{"id":90583,"date":"2020-02-20T06:00:09","date_gmt":"2020-02-20T14:00:09","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90583"},"modified":"2023-09-26T08:53:17","modified_gmt":"2023-09-26T15:53:17","slug":"microsoft-threat-protection-intelligence-automation","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/microsoft-threat-protection-intelligence-automation\/","title":{"rendered":"Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation"},"content":{"rendered":"

Attackers will cross multiple domains like email, identity, endpoints, and applications to find the point of least resistance. Today\u2019s defense solutions have been designed to protect, detect, and block threats for each domain separately, allowing attackers to exploit the seams and threshold differences between solutions\u2014leaving the business vulnerable to attack. While one facet of an attack may be caught and blocked in email, the same threat actor may have also compromised identities by exploiting weak passwords or leaked credentials, or by fooling people into providing their passwords or authorization tokens. It\u2019s also possible for point solutions to overlook critical signals entirely because, in isolation, they failed to register as significant.<\/p>\n

The industry as a whole has struggled to win this battle, but we can turn the tide. The current class of security solutions can do a better job of stopping or even preventing the spread of attacks by looking at the entire security stack as a living organism. We have to force a shift in the protection paradigm by moving from a model of reactive detection and response based on siloed security solutions to proactive protection. We cannot leave security teams to manually coordinate signals across domains to fully understand the breadth of the attack and how to stop it. Threat protection that changes our approach to attacks requires built-in intelligence that can understand how an attack got in, prevent its spread across domains, and automatically heal compromised assets.<\/p>\n

Microsoft Threat Protection coordinates defenses to stop attacks from spreading and auto-heal impacted assets<\/h3>\n

Generally available Microsoft Threat Protection (MTP)<\/a> provides the built-in intelligence, automation, and integration to coordinate protection, detection, response, and prevention by combining and orchestrating into a single solution the capabilities of Microsoft Defender Advanced Threat Protection (ATP) (endpoints), Office 365 ATP (email), Azure ATP (identity), and Microsoft Cloud App Security (apps).<\/p>\n

With MTP, security teams can:<\/p>\n