1504 matches found
Microsoft’s 5 guiding principles for decentralized identities
Three years ago, as part of Microsoft’s mission to empower people and organizations to achieve more, we announced that we were incubating a new set of decentralized identity technologies based on a simple vision: Each of us needs a digital identity we own, one which securely and privately stores...
Windows 11 offers chip to cloud protection to meet the new security challenges of hybrid work
As the world has changed over the past 18-months, companies have been wrestling with ways to keep employees and data protected as they support new ways of hybrid working. We built Windows 11 to be the most secure Windows yet with built-in chip to cloud protection that ensures company assets stay...
The passwordless future is here for your Microsoft account
Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games. We are expected to create complex and unique passwords,...
A breakthrough year for passwordless technology
As 2020 draws to a close, most of us are looking forward to putting this year in the rearview mirror. Since we depend even more on getting online for everything in our lives, we’re more than ready to be done with passwords. Passwords are a hassle to use, and they present security risks for users...
Becoming resilient by understanding cybersecurity risks: Part 1
All risks have to be viewed through the lens of the business or organization. While information on cybersecurity risks is plentiful, you can’t prioritize or manage any risk until the impact and likelihood to your organization is understood and quantified. This rule of thumb on who should be...
Why we invite security researchers to hack Azure Sphere
Fighting the security battle so our customers don’t have to IoT devices are becoming more prevalent in almost every aspect of our lives—we will rely on them in our homes, our businesses, as well as our infrastructure. In February, Microsoft announced the general availability of Azure Sphere, an...
Microsoft Zero Trust deployment guide for your applications
Introduction More likely than not, your organization is in the middle of a digital transformation characterized by increased adoption of cloud apps and increased demand for mobility. In the age of remote work, users expect to be able to connect to any resource, on any device, from anywhere in the...
Empower your analysts to reduce burnout in your security operations center
Effective cybersecurity starts with a skilled and empowered team. In a world with more remote workers and an evolving threat landscape, you need creative problem solvers defending your organization. Unfortunately, many traditional security organizations operate in a way that discourages growth,...
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption
Attackers, confronted by security technologies that prevent memory corruption, like Code Integrity CI and Control Flow Guard CFG, are expectedly shifting their techniques towards data corruption. Attackers use data corruption techniques to target system security policy, escalate privileges, tampe...
The psychology of social engineering—the “soft” side of cybercrime
Forty-eight percent of people will exchange their password for a piece of chocolate,1 91 percent of cyberattacks begin with a simple phish,2 and two out of three people have experienced a tech support scam in the past 12 months.3 What do all of these have in common? They make use of social...
11 security tips to help stay safe in the COVID-19 era
The COVID-19 pandemic has changed our daily routines, the ways we work, and our reliance on technology. Many of us are now working remotely, students are attending classes virtually, and we’re relying more on social media and social networks to stay connected as we define what our new normal look...
Data privacy is about more than compliance—it’s about being a good world citizen
Happy Data Privacy Day! Begun in 2007 in the European Union E.U. and adopted by the U.S. in 2008, Data Privacy Day is an international effort to encourage better protection of data and respect for privacy. It’s a timely topic given the recent enactment of the California Consumer Privacy Act CCPA...
How to secure your IoT deployment during the security talent shortage
Businesses across industries are placing bigger and bigger bets on the Internet of Things IoT as they look to unlock valuable business opportunities. But time and time again, as I meet with device manufacturers and businesses considering IoT deployments, there are concerns over the complexity of...
The evolution of Microsoft Threat Protection, April update
Microsoft Threat Protection continues to energize the threat protection market with our most recent announcements. Customers are excited about the launch of Microsoft Defender Advanced Threat Protection ATP, which extends Microsoft’s best in class endpoint security to Mac and adds powerful new...
Want better apps? You need a (agile security) hero!
If weve learned anything from the rise of Marvel Cinematic Universe, its that good things tend to happen when heroes intervene. For securing new applications, this metaphor is a useful one because security isnt always top-of-mind for scrum teams, nor is it always conducive to meeting aggressive...
How to connect with Microsoft Security at Black Hat USA 2023
Now in its twenty-sixth year, Black Hat USA takes place August 5 to 10, 2023, at Mandalay Bay in Las Vegas, Nevada, bringing together security professionals for the latest in information security research, development, and trends. Microsoft Security is pleased to have a presence at Black Hat, wit...
Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...
Stop Ransomware with Microsoft Security digital event presents threat intelligence in action
One of the biggest challenges in security today is visibility. And by visibility, I don’t just mean keeping an eye on ever-evolving cyberthreats, but also seeing your own security environment clearly—especially where you’re vulnerable. For defenders who are working hard to manage threats across...
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based...
A simpler, more integrated approach to data governance
It’s no secret that the volume of data created by organizations and people multiplies daily. And, in the digital—and hybrid work—world we live in, that data is spread across more tools, platforms, devices, and clouds than ever before, creating regulatory challenges and security risks. Organizatio...
Microsoft a Leader in 2021 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools
In today’s changing business world, where flexibility is more crucial than ever, we’re honored that Gartner has again recognized Microsoft as a Leader in the Magic Quadrant for Unified Endpoint Management UEM Tools1. Over the last 18 months, millions of employees worldwide have had to shift their...
Forrester names Microsoft a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021
I am thrilled to share that Forrester Research has named Microsoft Cloud App Security as a Leader in The Forrester Wave: Cloud Security Gateways, Q2 2021. Additionally, Microsoft received the highest score in the strategy category. People have increasingly used cloud apps to stay productive and...
Mitigate OT security threats with these best practices
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...
Securing and governing data in a new hybrid work reality
The past year has led to an evolution in not only how we think about work, but more importantly, where work gets done. Arguably, gone are the days that your organization’s data is limited to the protected confines of your corporate network as your people continue to work remotely, return in some...
Terranova Security Gone Phishing Tournament reveals continued weak spot in cybersecurity
The Terranova Security annual Gone Phishing Tournament wrapped up in October 2020, spanning 98 countries and industries including healthcare, consumer goods, transport, energy, IT, finance, education, manufacturing, and more. Using templates created from actual phishing attacks created by Microso...
5 cybersecurity paradigm shifts that will lead to more inclusive digital experiences
Whether responding to a natural disaster, defending against a cyberattack, or meeting the unprecedented demands to enable the largest workforce in history to work remotely, we amplify our human capacity through technology. At Microsoft, cybersecurity is the underpinning to helping organizations...
Welcoming more women into cybersecurity: the power of mentorships
From the way our industry tackles cyber threats, to the language we have developed to describe these attacks, I’ve long been a proponent to challenging traditional schools of thought—traditional cyber-norms—and encouraging our industry to get outside its comfort zones. It’s important to expand ou...
Guarding against supply chain attacks—Part 3: How software becomes compromised
Do you know all the software your company uses? The software supply chain can be complex and opaque. It’s comprised of software that businesses use to run operations, such as customer relationship management CRM, enterprise resource planning ERP, and project management. It also includes the...
Get security beyond Microsoft products with Microsoft 365
Over time, organizations and individuals acquire stuff. Things we love and things we need. Things we don’t need but can’t seem to get rid of. I was confronted with this challenge when we bought a 1908 craftsman home. How could I make my beloved modern furniture and mandatory kid-friendly gear wor...
Running OpenClaw safely: identity, isolation, and runtime risk
Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest untrusted text, download and execute skills i.e. code from external sources, and perform actions usin...
Introducing kernel sanitizers on Microsoft platforms
As part of Microsoft’s commitment to continuously raise security baselines, we have been introducing innovations to the foundation of the chip-to-cloud security outlined in the Windows 11 Security Book. Strong foundational security enables us to build defenses from the ground up and develop...
Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report
We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...
The art and science behind Microsoft threat hunting: Part 2
We discussed Microsoft Detection and Response Team’s DART threat hunting principles in part 1 of The art and science behind Microsoft threat hunting blog series. In this follow-up post, we will talk about some general hunting strategies, frameworks, tools, and how Microsoft incident responders wo...
How a leading Microsoft engineer extends culture to service resiliency
It’s hard to underestimate the impact that people can have on us in our formative years. Huiwen Ru, who spent several years working in identity and access management and is now a Principal Software Engineering Manager on the Singularity team at Microsoft, is a living example of how important...
Secure unmanaged devices with Microsoft Defender for Endpoint now
As we have entered into new hybrid work environments, businesses need to think about how they will proactively protect their organizations from the influx of new or “bring your own” BYO connected devices. This new normal has exposed the most challenging cybersecurity landscape we’ve ever...
How to build a successful application security program
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...
Protecting multi-cloud environments with Azure Security Center
We’ve heard from many of you that multi-cloud adoption is becoming a standard operating model for your organization and that it’s challenging to have the right security controls and posture across your environment. Historically, security teams have not had effective tools to secure multi-cloud...
Azure Sentinel achieves a Leader placement in Forrester Wave, with top ranking in Strategy
I’m thrilled to announce Forrester Research has named Microsoft Azure Sentinel as a “Leader” in The Forrester Wave: Security Analytics Platform Providers, Q4 2020. When we released Azure Sentinel almost a year ago—the industry’s first cloud-native SIEM on a major public cloud—our goal was to...
Why integrated phishing-attack training is reshaping cybersecurity—Microsoft Security
Phishing is still one of the most significant risk vectors facing enterprises today. Innovative email security technology like Microsoft Defender for Office 365 stops a majority of phishing attacks before they hit user inboxes, but no technology in the world can prevent 100 percent of phishing...
Rethinking IoT/OT Security to Mitigate Cyberthreats
We live in an exciting time. We’re in the midst of the fourth industrial revolution—first steam, followed by electricity, then computers, and, now, the Internet of Things. A few years ago, IoT seemed like a futuristic concept that was on the distant horizon. The idea that your fridge would be...
Gartner announces the 2020 Magic Quadrant for Unified Endpoint Management
I’m excited to announce that, last week, Gartner listed Microsoft as a Leader in its 2020 Magic Quadrant for Unified Endpoint Management. You can read the entire report here, and you can see a snapshot of the Magic Quadrant below. You will note that we improved on both the “Ability to Execute” an...
Preventing data loss and mitigating risk in today’s remote work environment
The shift to remote work over the past few months has increased the need for organizations to re-evaluate their security and risk management practices. With employees accessing corporate data at times on home computers or sharing and collaborating in new ways, organizations could be at greater ri...
UEFI scanner brings Microsoft Defender ATP protection to a new level
Microsoft Defender Advanced Threat Protection Microsoft Defender ATP is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface UEFI scanner. Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutio...
CISO stress-busters: post #1 overcoming obstacles
As part of the launch of the U.S. space program’s moon shot, President Kennedy famously said we do these things “not because they are easy, but because they are hard.” The same can be said for the people responsible for security at their organizations; it is not a job one takes because it is easy...
Welcoming and retaining diversity in cybersecurity
I doubt I’d be in the role I am now if leaders at one of my first jobs hadn’t taken an interest in my career. Although I taught myself to code when I was young, I graduated from college with a degree in English Literature and began my post-college career in editorial. I worked my way up to...
Changing the monolith—Part 1: Building alliances for a secure culture
Any modern security expert can tell you that we’re light years away from the old days when firewalls and antivirus were the only mechanisms of protection against cyberattacks. Cybersecurity has been one of the hot topics of boardroom conversation for the last eight years, and has been rapidly...
The language of InfoSec
As the cybersecurity industry has evolved, one dynamic has remained consistent: our industry-"speak". We use a language that is very unique, difficult for new folks to understand, and oftentimes just plain sensationalistic. While any industry has its own technical terms, our language can also be ...
Exploitation of CLFS zero-day leads to ransomware activity
Microsoft Threat Intelligence Center MSTIC and Microsoft Security Response Center MSRC have discovered post-compromise exploitation of a zero-day elevation of privilege vulnerability in the Windows Common Log File System CLFS against a small number of targets. The targets include organizations in...
Threat actors misuse OAuth applications to automate financially driven attacks
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for token-based authentication and authorization that enables applications to get access to data and resources based on permissions set by a user. Threat actors compromi...