Security Center has detection algorithms and it is being updated if attackers release new and increasingly sophisticated exploits. This algorithm collects security information to be analyzed. After analyzing the information, algorithm prioritizes the security alert with recommendation.
Security Center uses advanced security analytics, than identify using manual approaches. These security analytics systems are;
- Integrated threat intelligence: looks for known bad actors by leveraging global threat intelligence from Microsoft products and services, the Microsoft Digital Crimes Unit (DCU), the Microsoft Security Response Center (MSRC), and external feeds.
- Behavioral analytics: applies known patterns to discover malicious behavior.
- Anomaly detection: uses statistical profiling to build a historical baseline. It alerts on deviations from established baselines that conform to a potential attack vector