Microsoft has unveiled a new threat protection service that it said will help large organisations detect and counter network attacks.
Windows Defender Advanced Threat Protection uses a combination of endpoint and cloud-based tools, and is intended to add a new post-breach layer of protection to the Windows 10 security stack.
The new service is still under development, but it has already been deployed by some early adopter customers and is used to protect Microsoft's own network, the firm said.
Full details have yet to be disclosed, but the service is likely to be incorporated into the Windows 10 Enterprise edition of Microsoft's operating system, and thus available only to customers with a volume licensing agreement when it hits full release sometime later this year.
The service is designed to thwart the increasing sophistication of cyber attacks against corporate networks, and the damage that can be inflicted through lost productivity and loss or theft of confidential information.
Microsoft claims that breaches cost organisations an average of $12m per incident, in addition to a broader impact on reputation.
"As the attackers' approaches have evolved and become more sophisticated, so too must our approach to provide security to our enterprise customers," said Terry Myerson, Microsoft's executive vice president for the Windows and Devices Group, on the Windows Experience blog.
He added that 90 percent of IT directors responding to a survey expressed a need for a fully-fledged advanced threat protection solution capable of identifying attacks sooner and providing remediation.
Microsoft is following its familiar software-plus-services approach to address this, building Windows Defender Advanced Threat Protection around software built into Windows 10 endpoints and feeding data back to cloud-based services to provide a global view of the threat landscape.
The firm said that the service is powered by a combination of Windows behavioural sensors, cloud-based security analytics, threat intelligence and Microsoft's intelligent security graph. The latter is being developed to provide analytics on anonymised information drawn from over a billion Windows devices.
The collected security operations data provides an easy way to investigate alerts, explore the corporate network for signs of attack, and get detailed file footprints from across the organisation to recommend responses, according to Microsoft. It will also be able to examine the state of machines and their activities over the preceding six months for historical investigation.
One organisation involved in the trial is IT services firm Avanade. "Cyber security is my biggest concern and securing all endpoints in my organisation is my current priority," said Avanade IT security director Greg Petersen.
"Windows Defender Advanced Threat Protection is unique in that it can see exactly what's going on across every endpoint, which other solutions fail to address."
The service is being built into Windows 10, meaning that it will be automatically kept up to date along with Windows itself. No on-premise server infrastructure or ongoing maintenance is required, Microsoft said.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers