Microsoft has recently introduced new updates to enhance network security with Defender. The latest announcement reveals that Microsoft Defender now isolates undiscovered endpoints to prevent lateral movement on compromised networks.
Enhanced Security with Microsoft Defender Isolating Undiscovered Endpoints
According to a recent announcement, the latest update of Defender for Endpoint includes a feature to isolate undiscovered endpoints, effectively containing potential attacks.
Cyberattacks often involve lateral movement within networks, allowing attackers to compromise multiple connected devices. While Microsoft Defender for Endpoint is effective in preventing such attacks, blocking attacks from devices not onboarded can pose challenges. With the new updates, Microsoft Defender for Endpoint now isolates undiscovered endpoints, preventing lateral movements.
To achieve this, Microsoft Defender for Endpoint utilizes IP containing to restrict any IP address detected on the network that is not associated with onboarded devices. This measure prevents malicious devices from connecting to the network.
As detailed in Microsoft’s post, Defender implements device isolation through automatic attack disruption to prevent lateral movements.
Automatic attack disruption automatically contains malicious IP addresses associated with undiscovered or non-onboarded devices. The Contain IP policy blocks such IP addresses upon detection by Defender for Endpoint.
Microsoft further explains automatic attack disruption as a mechanism to contain ongoing attacks, minimize impact, and provide security teams with time to remediate fully.
Upon containment of a suspicious IP address, users can review the details in the Action Center and decide whether to continue containment or stop it. Additionally, Microsoft Defender for Endpoint also contains compromised critical assets and users.
The IP containing feature is available for Windows 10, Windows 2012 R2, Windows 2016, and Windows Server 2019+ devices, while user containment is supported on specific Microsoft Defender for Endpoint devices.
Additional Security Upgrades in April Release
In addition to the IP containing policy for undiscovered endpoints, the latest release of Microsoft Defender for Endpoint introduces two new ASR rules to enhance security.
To benefit from these updates, users should ensure their systems are updated with the latest version of Microsoft Defender for Endpoint.
Share your thoughts in the comments section below.
