Cybersecurity Reference Architecture: Security for a Hybrid Enterprise

The Microsoft Cybersecurity Reference Architecture describes Microsofts cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We recently updated this diagram and wanted to share a little bit about the changes and the document itself to help you...

Enhancing Office 365 Advanced Threat Protection with detonation-based heuristics and machine learning

Email, coupled with reliable social engineering techniques, continues to be one of the primary entry points for credential phishing, targeted attacks, and commodity malware like ransomware and, increasingly in the last few months, cryptocurrency miners. Office 365 Advanced Threat Protection ATP...

Announcing: new British Standard for cyber risk and resilience

Technology is an integral part of the fabric of everyday life. There is almost no organization that does not rely on digital services in some way in order to survive. The opportunity that technology provides also brings with it more vulnerabilities and threats as organizations and data become mor...

New browser extensions for integrating Microsoft’s hardware-based isolation

The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox. We introduced the container technology in 2017. Since then, we have been evolving the technology and...

The role that regions can and should play in critical infrastructure protection

Todays report, Critical Infrastructure Protection in Latin America and the Caribbean 2018, developed in partnership between Microsoft and the Organization of American States OAS, demonstrates the value of regional cooperation in global efforts to increase the security of the online environment...

Microsoft Digital Defense Report shares new insights on nation-state attacks

Microsoft is proud to promote Cybersecurity Awareness Month as part of our ongoing commitment to security for all. Year-round, Microsoft tracks nation-state threat activities to help protect organizations and individuals from these advanced persistent actors. We’re constantly improving our...

Protecting your data and maintaining compliance in a remote work environment

In this difficult time, remote work is becoming the new normal for many companies around the world. Employees are using tools like Microsoft Teams to collaborate, chat, and connect in new ways to try to keep their businesses moving forward amidst the challenging global health crisis. I sincerely...

Safeguard your most sensitive data with Microsoft 365

I am Security Operations’ SecOps worst nightmare. Or at least I used to be. As an industrious product marketer, I often share intellectual property think: details of new product capabilities or spreadsheets that contain customer personal identifying information PII with colleagues and vendors. We...

Step 8. Protect your documents and email: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 8. Protect your documents and email,” you’ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat...

Uncursing the ncurses: Memory corruption vulnerabilities found in library

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces TUI. Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface POSIX operating...

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...

Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

In September 2019, MITRE evaluated Microsoft Threat Protection MTP and other endpoint security solutions. The ATT&CK evaluation lasted for three days, with a professional red team from MITRE emulating many advanced attack behaviors used by the nation-state threat group known as YTTRIUM APT29. Aft...

Cyber-risk assessments—the solution for companies in the Fourth Industrial Revolution

Technology continues to play a critical role in shaping the global risks landscape for individuals, governments, and businesses. According to the World Economic Forum's Global Risks Report 2020, cyberattacks are ranked as the second risk of greatest concern for business globally over the next 10...

Top 6 email security best practices to protect against phishing attacks and business email compromise

Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency...

The evolution of Microsoft Threat Protection—July update

Modern security teams need to proactively, efficiently, and effectively hunt for threats across multiple attack vectors. To address this need, today we’re excited to give you a glimpse of a new threat hunting capability coming soon to Microsoft Threat Protection. Building off the threat hunting...

Announcing the all new Attack Surface Analyzer 2.0

Few of us know what is really happening on our systems when we install new software from new or untrusted sources. This is important because most installation processes require elevated privileges, which can lead to undesired system configuration changes. Knowing what changes have been made is...

The challenges of adopting a consistent cybersecurity framework in the insurance industry

As hacking events have increased in number and severity, we in the cybersecurity community have united around common strategies that all organizations can implement to reduce their risk. Universal best practices provide organizations with many useful tools to protect their businesses. But what...

Zero Trust part 1: Identity and access management

Once in a while, a simple phrase captures our imagination, expressing a great way to think about a problem. Zero Trust is such a phrase. Today, Ill define Zero Trust and then discuss the first step to enabling a Zero Trust modelstrong identity and access management. In subsequent blogs, well cove...

Microsoft AI competition explores the next evolution of predictive technologies in security

Predictive technologies are already effective at detecting and blocking malware at first sight. A new malware prediction competition on Kaggle will challenge the data science community to push these technologies even furtherto stop malware before it is even seen. The Microsoft-sponsored competiti...

Voice of the Customer: The Walsh Group found that Azure Active Directory gives them a competitive edge

Peter Vallianatos, director of IT Infrastructure and Security, and Phillip Nottoli, director of Enterprise Architecture at The Walsh Group. Hello! This is Sue Bohn from the Customer & Partner Success team for the Identity Division. Im delighted to announce the next post in our Voice of the Custom...

Microsoft partners with DigiCert to begin deprecating Symantec TLS certificates

Starting in September 2018, Microsoft began deprecating the SSL/TLS capability of Symantec root certificates due to compliance issues. Google, Mozilla, and Apple have also announced deprecation plans related to Symantec SSL/TLS certificates. Symantec cryptographic certificates are used in critica...

Migrating content from traditional SIEMs to Azure Sentinel

In part two of this three-part series, we covered the five types of side-by-side security information and event management SIEM configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and...

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go...

Guarding against supply chain attacks—Part 1: The big picture

Every day, somewhere in the world, governments, businesses, educational organizations, and individuals are hacked. Precious data is stolen or held for ransom, and the wheels of “business-as-usual” grind to a halt. These criminal acts are expected to cost more than $2 trillion in 2019, a four-fold...

Foundations of Microsoft Flow—secure and compliant automation, part 1

Automation services are steadily becoming significant drivers of modern IT, helping improve efficiency and cost effectiveness for organizations. A recent McKinsey survey discovered that “the majority of all respondents 57 percent say their organizations are at least piloting the automation of...

Lessons learned from the Microsoft SOC—Part 2: Organizing people

In the second post in our series, we focus on the most valuable resource in the security operations center SOC—our people. This series is designed to share our approach and experience with operations, so you can use what we learned to improve your SOC. In Part 1: Organization, we covered the SOC’...

Introducing the security configuration framework: A prioritized guide to hardening Windows 10

In the past, we left defining the security configuration for Windows 10 as a task for every customer to sort out. As a result, we saw as many different configurations as we saw customers. Standardization has many advantages, so we developed a security configuration framework to help simplify...

How to help maintain security compliance

This is the last post in our eight-blog series on deploying Intelligent Security scenarios. To read the previous entries, check out the Deployment series page. Your employees need to access, generate, and share organizational information ranging from extremely confidential to informal; you must...

Ignite 2018 highlights: password-less sign-in, confidential computing, new threat protection, and more

What a week it was in Orlando! Ignite is always a biggie, and this one was no exception. For all of us here at Microsoft who get to work on security, spending time with customers to learn how you are using our security products today and to share new innovations to come is a highlight. At this...

Data classification and protection now available for structured data in SQL

This post is authored by Gilad Mittelman, Senior Program Manager, SQL Data Security. Data privacy and data security have become one of the most prominent topics in organizations in almost every industry across the globe. New regulations that formalize requirements are emerging around these topics...

The final compliance countdown: Are you ready for GDPR?

On May 25, the General Data Protection Regulation GDPR will replace the Data Protection Directive as the new standard on data privacy for all organizations that do business with European Union EU citizens.1When GDPR goes into effect, government agencies and organizations that control, maintain, o...

Investing in the right innovation

RSA is around the corner which means tens of thousands of people will descend on Moscone Center in San Francisco, CA. Hundreds of innovative young companies will look for customers, props, and capital especially at the Early Stage Expo!. Venture capitalists will look for opportunities to invest a...

Microsoft recognized as a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021

In this new world of hybrid work, organizations face an increasing volume of data, ever-evolving regulations around how that data is protected, and an evolving complexity and frequency of data security breaches. To help our customers navigate this complex data landscape, we are focused on...

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers CASB. The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security...

Threat hunting: Part 1—Why your SOC needs a proactive hunting team

Cybersecurity can often feel like a game of whack-a-mole. As our tools get better at stopping one type of attack, our adversaries innovate new tactics. Sophisticated cybercriminals burrow their way into network caverns, avoiding detection for weeks or even months, as they gather information and...

Threat hunting in Azure Advanced Threat Protection (ATP)

As members of Microsoft’s Detection and Response Team DART, we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult as you...

Your password doesn’t matter—but MFA does!

Your pa$$word doesn’t matter—Multi-Factor Authentication MFA is the best step you can take to protect your accounts. Using anything beyond passwords significantly increases the costs for attackers, which is why the rate of compromise of accounts using any MFA is less than 0.1 percent of the gener...

Practical application of artificial intelligence that can transform cybersecurity

As I write this blog post, Im sitting by the beach on my computer in a sunny destination while my family plays in the water. Were on vacation, but we all have our own definition of fun. For me its writing blogs on the beachreally! The headspace is outstanding for uninterrupted thinking time and...

Kicking off the Microsoft Graph Security Hackathon

Cybersecurity is one of the hottest sectors in tech with Gartner forecasting worldwide information spending to exceed $124 billion by the end of 2019. New startups and security solutions are coming onto the market while attackers continue to find new ways to breach systems. The security solutions...

Filling the gaps in international law is essential to making cyberspace a safer place

A month ago, on the sidelines of the Munich Security Conference, Microsoft organized an expert workshop to discuss gaps in international law as it applies to cyberspace. We were fortunate enough to bring together twenty leading stakeholders, including international legal experts, United Nations...

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest untrusted text, download and execute skills i.e. code from external sources, and perform actions usin...

ACTINIUM targets Ukrainian organizations

The Microsoft Threat Intelligence Center MSTIC is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. MSTIC previously tracked ACTINIUM activi...

Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection

Microsoft has discovered a vulnerability that could allow an attacker to bypass System Integrity Protection SIP in macOS and perform arbitrary operations on a device. We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. We shared...

Microsoft at Black Hat 2021: Sessions, bug bounty updates, product news, and more

Black Hat USA 2021 is about understanding the needs of security professionals and meeting you where you are. With last year’s pandemic-related firefighting still fresh in our minds, this year’s event will provide a welcome respite to learn about cutting-edge security solutions, build our skillset...

Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT

Cryptocurrency mining—once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources—has been on the rise in recent years. This increase in cryptocurrency mining activity is driven by the increasing value of cryptocurrencies like Bitcoin, the growth in...

Sophisticated cybersecurity threats demand collaborative, global response

Microsoft’s response to Solorigate Since December, the United States, its government, and other critical institutions including security firms have been addressing the world’s latest serious nation-state cyberattack, sometimes referred to as ‘Solorigate’ or ‘SUNBURST.’ As we shared earlier this i...

Forcepoint DLP integration with Microsoft Information Protection—protecting your critical data

Many organizations are undergoing a rapid digital transformation that is challenging their traditional approach to data security. Organizations in highly regulated industries or who partner with organizations in regulated industries are often faced with accelerated timelines and requirements to...

Securing the modern workplace with Microsoft 365 threat protection – part 4

This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security. Responding to ransomware in the Modern Workplace Over the last few weeks, we have shared the roots of Microsoft 365 threat protection and how Microsoft 365 threat protection helps protect against and...

Why Windows Defender Antivirus is the most deployed in the enterprise

Statistics about the success and sophistication of malware can be daunting. The following figure is no different: Approximately 96% of all malware is polymorphic meaning that it is only experienced by a single user and device before it is replaced with yet another malware variant. This is because...

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...