Automatic hack recovery
The tech giant plans to add a new tool to its flagship software that automates what a security professional would do in response to a hacking. A test version of the feature will be available as part of the company’s Windows Defender “advanced threat protection” product, its corporate security service, before the end of the year, Rob Lefferts, head of security for Windows, tells Fortune.
The goal, he says, is “not only find the bad guys and breaches, but fix them.”
“A lot of simple, straight-forward tasks are fully automated so that people can focus on more complex and strategic things,” Lefferts says. While more sophisticated cyber attacks require a human at the helm to plan a response, machines are ideal for coordinating responses to lesser attacks—a lot of which are “fairly cookie cutter,” he says.
Once a breach is detected, the system is programmed to run through steps like determining the type of attack, isolating other affected machines, deleting malicious software files, or reformatting hard drives and reinstalling operating systems, depending on the severity of the compromise.
Get Data Sheet, Fortune’s technology newsletter
The tool is based on technology created by Hexadite, an Israeli cybersecurity startup that Microsoft acquired for a reported $100 million this summer. Other products in the same category, dubbed “security orchestration, automation, and response” by market research firm Gartner, include IBM’s Resilient Systems, ServiceNow’s SecOps, FireEye’s Orchestrator, and Phantom Cyber.
Anton Chuvakin, a VP of research at Gartner, described the Windows update as “fairly important,” but said it would be even more significant if Microsoft planned to expand its compatibility with other companies’ products. “Typical enterprise security operations are very multi-vendor, and certainly not Microsoft-only,” he said.
Peter Firstbrook, another VP of research at Gartner, said that the update “does signal the beginning of automated security response and it is another demonstration that Microsoft is not content to have just basic security anymore.”
Lefferts said Microsoft would “continue to evaluate news ways to integrate the technology.”