Understand the evolving threat landscape


Threat protection product names in Microsoft are changing. Read more about this and other updates. We'll be updating names in products and in the Learn content in the near future.

In today’s cyberthreat environment, security teams are up against a constant flood of incoming risks. But with advanced security analytics, machine learning, and their own intuition, security experts are fighting back with agile, adaptable defense systems. While security teams comb through tens of thousands of cybersecurity alerts-trying to separate legitimate risks from the noise—attacks can slip through the cracks unnoticed and do significant damage.

There’s too much to handle:

  • The average large organization has to sift through 17,000 malware warnings each week.
  • 99 days are the median amount of time for an organization to discover a security breach.
  • It takes less than 48 hours for attackers to have complete control of a network.
  • 4 million dollars is the average cost of a data breach to a company.

Intelligence matters

Microsoft Threat Protection (MTP) is an integrated, cross-domain threat detection and response solution. It provides organizations with the ability to prevent, detect, investigate. and remediate sophisticated cross-domain attacks within their Microsoft 365 environments. MTP leverages raw signal data from individual service domains - user identity, endpoints, applications, email, and collaboration tools, normalizing the data at the ingestion point.

The data is analyzed and low-level signals that may otherwise be missed as well as individual alerts are correlated into incidents. This gives a complete view of an attack that can be responded to in its entirety. Powerful workflows and AI autoheal affected assets. Advanced hunting capabilities mean organizations can use their proprietary knowledge to uncover sophisticated breaches and customize their responses. But, MTP requires no specific expertise or customization, so defenders can immediately use the integrated console and combined incident views.

With MTP, security teams can:

  • Automatically block attacks and eliminate their persistence to keep them from starting again.
  • Prioritize incidents for investigation and response.
  • Autoheal assets.
  • Focus unique expertise on cross-domain hunting.

Microsoft Threat Protection suite protects:

  • Endpoints with Microsoft Defender ATP - Microsoft Defender ATP is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
  • Email and collaboration with Office 365 ATP - Office 365 ATP safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
  • Identities with Azure ATP and Azure Active Directory (AD) Identity Protection - Azure ATP uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
  • Applications with Microsoft Cloud App security - Microsoft Cloud App security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Explore how to protect your organization with Microsoft 365 Defender

View a video version of the interactive guide (captions available in more languages).

Protect your organization with Microsoft 365 Defender

Be sure to click the full-screen option in the video player. When you're done, use the Back arrow in your browser to come back to this page.

To dynamically identify new threats, Windows Defender Antivirus (part of Microsoft Defender ATP) works with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.

The Microsoft Graph Security API is a unified API that provides a standard interface and uniform schema to integrate security alerts and threat intelligence from multiple sources, enrich alerts and data with contextual information, and automate security operations. The security API is part of the Microsoft Graph, which is a unified REST API for integrating data and intelligence from Microsoft and partner products and services. Using Microsoft Graph, customers and partners can rapidly build solutions that authenticate once and use a single API call to access or act on security insights from multiple security solutions. Additional value is uncovered when you explore the other Microsoft Graph entities (Office 365, Azure Active Directory, Intune, and more) to tie business context with your security insights.