Windows Defender ATP machine learning: Detecting new and unusual breach activity
Microsoft invests in next-gen security to protect from malicious downloads and targeted threats by consolidating data and building systems that learn from data. These machine learning (ML) systems flag and surface threats that may go unnoticed. By augmenting human analysis, ML drives an antimalware evolution with SmartScreen and Windows Defender Antivirus, providing real-time detection of unknown, polymorphic malware. ML enhances how Windows Defender Advanced Threat Protection (ATP) catches advanced attacks, like apex attacker activities residing in memory or camouflaged as events from tools and apps. We explore ML methods that transform Windows Defender ATP for preventing attacks on customers and detecting post breach activity.