- Microsoft is testing new functions for the defender for the end point
- The characteristics will block traffic from and the final points not discovered
- The objective is to minimize the malicious lateral movement
Microsoft wants to minimize the risk of non -discovered final points by adding a new feature to its defender for the final point product, which will automatically block all traffic to and from these devices.
These devices are an important safety risk because they can ignore monitoring, lack security controls and potentially serve as input points for cyber attacks or data exfiltration.
Currently, the company is testing a new capacity that will contain the IP addresses of the devices that have not been discovered or incorporated into the defender for the end point.
Automatic protection
“The containment of an IP address associated with non -discovered devices or devices that are not on board the defender for the end point is automatically performed through the automatic interruption of the attack. The IP content policy automatically blocks an Malicious IP address when the defender for the final point detects that the IP address is associated with a non -discovered device or a device that is not on board,” Microsoft said.
“Through the automatic interruption of the attack, the defender for the end point incriminates a malicious device, identifies the role of the device to apply a policy of coincidence to automatically contain a critical asset. The granular containment is carried out by blocking only specific ports and communication addresses.”
We still do not know when the function will be launched for users, but we do know that it will be available to defend for final point devices with Windows 10, Windows 2012 R2, Windows 2016 and Windows Server 2019+.
Microsoft also explained that there is a way to prevent the product from containing different IP addresses restoring the connection. That can be done through the “contain IP” menu in the “Action Center”, which will have a “undo” button.
Through Bleepingcomputer
