Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Enhanced visibility into web threats with Microsoft Defender ATP
Published Sep 30 2019 04:26 PM 17.8K Views
Microsoft

Enhanced visibility into web threats with Microsoft Defender ATP

 

Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) has rapidly evolved with new protection, detection, and investigation capabilities. But customers continue to ask about web protection with questions like “How can we manage web threats?” and “How can Microsoft Defender ATP help us protect web browsing activities?

 

In response to these inquiries, we are today giving customers more visibility into web threats affecting their network through the new web protection report which complements existing alerts for web threats, machine timeline events, and detailed domain/URL profiles. Existing Microsoft Defender ATP customers are now able to experience this enhanced visibility in Microsoft Defender Security Center.

 

Web protection leverages existing network protection capabilities to secure your devices against web threats without relying on a web proxy, providing security for devices that are either outside the network or on premises. It integrates with Microsoft Edge as well as popular third-party browsers (such as Chrome, Firefox, etc.), to stop access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that are blocked in your custom indicator list.

 

Web protection provides both security administrators and security operations:

 

  • Comprehensive visibility of web browsing activity at an organizational level
  • Investigation capabilities of web-related threat activity through alerts and comprehensive profiles of URLs and machines that access these URLs
  • A set of security features that let you to track general access trends to blocked websites

 

 

Monitor web browsing security

To help you monitor web browsing security, web protection delivers detection statistics on two interactive cards under Reports > Web protection in the Microsoft Defender Security Center:

  • Web threat protection detections over time—this trending card displays the number of web threats blocked by type over the selected time period (Last 30 days, Last 3 months, Last 6 months).web threat photo 1.png
  • Web threat protection summary—this card displays total blocks in the past 30 days, showing distribution across the different types of web threats. Clicking a slice opens the list of the domains of the URLs that were blocked.web threat photo 2.png
 

Respond to web threats with alerts

Web protection empowers security operations by allowing them to efficiently investigate and respond to web threat detections surfaced as Microsoft Defender ATP alerts. Each alert provides the following information:

  • The machine that attempted to access the unwanted URL
  • The app or program that sent the web request
  • The unwanted URL, whether it is malicious or set as blocked in your custom indicator list
  • Recommended actions for this type of detectionsweb threat photo 3.png
 

 

For information about web threat protection in Microsoft Defender ATP, see web protection documentation.

Version history
Last update:
‎Nov 01 2019 10:37 AM
Updated by: