Understand attack surface reduction
Attack Surface Reduction is hardening the places where a threat is likely to attack. As a Security Analyst, it is your role to understand the protection options and provide recommendations. While you're performing alert investigations, you should know the events generated by Attack Surface Reduction on the host, which might provide forensics evidence.
The following items are a list of Attack Surface Reduction components:
Solution
Description
Attack surface reduction rules
Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Microsoft Defender Antivirus).
Hardware-based isolation
Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. Use container isolation for Microsoft Edge to help guard against malicious websites.
Application control
Use application control so that your applications must earn trust in order to run.
Exploit protection
Help protect operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions.
Network protection
Extend protection to your network traffic and connectivity on your organization's devices. (Requires Microsoft Defender Antivirus)
Web protection
Secure your devices against web threats and help you regulate unwanted content.
Controlled folder access
Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Microsoft Defender Antivirus)
Device control
Protects against data loss by monitoring and controlling media used on devices, such as removable storage and USB drives, in your organization.