{"id":27474,"date":"2019-06-24T15:00:55","date_gmt":"2019-06-24T15:00:55","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=89570"},"modified":"2019-06-24T15:00:55","modified_gmt":"2019-06-24T15:00:55","slug":"inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/","title":{"rendered":"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection"},"content":{"rendered":"<p>While Windows Defender Antivirus makes catching <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/05\/14\/executing-vision-microsoft-threat-protection\/\">5 billion threats on devices every month<\/a> look easy, multiple advanced detection and prevention technologies work under the hood to make this happen.<\/p>\n<p>Windows Defender Antivirus is the <a href=\"https:\/\/docs.microsoft.com\/windows\/security\/threat-protection\/windows-defender-antivirus\/windows-defender-antivirus-in-windows-10\">next-generation protection<\/a> component of Microsoft Defender Advanced Threat Protection (<a href=\"https:\/\/www.microsoft.com\/en-us\/WindowsForBusiness\/windows-atp?ocid=cx-blog-mmpc\">Microsoft Defender ATP<\/a>), Microsoft\u2019s unified endpoint security platform. Much like how Microsoft Defender ATP integrates multiple capabilities to address the complex security challenges in modern enterprises, Windows Defender Antivirus uses multiple engines to detect and stop a wide range of threats and attacker techniques at multiple points.<\/p>\n<p>These next-generation protection engines provide <a href=\"https:\/\/docs.microsoft.com\/windows\/security\/threat-protection\/intelligence\/top-scoring-industry-antivirus-tests\">industry-best<\/a> detection and blocking capabilities. Many of these engines are built into the client and provide advanced protection against majority of threats in real-time. When the client encounters unknown threats, it sends metadata or the file itself to the cloud protection service, where more advanced protections examine new threats on the fly and integrate signals from multiple sources.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-next-generation-protection-engines.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89571 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-next-generation-protection-engines.png\" alt width=\"1986\" height=\"1043\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-next-generation-protection-engines.png 1986w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-next-generation-protection-engines-300x158.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-next-generation-protection-engines-768x403.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-next-generation-protection-engines-1024x538.png 1024w\" sizes=\"auto, (max-width: 1986px) 100vw, 1986px\"><\/a><\/p>\n<p>These next-generation protection engines ensure that protection is:<\/p>\n<ul>\n<li><strong>Accurate<\/strong>: Threats both common and sophisticated, a lot of which are designed to try and slip through protections, are detected and blocked<\/li>\n<li><strong>Real-time<\/strong>: Threats are prevented from getting on to devices, stopped in real-time at first sight, or detected and remediated in the least possible time (typically within a few milliseconds)<\/li>\n<li><strong>Intelligent<\/strong>: Through the power of the cloud, machine learning (ML), and Microsoft\u2019s industry-leading optics, protection is enriched and made even more effective against new and unknown threats<\/li>\n<\/ul>\n<p>My team continuously enhances each of these engines to be increasingly effective at catching the latest strains of malware and attack methods. These enhancements show up in consistent <a href=\"https:\/\/docs.microsoft.com\/windows\/security\/threat-protection\/intelligence\/top-scoring-industry-antivirus-tests\">top scores in industry tests<\/a>, but more importantly, translate to <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/03\/07\/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign\/\">threats and malware outbreaks<\/a> stopped and <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/03\/22\/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise\/\">more customers protected<\/a>.<\/p>\n<p>Here\u2019s a rundown of the many components of the next generation protection capabilities in Microsoft Defender ATP:<\/p>\n<p>In the cloud:<\/p>\n<ul>\n<li><strong>Metadata-based ML engine<\/strong> \u2013 Specialized ML models, which include file type-specific models, feature-specific models, and adversary-hardened monotonic models, analyze a featurized description of suspicious files sent by the client. Stacked ensemble classifiers combine results from these models to make a real-time verdict to allow or block files pre-execution.<\/li>\n<li><strong>Behavior-based ML engine<\/strong> \u2013 Suspicious behavior sequences and advanced attack techniques are monitored on the client as triggers to analyze the process tree behavior using real-time cloud ML models. Monitored attack techniques span the attack chain, from exploits, elevation, and persistence all the way through to lateral movement and exfiltration.<\/li>\n<li><strong>AMSI-paired ML engine<\/strong> \u2013 Pairs of client-side and cloud-side models perform advanced analysis of scripting behavior pre- and post-execution to catch advanced threats like fileless and in-memory attacks. These models include a pair of models for each of the scripting engines covered, including PowerShell, JavaScript, VBScript, and Office VBA macros. Integrations include both dynamic content calls and\/or behavior instrumentation on the scripting engines.<\/li>\n<li><strong>File classification ML engine<\/strong> \u2013 Multi-class, deep neural network classifiers examine full file contents, provides an additional layer of defense against attacks that require additional analysis. Suspicious files are held from running and submitted to the cloud protection service for classification. Within seconds, full-content deep learning models produce a classification and reply to the client to allow or block the file.<\/li>\n<li><strong>Detonation-based ML engine<\/strong> \u2013 Suspicious files are detonated in a sandbox. Deep learning classifiers analyze the observed behaviors to block attacks.<\/li>\n<li><strong>Reputation ML engine<\/strong> \u2013 Domain-expert reputation sources and models from across Microsoft are queried to block threats that are linked to malicious or suspicious URLs, domains, emails, and files. Sources include Windows Defender SmartScreen for URL reputation models and Office 365 ATP for email attachment expert knowledge, among other Microsoft services through the Microsoft Intelligent Security Graph.<\/li>\n<li><strong>Smart rules engine<\/strong> \u2013 Expert-written smart rules identify threats based on researcher expertise and collective knowledge of threats.<\/li>\n<\/ul>\n<p>On the client:<\/p>\n<ul>\n<li><strong>ML engine<\/strong> \u2013 A set of light-weight machine learning models make a verdict within milliseconds. These include specialized models and features that are built for specific file types commonly abused by attackers. Examples include models built for portable executable (PE) files, PowerShell, Office macros, JavaScript, PDF files, and more.<\/li>\n<li><strong>Behavior monitoring engine<\/strong> \u2013 The behavior monitoring engine monitors for potential attacks post-execution. It observes process behaviors, including behavior sequence at runtime, to identify and block certain types of activities based on predetermined rules.<\/li>\n<li><strong>Memory scanning engine<\/strong> \u2013 This engine scans the memory space used by a running process to expose malicious behavior that may be hiding through code obfuscation.<\/li>\n<li><strong>AMSI integration engine<\/strong> \u2013 Deep in-app integration engine enables detection of fileless and in-memory attacks through Antimalware Scan Interface (<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/AMSI\/antimalware-scan-interface-portal\">AMSI<\/a>), defeating code obfuscation. This integration blocks malicious behavior of scripts client-side.<\/li>\n<li><strong>Heuristics engine<\/strong> \u2013 Heuristic rules identify file characteristics that have similarities with known malicious characteristics to catch new threats or modified versions of known threats.<\/li>\n<li><strong>Emulation engine<\/strong> \u2013 The emulation engine dynamically unpacks malware and examines how they would behave at runtime. The dynamic emulation of the content and scanning both the behavior during emulation and the memory content at the end of emulation defeat malware packers and expose the behavior of polymorphic malware.<\/li>\n<li><strong>Network engine<\/strong> \u2013 Network activities are inspected to identify and stop malicious activities from threats.<\/li>\n<\/ul>\n<p>Together with <a href=\"https:\/\/docs.microsoft.com\/windows\/security\/threat-protection\/microsoft-defender-atp\/overview-attack-surface-reduction\">attack surface reduction<\/a>\u2014composed of advanced capabilities like hardware-based isolation, application control, exploit protection, network protection, controlled folder access, attack surface reduction rules, and network firewall\u2014these <a href=\"https:\/\/docs.microsoft.com\/windows\/security\/threat-protection\/windows-defender-antivirus\/windows-defender-antivirus-in-windows-10\">next-generation protection<\/a> engines deliver Microsoft Defender ATP\u2019s pre-breach capabilities, stopping attacks before they can infiltrate devices and compromise networks.<\/p>\n<p>As part of Microsoft\u2019s defense-in-depth solution, the superior performance of these engines accrues to the <a href=\"https:\/\/www.microsoft.com\/en-us\/WindowsForBusiness\/windows-atp?ocid=cx-blog-mmpc\">Microsoft Defender ATP<\/a> unified endpoint protection, where antivirus detections and other next-generation protection capabilities enrich endpoint detection and response, automated investigation and remediation, advanced hunting, threat and vulnerability management, managed threat hunting service, and other capabilities.<\/p>\n<p>These protections are further amplified through <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/technology\/threat-protection\">Microsoft Threat Protection<\/a>, Microsoft\u2019s comprehensive, end-to-end security solution for the modern workplace. Through <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\">signal-sharing and orchestration of remediation across Microsoft\u2019s security technologies<\/a>, Microsoft Threat Protection secures identities, endpoints, email and data, apps, and infrastructure.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-89572\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-ngp-microsoft-threat-protection.png\" alt width=\"1118\" height=\"1117\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-ngp-microsoft-threat-protection.png 1118w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-ngp-microsoft-threat-protection-150x150.png 150w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-ngp-microsoft-threat-protection-300x300.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-ngp-microsoft-threat-protection-768x767.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-ngp-microsoft-threat-protection-1024x1024.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/microsoft-defender-atp-ngp-microsoft-threat-protection-100x100.png 100w\" sizes=\"auto, (max-width: 1118px) 100vw, 1118px\"><\/p>\n<p>The enormous evolution of Microsoft Defender ATP\u2019s next generation protection follows the same upward trajectory of innovation across Microsoft\u2019s security technologies, which the industry recognizes, and customers benefit from. We will continue to improve and lead the industry in evolving security.<\/p>\n<p><strong><em>Tanmay Ganacharya (<a href=\"https:\/\/twitter.com\/tanmayg\">@tanmayg<\/a>)<\/em><\/strong><br \/><em>Principal Director, Microsoft Defender ATP Research<\/em><\/p>\n<hr>\n<h3>Talk to us<\/h3>\n<p>Questions, concerns, or insights on this story? Join discussions at the&nbsp;<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Windows-Defender-Advanced-Threat\/ct-p\/WindowsDefenderAdvanced\">Microsoft Defender ATP community<\/a>.<\/p>\n<p>Follow us on Twitter <a href=\"https:\/\/twitter.com\/MsftSecIntel\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>@MsftSecIntel<\/strong><\/a>.<\/p>\n<p>READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/06\/24\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Multiple next-generation protection engines to detect and stop a wide range of threats and attacker techniques at multiple points, providing industry-best detection and blocking capabilities.<br \/>\nThe post Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection appeared first on Microsoft Security. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":27475,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[6859,3397,3661,6863,347,6419,350,351,6864,6717,6865,6578,717,6715],"class_list":["post-27474","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-ai-and-machine-learning","tag-antimalware-scan-interface-amsi","tag-behavior-monitoring","tag-behavior-based-machine-learning","tag-cybersecurity","tag-endpoint-security","tag-heuristics","tag-machine-learning","tag-memory-scanning","tag-microsoft-defender-atp","tag-next-generation-protections","tag-threat-protection","tag-windows-defender-antivirus","tag-windows-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-24T15:00:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1986\" \/>\n\t<meta property=\"og:image:height\" content=\"1043\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection\",\"datePublished\":\"2019-06-24T15:00:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/\"},\"wordCount\":1084,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png\",\"keywords\":[\"AI and machine learning\",\"Antimalware Scan Interface (AMSI)\",\"behavior monitoring\",\"behavior-based machine learning\",\"Cybersecurity\",\"Endpoint security\",\"heuristics\",\"machine learning\",\"memory scanning\",\"Microsoft Defender ATP\",\"next-generation protections\",\"Threat protection\",\"Windows Defender Antivirus\",\"Windows Security\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/\",\"name\":\"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png\",\"datePublished\":\"2019-06-24T15:00:55+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png\",\"width\":1986,\"height\":1043},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AI and machine learning\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/ai-and-machine-learning\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/","og_locale":"en_US","og_type":"article","og_title":"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-06-24T15:00:55+00:00","og_image":[{"width":1986,"height":1043,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection","datePublished":"2019-06-24T15:00:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/"},"wordCount":1084,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png","keywords":["AI and machine learning","Antimalware Scan Interface (AMSI)","behavior monitoring","behavior-based machine learning","Cybersecurity","Endpoint security","heuristics","machine learning","memory scanning","Microsoft Defender ATP","next-generation protections","Threat protection","Windows Defender Antivirus","Windows Security"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/","url":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/","name":"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png","datePublished":"2019-06-24T15:00:55+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection.png","width":1986,"height":1043},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"AI and machine learning","item":"https:\/\/www.threatshub.org\/blog\/tag\/ai-and-machine-learning\/"},{"@type":"ListItem","position":3,"name":"Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=27474"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27474\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/27475"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=27474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=27474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=27474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}