With Windows 10 Creators Update, Microsoft is introducing a centralized portal called the Windows Security Center which will help IT admins to easily monitor, track and act on security events. It will link to Office 365 Advanced Threat Protection, via the Microsoft Intelligent Security Graph, to allow IT admins to easily follow an attack across endpoints and email in an integrated way. Apart from this, Microsoft is also adding new actions and insights in Windows Defender Advanced Threat Protection (ATP) which will IT admins to investigate and respond to network attacks, including sensors in memory, enriched intelligence and new remediation actions.
Microsoft is also expanding Windows Defender ATP sensors to detect threats that persist only in memory or kernel level exploits. This will enable IT admins to monitor loaded drivers and in-memory activities, and to detect various patterns of injection, reflective loading, and in-memory modifications indicating potential kernel exploits.
Microsoft is also enabling IT admins to feed their own intelligence into the Windows Security Center for alerts on activities based on their own indicators of compromise. Not only they improving the intelligence, they are also delivering new remediation actions in Windows Defender ATP that will give IT admins the tools to isolate machines, collect forensics, kill and clean running processes and quarantine or block files with a single click in the Windows Security Center and further reduce response time.