With Microsoft’s latest release of Windows Defender running in a virtual sandbox (the first of its kind), it may be time to focus your energies – and budget – on other parts of your security strategy.
Microsoft announced today the availability of its latest version of Windows Defender. Now running within a sandbox—a virtual process that runs separately from the rest of the operating system with minimal access to disk and memory—Microsoft has significantly upped the AV game.
Defender, like every AV solution, automatically scans all incoming files and data streams, that include emails, instant messages, or downloaded files. The potential exists for attackers to use malicious code to trick the AV in place into running a malicious process as System. By placing Defender into a sandbox, Microsoft eliminates that capability, actually making it a significantly safer AV choice than its competitors.
And because Windows Defender is included free in Windows 10, this improvement allows organizations to reallocate security budget from third-party AV to another more impactful part of your security layers.
But where is the wisest place to spend that now-available budget?
It all depends on what’s missing from your layered defense strategy, and what will have the most impact. In our recent 2018 Threat Impact and Endpoint Protection Report, we found that Security Awareness Training was 37% more effective at stopping malware and ransomware than any other endpoint-focused security solution.
This is mostly due to the fact that Security Awareness Training uniquely addresses the common thread among both malware and malware-less attacks: your end-user.
And in cases where even Defender misses the threat – for example a file-less, malware-less social engineering attack, awareness training educates users on how to spot attacks, and to avoid becoming victims.
So, definitely rejoice in the massive improvement Microsoft has made with Windows Defender – sandboxing will definitely help to spot and stop malicious attacks. But do keep this news in context of the bigger picture; attacks will continue to happen and you need an effective human firewall which you can create with new-school Security Awareness Training, to make sure your organization doesn’t fall prey to attackers should Defender—or other software layers—fail, which they very frequently do.