23 matches found
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe the affected network’s...
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
The application of deep learning and other machine learning methods to threat detection on endpoints, email and docs, apps, and identities drives a significant piece of the coordinated defense delivered by Microsoft Threat Protection. Within each domain as well as across domains, machine learning...
UEFI scanner brings Microsoft Defender ATP protection to a new level
Microsoft Defender Advanced Threat Protection Microsoft Defender ATP is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface UEFI scanner. Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutio...
How to gain 24/7 detection and response coverage with Microsoft Defender ATP
This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go...
Microsoft Defender ATP can help you secure your remote workforce
As the number of home-based workers has accelerated in the last few weeks, it’s introduced new challenges. You may want to expand the number and types of devices employees can use to access company resources. You need to support a surge in SaaS usage. And it’s important to adjust security policie...
MISA expands with new members and new product additions
Another RSA Conference RSAC and another big year for the Microsoft Intelligent Security Association MISA. MISA was launched at RSAC 2018 with 26 members and a year later we had doubled in size to 53 members. Today, I am excited to share that the association has again doubled in size to 102 member...
Threat hunting in Azure Advanced Threat Protection (ATP)
As members of Microsoft’s Detection and Response Team DART, we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult as you...
Mobile threat defense and intelligence are a core part of cyber defense
The modern workplace is a mobile workplace. Today’s organizations rely on mobility to increase productivity and improve the customer experience. But the proliferation of smartphones and other mobile devices has also expanded the attack surface of roughly 5 billion mobile devices in the world, man...
Further enhancing security from Microsoft, not just for Microsoft
Legacy infrastructure. Bolted-on security solutions. Application sprawl. Multi-cloud environments. Company data stored across devices and apps. IT and security resource constraints. Uncertainty of where and when the next attack or leak will come, including from the inside. These are just a few of...
Microsoft announces new innovations in security, compliance, and identity at Ignite
Today, at the Microsoft Ignite Conference, we’re announcing new innovations designed to help customers across their security, compliance, and identity needs. With so much going on at Ignite this week, I want to highlight the top 10 announcements: 1. Azure Sentinel—We’re introducing new connectors...
Experts on demand: Your direct line to Microsoft security insight, guidance, and expertise
Microsoft Threat Experts is the managed threat hunting service within Microsoft Defender Advanced Threat Protection ATP that includes two capabilities: targeted attack notifications and experts on demand. Today, we are extremely excited to share that experts on demand is now generally available a...
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection Microsoft Defender ATP employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land...
Deep learning rises: New methods for detecting malicious PowerShell
Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on...
How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
Detecting and stopping attacks that tamper with kernel-mode agents at the hypervisor level is a critical component of the unified endpoint protection platform in Microsoft Defender Advanced Threat Protection Microsoft Defender ATP. It’s not without challenges, but the deep integration of Windows...
New machine learning model sifts through the good to unearth the bad in evasive malware
We continuously harden machine learning protections against evasion and adversarial attacks. One of the latest innovations in our protection technology is the addition of a class of hardened malware detection machine learning models called monotonic models to Microsoft Defender ATP's Antivirus...
Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
The prevailing perception about fileless threats, among the security industry’s biggest areas of concern today, is that security solutions are helpless against these supposedly invincible threats. Because fileless attacks run the payload directly in memory or leverage legitimate system tools to r...
Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
I'm excited to announce that Microsoft’s Threat & Vulnerability Management solution is generally available as of June 30! We have been working closely with customers for more than a year to incorporate their real needs and feedback to better address vulnerability management. Our goal is to empowe...
Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Windows Defender Antivirus is the next-generation protection component of Microsoft Defender Advance...
Step 9. Protect your OS: top 10 actions to secure your environment
In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection Microsoft Defender ATP to defend your Windows, macOS, Linux, iOS, and Android devices from advanced threats. In an...
Detecting credential theft through memory access modelling with Microsoft Defender ATP
Stealing user credentials is a key step for attackers to move laterally across victim networks. In today’s attacks, we see a range of tools used to achieve credential theft, requiring protections that target the root behavior and not just individual known tools as is often done by traditional...