Microsoft Defender for Endpoint’s Safe Deployment Practices by info.odysseyx@gmail.com August 15, 2024 written by info.odysseyx@gmail.com August 15, 2024 0 comment 9 views 9 It is important for customers to understand that software vendors use secure deployment practices to help them build resilient processes that maintain productivity. This blog covers the architectural design of Microsoft Defender for Endpoint and our approach to delivering security updates based on secure deployment practices (SDP). Microsoft Defender for Endpoints Protect your organization from sophisticated adversaries while optimizing resiliency, performance, and compatibility. Best practices for managing security tools on Windows. Security tools running on Windows can achieve a balance of security and stability through careful product design, as described below. This post David Weston writes: Security vendors can limit the risk of reliability issues by using optimized sensors that operate in kernel mode for data collection and enforcement. The rest of the security solution, including update management, content loading, and user interaction, can be isolated in user mode, where reliability issues have less of an impact. Image 1: Defender for Endpoint Integration into Windows Architecture The remainder of this blog post describes how Microsoft uses secure deployment practices for Defender for Endpoint.castle Party endpoint protection solution. Defender for Endpoint applies safe deployment practices to two separate update mechanisms. Software and Driver Updates It is updated monthly and can potentially update kernel mode components. Security Intelligence and Detection Logic Updates It may be updated multiple times a day and only applies to user mode components. This blog details how Defender for Endpoint approaches SDP and what customers can do to manage their own rollout process for an additional layer of control. 1. Software and driver updates Microsoft Defender for Endpoint releases monthly software and driver updates that add new features, improve existing features, and fix bugs. Defender for Endpoint’s kernel drivers capture system-wide signals such as process execution, file creation, and network activity. These drivers are updated through updates using a gradual, phased deployment process. Deployment assessments monitor key metrics such as reliability, performance, battery, and application compatibility across hardware and software configurations. Image 2: Software and driver update rollout process for Defender for Endpoint Microsoft Security Measures All code and content changes go through the engineering release gates with extensive validation and stability testing. After the certification and validation process, Microsoft delivers the update to multiple device groups. Stabilization ring. The first stability ring targets hundreds of thousands of Microsoft employees and millions of internal devices, allowing us to discover and fix issues before customers do. Inside each ring, we closely monitor quality signals such as product behavior and performance, as well as false positives., Before we roll out updates to a wider range of devices, we need to address functional, stability, and other issues first. We need to see how each update interacts with the devices in question and provide feedback to Microsoft before we roll it out. Once internal testing is completed successfully, Microsoft will release the update externally in a phased manner to ensure stability. During this period, Microsoft will continuously monitor the rollout. This will allow us to quickly respond and remotely resolve any issues by reverting or re-issuing the update package. Customer Control In addition to Microsoft’s secure deployment practices, organizations can manage monthly updates with their own secure deployment policies through a variety of controls. Control agent update delivery It updates to your devices based on your device group and update timing. Applying patch management software and practices For security component updates, which may also be provided in the form of monthly latest cumulative updates (LCUs), use passivity or automatic rollback option Resets or restores a component to its last known good state. 2. Security Intelligence and Detection Logic Updates In addition to monthly code updates, Microsoft releases: Security Information Update It is installed on the device to complement real-time local and cloud-based machine learning models, behavioral analytics, and heuristics that enable Defender for Endpoint to neutralize the latest known cyber threats. Because of the high frequency with which these updates must be delivered to protect customers, it is not feasible to distribute them through the same deployment process. Therefore, Microsoft Defender for Endpoint does not include kernel changes in intelligence updates. Instead, daily updates are provided only to components that run in user mode of the operating system. This approach helps mitigate the risks of these more frequent updates. Microsoft Safety AssuranceRDS is Similar to the software and driver update process, Microsoft provides security intelligence updates after extensive testing and rolls them out starting with internal devices, early access customers, and then releasing them externally in a controlled manner. We continuously monitor telemetry and can mitigate issues through the cloud in minutes. Customer Control Customers can also manage security intelligence updates with their own secure distribution policies through a variety of controls. Stage Update Through the corporate network or software management solutions. Critical systems receive updates at a lower frequency. Daily releases may be applied at a lower frequency to specific groups of devices, including servers critical to infrastructure operations. Use rollback controls. As a last resort, you can use the following to revert or reset the component to the last known good state: Rollback Control. resources Sign up to start your free 90-day trial of Defender for Endpoint. here. To learn more about controlling the rollout of Defender for Endpoint updates and joining the early access group, check out these resources: Windows, Scotsmanand Linux. Source link Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post New Sales Travel Consultant Job Openings in Surat at Intend Travel – Apply Now next post Guatemala Healthcare Market Assessment Coordinates | Guatemala City, Guatemala | 2024 – Guatemala You may also like 7 Disturbing Tech Trends of 2024 December 19, 2024 AI on phones fails to impress Apple, Samsung users: Survey December 18, 2024 Standout technology products of 2024 December 16, 2024 Is Intel Equivalent to Tech Industry 2024 NY Giant? December 12, 2024 Google’s Willow chip marks breakthrough in quantum computing December 11, 2024 Job seekers are targeted in mobile phishing campaigns December 10, 2024 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.