Microsoft has announced a new feature for the Defender enterprise security solution. Microsoft Defender for Endpoint (MDE) should make it possible to isolate hacked computers in the network, even if they are not managed. With this, the group aims to respond to attacks on corporate networks that are carried out sideways by unattended PCs.
This comes from a report by Bleeping Computer Online Magazine. The new Microsoft Defender for Endpoint capability then blocks attackers and malware from using compromised devices to move sideways through the network. This new capability allows administrators to “contain” unattended Windows devices on their network if they have already been hacked or are suspected of being hacked.
The isolation is then performed by the managed devices on the network. When a compromised device is discovered, all communication to and from the device is automatically blocked. According to Microsoft, this should make it more difficult for attackers to do further damage. “This action can prevent adjacent devices from being compromised while the Security Operations Analyst locates, identifies, and remediates the threat on the compromised device,” Microsoft said in a statement.
Support document for MDE However, the new MDE feature only works with integrated devices running Windows 10 and above or Windows Server 2019 and above. Older versions of Windows cannot be protected in this way. “Only devices running Windows 10 and above will perform the Trapped/Isolated action, which means that only devices running Windows 10 and above that are enrolled in Microsoft Defender for Endpoint on this time block are ‘stuck’ devices,” Microsoft said.
RS News or Research Snipers focuses on technology news with a special focus on mobile technology, tech companies, and the latest trends in the technology industry. RS news has vast experience in covering the latest stories in technology.