Microsoft last week announced a new security sandbox capability called the Windows Defender Advanced Threat Protection (Microsoft Defender ATP) evaluation lab. Microsoft Defender ATP evaluation lab is a security platform for prevention, post-breach detection, and investigation. For businesses and existing clients that lack access to an internal lab in which to test security solutions, or for small to midsize businesses (SMBs) that don't have the expertise or resources to do so, Windows Defender ATP evaluation lab provides a secure and convenient sandbox.
Designed to skip through the complexities and expense of setting up a lab environment, Microsoft Defender ATP evaluation lab makes it possible to run advanced attacks contained in this virtual environment to keep data safe. Microsoft has opened up its Microsoft Defender ATP evaluation lab to existing customers as well as potential customers looking for this type of solution. Microsoft enables a free trial that lets customers request a quote and provision up to three virtual machines (VMs) to run attack simulations on applications including Java, Microsoft Office, and Windows 10.
This isn't the first time that Microsoft has created a safe and controlled environment for testing apps. It introduced Windows Sandbox last year for users to run and test executable files.
VMs Provisioned in Less Than 20 Minutes
"We understand that most customers go through product evaluations before they decide what security solutions they have to pick," said Ms. Hadar Feldman, Senior Program Manager and Security Researcher at Microsoft. "[Microsoft Defender ATP evaluation lab] takes away many of the pain points of setting up a testing lab. Customers can create VMs with one click and have them ready in under 20 minutes."
An easy-to-read dashboard allows users to view all the data in one place, including a real-time overview of their test results and a full report of all the ongoing tests visible at a glance. Microsoft Defender ATP evaluation lab is ideal for SMBs that may not have a security sandbox to set up and test various solutions they may be considering.
To create the Microsoft Defender ATP evaluation lab, Microsoft took a lot of input from their users and traced the various pain points and bottlenecks in creating sandboxes and running simulations. "The three key areas that we focused on are setup, simulation, and results," Feldman said.
She added that setup pertains to the provisioning of machines, including installing the latest operating systems (OSes) and apps. "We saw customers struggle with the setup part of building the lab, especially when they configured something wrong and had to start from scratch."
Feldman demonstrated via an online video conference call how easy it was to get up and running on Windows Defender ATP evaluation lab to provision a VM that could be ready within 15-20 minutes, complete with all of the apps needed to test a simulation. The VMs share the same virtual network so they can communicate with each other but they are prevented from communicating with other machines.
The Microsoft Defender ATP evaluation lab also features some preloaded tools to make analysis easier. There's also access to a library of common simulations and tests to try. The VMs are enabled for 72 hours from the time they are created.
An Informative All-In-One Dashboard
The Microsoft Defender ATP evaluation lab's dashboard (see photo above) gives a clear snapshot of the various components of the lab. There's a widget for the number of VMs allocated, including the number of hours they have been deployed (maximum of 72 hours for each VM). Below that is a detailed outlay of information including Status, Time Left, Exposure Level, Alerts Number, IP Addresses and Connections. An easy-to-read Report Overview widget on the right-hand side shows Alerts, Incidents, Actions Taken in Each Investigation, and Key Findings.
"We wanted to create a clear and easy-to-read all-in-one dashboard because a lot of this data can be overwhelming," Feldman said, adding that, while the solution is ready for public evaluation, Microsoft continues to evolve and iterate it depending on user feedback. "We feel like it is good enough for general availability even as we keep working on it and collecting user feedback."
Have any questions you need answered about the Windows Defender Advanced Threat Protection (ATP) evaluation lab? Join the PCMag@Work business community on LinkedIn, and you can ask vendors, other professionals like yourself, and PCMag's editors.