23 matches found
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe the affected network’s...
Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics
In theory, a cyberattack can be disrupted at every phase of the attack chain. In reality, however, defense stack boundaries should overlap in order to be effective. When a threat comes via email, for example, even with good security solutions in place, organizations must assume that the threat ma...
Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents
Cybersecurity incidents are never contained to just one of your organization’s assets. Most attacks involve multiple elements across domains, including email, endpoints, identities, and applications. To rapidly understand and address incidents, your Security Operations Center SOC analysts need to...
Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint
The increasing pervasiveness of cloud services in today’s work environments, accelerated by a crisis that forced companies around the globe to shift to remote work, is significantly changing how defenders must monitor and protect organizations. Corporate data is spread across multiple...
Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation
In September 2019, MITRE evaluated Microsoft Threat Protection MTP and other endpoint security solutions. The ATT&CK evaluation lasted for three days, with a professional red team from MITRE emulating many advanced attack behaviors used by the nation-state threat group known as YTTRIUM APT29. Aft...
The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware
The linchpin of successful cyberattacks, exemplified by nation state-level attacks and human-operated ransomware, is their ability to find the path of least resistance and progressively move across a compromised network. Determining the full scope and impact of these attacks is one the most...
Open-sourcing new COVID-19 threat intelligence
A global threat requires a global response. While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cybercriminals using COVID-19 as a lure to mount attacks. As a security intelligence community, we are stronger when we share...
MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats
As attackers use more advanced techniques, it’s even more important that defenders have visibility not just into each of the domains in their environment, but also across them to piece together coordinated, targeted, and advanced attacks. This level of visibility will allow us to get ahead of...
Behavioral blocking and containment: Transforming optics into protection
In today’s threat landscape—overrun by fileless malware that live off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, human-operated attacks that adapt to what adversaries find on compromised machines, and other sophisticated threats—behavioral...
New Microsoft Security innovations and partnerships
Today on the Official Microsoft Blog, Ann Johnson, Corporate Vice President of the Cybersecurity Solutions Group, shared how Microsoft is helping turn the tide in cybersecurity by putting artificial intelligence AI in the hands of defenders. She announced the general availability of Microsoft...
Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals
Cybercrime is as much a people problem as it is a technology problem. To respond effectively, the defender community must harness machine learning to compliment the strengths of people. This is the philosophy that undergirds Azure Sentinel. Azure Sentinel is a cloud-native SIEM that exploits...
Further enhancing security from Microsoft, not just for Microsoft
Legacy infrastructure. Bolted-on security solutions. Application sprawl. Multi-cloud environments. Company data stored across devices and apps. IT and security resource constraints. Uncertainty of where and when the next attack or leak will come, including from the inside. These are just a few of...
The evolution of Microsoft Threat Protection—July update
Modern security teams need to proactively, efficiently, and effectively hunt for threats across multiple attack vectors. To address this need, today we’re excited to give you a glimpse of a new threat hunting capability coming soon to Microsoft Threat Protection. Building off the threat hunting...
The evolution of Microsoft Threat Protection, June update
Since our announcement of Microsoft Threat Protection at Microsoft Ignite, our goal has been to execute and deliver on our promise of helping organizations protect themselves from today’s sophisticated and complex threat landscape. As we close out our fiscal year, we’ve continued progress on...
Ovum recommends Microsoft security to safeguard your hybrid and multi cloud environments
According to a new Ovum report, "Azure Sentinel…positions Microsoft to be a force for change in a security information and events management SIEM market that is ripe for disruption at the moment." As enterprises migrate to the cloud, they’re increasingly operating on-premises and cloud environmen...
Executing on the vision of Microsoft Threat Protection
Over the last several months, we’ve provided regular updates on the rapid progress we’re making with Microsoft Threat Protection, which enables your organization to: Protect your assets with identity-driven security and powerful conditional access policies which ensure your assets are secured fro...
The evolution of Microsoft Threat Protection, April update
Microsoft Threat Protection continues to energize the threat protection market with our most recent announcements. Customers are excited about the launch of Microsoft Defender Advanced Threat Protection ATP, which extends Microsoft’s best in class endpoint security to Mac and adds powerful new...
The evolution of Microsoft Threat Protection, February update
February is an exciting month of enhancements for Microsoft Threat Protection. For those who have followed our monthly updates November, December, and January, you’re aware that Microsoft Threat Protection helps provide users optimal security from the moment they sign in, use email, work on...
The evolution of Microsoft Threat Protection, December update
December was another month of significant development for Microsoft Threat Protection capabilities. As a quick recap, Microsoft Threat Protection is an integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and infrastructure. Last month, we shared...
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted public sector institutions and...