Discover a new era of security with Microsoft at RSAC 2023

We’re thrilled to participate and connect with you at RSA Conference 2023 RSAC from April 23 to 27, 2023, in San Francisco. Join your security peers as we welcome you to the new era of security—shaped by the power of OpenAI’s GPT-4 generative AI—and introduce to you the recently announced Microso...

Microsoft Incident Response Retainer is generally available

The task of securing organizations is constantly changing and getting more complex. Many organizations don’t have the time, resources, or expertise to build an in-house incident response program. For customers that want help remediating an especially complex breach or avoiding one altogether,...

Gain real-time identity protection with Microsoft and Recorded Future

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. You’ve implemented multifactor authentication for access to your enterprise network. But what if multifactor authentication isn’t as foolproof as you’re hoping? Are you comfortable...

Microsoft shifts to a comprehensive SaaS security solution

Software as a service SaaS apps are ubiquitous, hybrid work is the new normal, and protecting them and the important data they store is a big challenge for organizations. Today, 59 percent of security professionals find the SaaS sprawl challenging to manage1 and have identified cloud...

Introducing Adaptive Protection in Microsoft Purview—People-centric data protection for a multiplatform world

At Microsoft, we never stop working to protect you and your data. If the evolving cyberattacks over the past three years have taught us anything, it’s that threat actors are both cunning and committed. At every level of your enterprise, attackers never stop looking for a way in. The massive...

Microsoft Defender Experts for Hunting demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations for Managed Services

Microsoft Defender Experts for Hunting, our newest managed threat hunting service, delivered industry-leading results during the inaugural MITRE Engenuity ATT&CK® Evaluations for Managed Services. We provided a seamless, comprehensive, and rapid response to the simulated attack using expert-led...

Stopping C2 communications in human-operated ransomware through network protection

Command-and-control C2 servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading and launching payloads, controlling botnets, or commanding post-exploitation penetration frameworks ...

Cybersecurity awareness tips from Microsoft to empower your team to #BeCyberSmart

October is Cybersecurity Awareness Month, and I’m excited about what Microsoft and our partners in the industry have planned to help everyone stay CyberSmart. 2022 may have offered some respite from the previous year’s rush to enable a remote and hybrid workforce, but the increased use of persona...

Vulnerability in TikTok Android app could lead to one-click account hijacking

Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. The vulnerability, which would have required several issues to be chained together to exploit, has been fixed and we did not...

Industrial systems: What it takes to secure and staff them

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Patrick C. Miller,...

Why strong security solutions are critical to privacy protection

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Ann Cavoukian,...

The future of compliance and data governance is here: Introducing Microsoft Purview

The worldwide shift to a hybrid workplace has pushed us all to embrace ubiquitous connectivity. Those new connections have helped us become more collaborative; routinely editing and sharing documents in real-time from wherever we happen to be working. Instant messaging went from being a tool of...

What’s Next in Security from Microsoft

One of the biggest challenges in security today is complexity. Not only is there an ever-growing number of threats, but many organizations are defending their companies with a patchwork of security solutions that don’t work well together. This piecemeal approach is costly, less secure, and hinder...

How CISOs are preparing to tackle 2022

Looking back over the last year, the security landscape has continued to experience significant change and escalation. Every day, we see the toll this is taking on organizations of all sizes as they navigate the enduring challenges of the pandemic, the expansion of the digital estate, and the...

Microsoft unpacks comprehensive security at Gartner and Forrester virtual events

Every day, Microsoft is committed to maintaining comprehensive security for all across our interconnected global community. With that purpose in mind, we recently sponsored the 2021 Gartner Security and Risk Summit and 2021 Forester Security and Risk Forum, where we discussed ongoing changes in t...

Enable secure remote work, address regulations and uncover new risks with Microsoft Compliance

As we talk with a broad range of customers in the current environment, we hear some consistent challenges businesses are facing. With so many remote workers, people are creating, sharing, and storing data in new ways, which fosters productivity, but can also introduce new risks. A recent Microsof...

Accelerate your adoption of SIEM using Azure Sentinel and a new offer from Microsoft

Take advantage of the efficiency benefits of Cloud-native SIEM using Azure Sentinel Today, security needs are evolving faster than ever—and the importance of being agile and cost-effective has never been clearer. Security teams need to get more done, faster, with less budget. On-premises security...

New study shows customers save time, resources and improve security with Microsoft Cloud App Security

The global pandemic has forever changed our workplaces and reshaped our cybersecurity priorities. While in recent months cloud apps have helped people around the globe stay productive and connected. They also pose an increased cybersecurity risk to businesses large and small, especially when you...

Afternoon Cyber Tea: Cybersecurity & IoT: New risks and how to minimize them

Recently, Microsoft announced our acquisition of CyberX, a comprehensive network-based security platform with continuous threat monitoring and analytics. This solution builds upon our commitment to provide a unified IoT security solution that addresses connected devices spread across both...

Securing the future of AI and machine learning at Microsoft

Artificial intelligence AI and machine learning are making a big impact on how people work, socialize, and live their lives. As consumption of products and services built around AI and machine learning increases, specialized actions must be undertaken to safeguard not only your customers and thei...

Overview of Petya, a rapid cyberattack

In the first blog post of this 3-part series, we introduced what rapid cyberattacks are and illustrated how they are different in terms of execution and outcome. Next, we will go into some more details on the Petya aka NotPetya attack. How Petya worked The Petya attack chain is well understood,...

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit DCU, announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the...

Detecting reflective DLL loading with Windows Defender ATP

Today's attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach weve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Serve...

Analysis of Storm-0558 techniques for unauthorized email access

Executive summary On July 11, 2023, Microsoft published two blogs detailing a malicious campaign by a threat actor tracked as Storm-0558 that targeted customer email that weve detected and mitigated: Microsoft Security Response Center and Microsoft on the Issues. As we continue our investigation...

XDR meets IAM: Comprehensive identity threat detection and response with Microsoft

Identity has become the corporate security perimeter. The average organization used 130 different cloud applications in 2022. That’s up 18 percent from 2021 alone.1 And as organizations continue to embrace digital transformation and enable remote work, they look to identity and access management...

Microsoft shifts to a new threat actor naming taxonomy

April 19, 2023 update – We have published a JSON file mapping old threat actor names with their new names in the updated taxonomy, summarized here: https://aka.ms/threatactors. We also added hunting queries that Microsoft customers can use while transitioning to the new taxonomy. See the Resource...

Protect intellectual property with Govern 365 and Microsoft Purview

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Global supply chains face a broad range of risks, from physical threats to cybersecurity threats. Sharing information with suppliers is essential for the supply chain to function...

Mitigate risk by integrating threat modeling and DevOps processes

Agile and DevOps are without any doubt two of the biggest security trends of recent years. The rapid rise of the cloud has only fueled the need for flexibility and dynamicity. Therefore, it’s natural for developers and organizations to seek methodologies and tools for addressing new requirements...

Secure your business like you secure your home: 5 steps to protect against cybercrime

Running a business requires a lot of determination and sometimes a leap of faith. Every day brings a new challenge, and many times it can feel like the stress and uncertainty are too much. That’s when you remind yourself why you took the leap—the satisfaction of realizing your own vision—and you...

Microsoft Intune: 5 endpoint management predictions for 2023

The end of the year typically brings with it a small library of reports with predictions for the year ahead. The value in these reports is less in the precise predictions themselves—given how interconnected the world is, no one has a perfect crystal ball. Rather, the forecasts help frame the...

Identifying cyberthreats quickly with proactive security testing

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matthew Hickey,...

Cybersecurity awareness tips from Microsoft to empower your team to #BeCyberSmart

October is Cybersecurity Awareness Month, and I’m excited about what Microsoft and our partners in the industry have planned to help everyone stay CyberSmart. 2022 may have offered some respite from the previous year’s rush to enable a remote and hybrid workforce, but the increased use of persona...

Improving AI-based defenses to disrupt human-operated ransomware

Microsoft’s deep understanding of human-operated ransomware attacks, which are powered by a thriving cybercrime gig economy, continuously informs the solutions we deliver to protect customers. Our expert monitoring of threat actors, investigations into real-world ransomware attacks, and the...

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could help new defenders...

This World Password Day consider ditching passwords altogether

Did you know that May 5, 2022, is World Password Day?1 Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to...

A clearer lens on Zero Trust security strategy: Part 1

Todays world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the...

Why decentralization is the future of digital identities

Our identity is increasingly becoming digitized—more of our hard copy credentials are converting into digital formats. We use these digital credentials to work, learn, play, socialize, shop, and consume services online and offline every day. It’s so convenient and expected now to be able to have...

Gartner® names Microsoft a Leader in the 2022 Magic Quadrant™ for Enterprise Information Archiving

With data doubling every two years, it is more critical than ever to have simple and integrated tools to understand and manage risks to an organization. As more people work remotely, users collaborate and store data in different locations. These secular trends offer new possibilities in how work...

Discover 3 ways to take a holistic approach to data protection

The risk landscape for organizations has changed significantly in the past few years. Traditional ways of identifying and mitigating risks simply don’t work. While traditionally, organizations have focused on external threats, risks from within the organization are just as prevalent and harmful...

Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study

In the last two years, we’ve seen a staggering increase in the adoption of cloud-based services, remote work solutions, bring your own device BYOD, and IoT devices as organizations digitally transform themselves to enable a hybrid workforce.1 Zero Trust has become the essential security strategy...

Align your security and network teams to Zero Trust security demands

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Jennifer Minella, Founder and...

New research shows IoT and OT innovation is critical to business but comes with significant risks

The need for much improved IoT and operational technology OT cybersecurity became clearer this year with recent attacks on network devices,1 surveillance systems,2 an oil pipeline,3 and a water treatment facility,4 to name a few examples. To better understand the challenges customers are facing,...

New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure

In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused a massive disruption of the fuel...

AI-driven adaptive protection against human-operated ransomware

In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we...

How to assess and improve the security culture of your business

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cygenta Co-founder and Co-Chief...

Why diversity is important for a strong cybersecurity team

Medicine. Aeronautics. Academia. When you’re a cybersecurity professional, the colleague next to you could have started in one of these industries—or just about any other you can imagine. The backgrounds of cybersecurity professionals are more diverse than those of professionals in other...

One simple action you can take to prevent 99.9 percent of attacks on your accounts

There are over 300 million fraudulent sign-in attempts to our cloud services every day. Cyberattacks aren’t slowing down, and it’s worth noting that many attacks have been successful without the use of advanced technology. All it takes is one compromised credential or one legacy application to...

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Over the past year, Microsoft observed the persistent growth and operational sophistication of Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors to target various industries. Our investigation into Lumma Stealer’s distribution infrastructure reveals a...