With Windows 10 Fall Creators Update, Microsoft is going all-in on security. When the next major update to Windows 10 is released later in the year, it will include Windows Defender Exploit Guard which sees EMET (Enhanced Mitigation Experience Toolkit) becoming a native part of the operating system.
Microsoft says that it is raising the bar for security, and this is part of the "end-to-end security features" the company has announced. Windows Defender Advanced Threat Protection (ATP) will benefit from a centralized management system as Microsoft aims to "make life harder for the bad guys."
Writing on the Windows blog, Microsoft's Rob Lefferts explains that: "For the first time, Windows Defender Advanced Threat Protection (ATP) will include seamless integration across the entire Windows threat protection stack to protect, detect and respond with rich, centralized management. In addition, we’re extending the reach of Windows Defender ATP to include Windows Server OS to protect customers across platforms. New features and capabilities in the suite include Windows Defender Exploit Guard, Windows Defender Application Guard and substantial updates to Windows Defender Device Guard and Windows Defender Antivirus."
Microsoft says that it is introducing next-generation security, moving on to the idea of making vulnerabilities more difficult to exploit -- including zero-days:
By integrating the power of EMET along with new vulnerability mitigations, Exploit Guard includes prevention capabilities that help make vulnerabilities dramatically more difficult to exploit. In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organizations from advanced threats, including zero day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective.
Windows Defender Application Guard (WDAG) and Windows Defender Device Guard will protect against local attacks spreading across networks, retaining the centralized control system. Microsoft says that WDAG can sandbox malware and zero-days, and all of the tools make use of cloud intelligence, providing insights in hacking and malware threats. New Security Analytics capabilities and APIs will be introduced and will open up opportunities for automation.
Microsoft explains its latest approach to security in this video: