deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

add threat analytics

Browse Source
This commit is contained in:
jcaparas 2018-03-06 06:35:12 -08:00
parent 8e180c493a
commit 78d02f6453
1 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,51 @@
---
title: Windows Defender Advanced Threat Protection Threat analytics
description: Get a tailored organizational risk evaluation and actionable steps you can take to minimize risks in your organization.
keywords: threat analytics, risk evaluation, OS mitigation, microcode mitigation, mitigation status
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 03/05/2018
---
# Threat analytics for Spectre and Meltdown
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
[Spectre and Meltdown](https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/) is a new class of exploits that take advantage of critical vulnerabilities in the CPU processors, allowing attackers running user-level, non-admin code to steal data from kernel memory. These exploits can potentially allow arbitrary non-admin code running on a host machine to harvest sensitive data belonging to other apps or system processes, including apps on guest VMs.
Mitigating these vulnerabilities involves a complex multivendor update. It requires updates to Windows and Microsoft browsers using the [January 2018 Security Updates from Microsoft](https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99) and updates to processor microcode using fixes released by OEM and CPU vendors.
## Prerequisites
Note that the following requirements and limitations of the charts and what you might be able to do to improve visibility of the mitigation status of machines in your network:
- Only active machines running Windows 10 are checked for OS mitigations.
- When checking for microcode mitgations, Windows Defender ATP currently checks for updates applicable to Intel CPU processors only.
- To determine microcode mitigation status, machines must enable Windows Defender Antivirus and update to definition version 1.259.1545.0 or above.
- To be covered under the overall mitigation status, machines must have both OS and microcode mitigation information.
## Assess organizational risk with Threat analytics
Threat analytics helps you continually assess and control risk exposure to Spectre and Meltdown. Use the charts to quickly identify machines for the presence or absence of the following mitigations:
- **OS mitigation**: Identifies machines that have installed the January 2018 Security Updates from Microsoft and have not explicitly disabled any of the OS mitigations provided with these updates
- **Microcode mitigation**: Identifies machines that have installed the necessary microcode updates or those that do not require them
- **Overall mitigation status**: Identifies the completeness by which machines have mitigated against the Spectre and Meltdown exploits
Click a section of each chart to get a list of the machines in the corresponding mitigation status.