Advanced Threat Protection is focused on advanced cyberattacks. In order to search abnormal activity, current Microsoft security technologies and expert knowledge are applied. After detection of violations, a detailed information about scales of threats and correlation with other important factors help to define type of attack, the way it will behave and choose the best way to respond to new and more complex attacks.
Integrated sensors allow to collect and process behavioral signals of users from operation system and transfer data about appropriate events and actions to isolated cloud server. It allows to determine abnormal behavior of users or malwares and respond to them in time.
It allows to transform behavioral signals in analytical data to detect threats and helps to determine ways to address them.
System allows to investigate tools, techniques, procedures applied by hackers and form a notification if the collected data have features of behavior of malicious code or hacker.