removing security intelligence updates

The program gives a better overview of the machines that have Tamper Protection turned on and the ability to make remote changes on those connected devices. It provides real-time data to investigate the corporate network for the signs of an attack. Additionally, it allows administrators to examine file footprints, even their history in the past six months, within the organization and provide real-time actions and suggestions. Tamper Protection will automatically block or resist any attempts to change Windows Defenders settings or security settings, subverting the built-in protection. “This provides security teams greater visibility into how many machines don’t have this feature turned on, the ability to monitor changes over time, and a process to turn on the feature,” says Shweta Jha from the Microsoft Defender team.

Our Take

Securing all endpoints is organizations’ top priority. Windows Defender Tamper Protection differentiates itself in the space because you can see what is happening on every endpoint across the network. If any Windows Security settings are changed, whether by an employee or by an external threat actor, Tamper Protection will immediately issue an alert on Windows Defer Security Center. This allows administrators to isolate and examine each issue on a case-by-case basis. Administrators can then examine which machines on a network are vulnerable and what preventative measures need to be taken. By using the Tamper Prevention features, security teams have a proactive tool in place that will provide immediate, rather than ad hoc, feedback.

Enterprises should consider adopting this new threat protection tool of Windows 10. The benefits of having a program that actively seeks changes in the Windows Defender files helps to secure not only the individual access points but also the entire network. More importantly, the Tamper Prevention tool can also help to improve the tracking of insider and external threats. External operators’ attempts to alter Windows Security protocols are transparent to your security team. More importantly, you can also detect insider threats to your industry. These threats come in the form of malicious insiders, accidental insiders, and negligent insider threats. To find out more about these types of threat vectors, and how to better prepare your organization, check out Info-Tech’s blueprint, Reduce and Manage Your Organization’s Insider Threats Risk.

Want to Know More?

Build an Information Security Strategy

Develop and Deploy Security Policies

Reduce and Manage Your Organization’s Insider Threat Risk

Other Recent Research in IT Asset Management

IT Asset Management

Qualys and Ivanti Partnership Boasts an Incredibly Robust Vulnerability Management Platform

Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.

IT Asset Management

RiskSense Releases a Unified Infrastructure Security Risk Management Program

RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.

IT Asset Management

Address the Root of Your Vulnerabilities in a Resource-Tight Period

Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.

IT Asset Management

Kenna Security Releases Tool for the Custom Benchmarking of Vulnerability Management Programs

On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.