Home NewsX Microsoft Defender for Endpoint’s Safe Deployment Practices

Microsoft Defender for Endpoint’s Safe Deployment Practices

by info.odysseyx@gmail.com
0 comment 9 views


It is important for customers to understand that software vendors use secure deployment practices to help them build resilient processes that maintain productivity. This blog covers the architectural design of Microsoft Defender for Endpoint and our approach to delivering security updates based on secure deployment practices (SDP).

Microsoft Defender for Endpoints Protect your organization from sophisticated adversaries while optimizing resiliency, performance, and compatibility. Best practices for managing security tools on Windows.

Security tools running on Windows can achieve a balance of security and stability through careful product design, as described below. This post David Weston writes: Security vendors can limit the risk of reliability issues by using optimized sensors that operate in kernel mode for data collection and enforcement. The rest of the security solution, including update management, content loading, and user interaction, can be isolated in user mode, where reliability issues have less of an impact.

Tina_Cole_0-1723759733428.png

Image 1: Defender for Endpoint Integration into Windows Architecture

The remainder of this blog post describes how Microsoft uses secure deployment practices for Defender for Endpoint.castle Party endpoint protection solution.

Defender for Endpoint applies safe deployment practices to two separate update mechanisms.

  1. Software and Driver Updates It is updated monthly and can potentially update kernel mode components.
  2. Security Intelligence and Detection Logic Updates It may be updated multiple times a day and only applies to user mode components.

This blog details how Defender for Endpoint approaches SDP and what customers can do to manage their own rollout process for an additional layer of control.

1. Software and driver updates

Microsoft Defender for Endpoint releases monthly software and driver updates that add new features, improve existing features, and fix bugs. Defender for Endpoint’s kernel drivers capture system-wide signals such as process execution, file creation, and network activity. These drivers are updated through updates using a gradual, phased deployment process. Deployment assessments monitor key metrics such as reliability, performance, battery, and application compatibility across hardware and software configurations.

Tina_Cole_0-1723761339882.png

Image 2: Software and driver update rollout process for Defender for Endpoint

Microsoft Security Measures

All code and content changes go through the engineering release gates with extensive validation and stability testing. After the certification and validation process, Microsoft delivers the update to multiple device groups. Stabilization ring. The first stability ring targets hundreds of thousands of Microsoft employees and millions of internal devices, allowing us to discover and fix issues before customers do.

Inside each ring, we closely monitor quality signals such as product behavior and performance, as well as false positives., Before we roll out updates to a wider range of devices, we need to address functional, stability, and other issues first. We need to see how each update interacts with the devices in question and provide feedback to Microsoft before we roll it out.

Once internal testing is completed successfully, Microsoft will release the update externally in a phased manner to ensure stability. During this period, Microsoft will continuously monitor the rollout. This will allow us to quickly respond and remotely resolve any issues by reverting or re-issuing the update package.

Customer Control

In addition to Microsoft’s secure deployment practices, organizations can manage monthly updates with their own secure deployment policies through a variety of controls.

  • Control agent update delivery It updates to your devices based on your device group and update timing.
  • Applying patch management software and practices For security component updates, which may also be provided in the form of monthly latest cumulative updates (LCUs),
  • use passivity or automatic rollback option Resets or restores a component to its last known good state.

2. Security Intelligence and Detection Logic Updates

In addition to monthly code updates, Microsoft releases: Security Information Update It is installed on the device to complement real-time local and cloud-based machine learning models, behavioral analytics, and heuristics that enable Defender for Endpoint to neutralize the latest known cyber threats.

Because of the high frequency with which these updates must be delivered to protect customers, it is not feasible to distribute them through the same deployment process. Therefore, Microsoft Defender for Endpoint does not include kernel changes in intelligence updates. Instead, daily updates are provided only to components that run in user mode of the operating system. This approach helps mitigate the risks of these more frequent updates.

Microsoft Safety AssuranceRDS is

Similar to the software and driver update process, Microsoft provides security intelligence updates after extensive testing and rolls them out starting with internal devices, early access customers, and then releasing them externally in a controlled manner. We continuously monitor telemetry and can mitigate issues through the cloud in minutes.

Customer Control

Customers can also manage security intelligence updates with their own secure distribution policies through a variety of controls.

  • Stage Update Through the corporate network or software management solutions.
  • Critical systems receive updates at a lower frequency. Daily releases may be applied at a lower frequency to specific groups of devices, including servers critical to infrastructure operations.
  • Use rollback controls. As a last resort, you can use the following to revert or reset the component to the last known good state: Rollback Control.

resources

  • Sign up to start your free 90-day trial of Defender for Endpoint. here.
  • To learn more about controlling the rollout of Defender for Endpoint updates and joining the early access group, check out these resources: Windows, Scotsmanand Linux.





Source link

You may also like

Leave a Comment

Our Company

Welcome to OdysseyX, your one-stop destination for the latest news and opportunities across various domains.

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

@2024 – All Right Reserved. Designed and Developed by OdysseyX