Windows 10 is Adding APT Protection. Here’s Why That’s a Big Deal.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys.

There is so much news coming out of the RSA Conference this year, it’s almost impossible to cover it all.

As with most large tech trade shows, the news runs the gamut from the really cool but perhaps not all that practical, like VASCO adding selfie-based protection to mobile banking apps, to the really important, yet painfully dull, like Centrify’s new initiative to protect endpoints from compromised credentials.

For feds, however, and especially those working in the Defense Department, the most important news from RSA is probably going to be the fact that Windows 10 is adding advanced persistent threat protection into all devices running that operating system.

This is especially pertinent to DOD following the November announcement from the Pentagon chief information officer directing all of the combatant commands, services, agencies and field activities to rapidly deploy the Windows 10 operating system throughout their respective organizations starting in January 2016.

DOD hopes to have everything converted over to Windows 10 by January 2017. All of those devices within DOD would have this new protection added and maintained for free, so not a bad deal at all.

The specter of APTs, basically advanced malware that communicates back to, and is sometimes directly controlled by, human attackers has risen to become the most dangerous threat to cybersecurity today.

APTs have been behind almost every large-scale successful attack for the past five years, from the theft of Target department store’s customer data to the theft of thousands of patient records from Anthem to the loss of the personal data of thousands of federal employees and their families in the breach at the Office of Personnel Management.

The new service is called Windows Defender Advanced Threat Protection, and like the main Defender product that protects all Windows 10 devices, it will be tied in directly with the operating system. The new service will be available and constantly updated for no additional charge.

Defender is a great idea to begin with, and provides really good anti-virus and anti-malware protection to Windows 10 users right out of the box. I’ve done some extensive testing with it in my lab since the OS was first released, and found  it works just as well, and in some cases better, than third-party anti-virus solutions.

Yet, it doesn’t get in the way of users, and unless they go digging a little bit, most people may not even know that it’s there. The logic behind Defender is that protecting everyone keeps everyone else safe. It prevents attackers from finding and exploiting the low-hanging fruit that exists in most organizations.

I’ve seen this logic before with anti-virus products like AVG Free, but never has protection like this been included directly into a popular operating system, giving it an incredible reach.

Windows Defender Advanced Threat Protection adds yet another layer of protection on top of the standard Defender. The advanced protection will help to provide visibility about ongoing threats to a protected network, and even gives organizations like DOD a post-breach investigation ability should the worst happen.

Microsoft is able to provide threat intelligence to enterprises like DOD because Defender by default shares information about the threats it encounters into the cloud and ultimately back to a security operations center constantly manned by Microsoft. What that has allowed Microsoft to do is deploy the largest network of threat sensors ever seen, with each Windows 10 device becoming part of that network.

Now, when any Windows 10 device is attacked, Microsoft will know about it. Defenses can then be crafted by Microsoft on the fly and pushed out to protect other devices. That information can also be shared with agencies like DOD though the Windows Defender Advanced Threat Protection interface.

Additionally, the service’s security operations data gives defenders the ability to investigate alerts, explore their network for signs of attacks, examine attacker actions on specific devices, and get detailed file footprints from across their organization.

I have not had a chance yet to take a look at the new Windows Defender Advanced Threat Protection, though I would like to do so in the coming weeks. But having actionable threat intelligence baked into an operating system and available for free is a pretty great idea.

I wonder if DOD knew about Windows Defender Advanced Threat Protection beforehand, which might have helped to influence its move to all Windows 10 devices. In either case, that move seems like an even better one in the light of this new revelation.