- Microsoft is testing new features to defend the termination points
- The features will block traffic from and to unknown termination points
- The goal is to minimize the malicious side movement
Microsoft wants to minimize the risk of endless termination points by adding a new feature to its defender for the end point product, which will automatically block all traffic to and from these devices.
These devices are a major security risk because they can bypass surveillance, lack safety controls and potentially serve as input points for cyber attacks or data exfiltration.
The company is currently testing a new capacity which will contain the IP addresses of devices which have not been discovered or integrated into the defender for the end point.
Automatic protection
“The content of an IP address associated with unintegrated devices or peripherals not integrated into the defender for the termination point is done automatically thanks to an automatic attack disruption. The strategy contained IP automatically blocks a malicious IP address when the defender for the termination point detects the IP address to be associated with an un discreted device or an unbeatable device,” said Microsoft.
“Thanks to an automatic disruption of attacks, the final defender incriminates a malicious device, identifies the role of the device to apply a correspondence policy to automatically contain a critical asset. Granular confinement is done by blocking only specific ports and communication directions.”
We do not yet know when the feature will be published for users, but we know that it will be available on Defender for Endpoint devices on devices running Windows 10, Windows 2012 R2, Windows 2016 and Windows Server 2019+.
Microsoft also explained that there is a way to prevent the product from containing different IP addresses in the restaurant. This can be done via the “Contain IP” menu in the “Action Center”, which will have a “Cancel” button.
Via Bleeping Compompute
