Microsoft is partnering with other security vendors to integrate their macOS, Linux, iOS, and Android security wares with its Windows Defender Advanced Threat Protection (ATP) service.
On Nov. 8, Microsoft announced the first three such partners: Bitdefender, Lookoutm and Ziften. These companies will feed any threats detected into the single Windows Defender ATP console. With Defender ATP, every device has its own timeline with event history dating back up to six months.
According to Microsoft, no additional infrastructure is needed to onboard events from macOS, Linux, iOS and/or Android devices.
Integration with Bitdefender’s GravityZone Cloud — which allows users to get macOS and Linux threat intelligence on malware and suspicious files — is in public preview as of today. A trial version is available now. Integration with Lookout’s Mobile Endpoint Security for iOS and Android and Ziften’s Zenith systems and security operations platform for macOS and Linux will be in public preview “soon,” Microsoft’s blog post says. Users can register for trial versions of those two integrations now.
Windows Defender ATP is built into Windows 10 Enterprise. Defender ATP is different from Windows Defender, Microsoft’s free antivirus service that’s bundled into various Windows versions. Defender ATP (codenamed “Seville” is a post-breach service, meant to help detect threats that have made it past other defenses, give users means to investigate breaches and offer suggested responses.
Microsoft previously announced plans to supplement Windows Defender ATP with technology acquired from its Hexadite acquisition earlier this year. Hexadite’s Automated Incident Response Solution (AIRS) is designed to investigate alerts and remediate threats either without human intervention or in a semi-automated mode.
Starting with the Windows 10 Fall Creators Update, Microsoft officials began describing Windows Defender ATP as a suite of tools, which includes Defender Application Guard, Defender Device Guard, and Defender Antivirus.