New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into a full compromise of your OS and...

Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact

GDPR, HIPAA, GLBA, all 50 U.S. States, and many countries have privacy breach reporting requirements. If an organization experiences a breach of customer or employee personal information, they must report it within the required time frame. The size and scope of this reporting effort can be massiv...

The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 1

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the first post of our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Jake Williams, Founder of...

Forcepoint and Microsoft: Risk-based access control for the remote workforce

This blog post is part of the Microsoft Intelligence Security Association MISA guest blog series. Learn more about MISA here. Adopting cloud-based services as part of an organization’s digital transformation strategy is no longer optional, its a necessity. Last year, only 18 percent of the...

Using Microsoft 365 Defender to protect against Solorigate

Microsoft security researchers continue to investigate and respond to the sophisticated cyberattack known as Solorigate also referred to as Sunburst by FireEye involving a supply chain compromise and the subsequent compromise of cloud assets. While the related investigations and impact assessment...

Advice for incident responders on recovery from systemic identity compromises

As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the community fight back against, harde...

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and...

Collaborative innovation on display in Microsoft’s insider risk management strategy

The disrupted work environment, in which enterprises were forced to find new ways to enable their workforce to work remotely, changed the landscape for operations as well as security. One of the top areas of concern is managing insider risks, a complex undertaking even before the pandemic, and ev...

A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture

In the last post, we discussed Office 365 and how enabling certain features without understanding all the components can lead to a false sense of security. We demonstrated how implementing a break glass account, multi-factor authentication MFA, and the removal of legacy authentication can help...

A breakthrough year for passwordless technology

As 2020 draws to a close, most of us are looking forward to putting this year in the rearview mirror. Since we depend even more on getting online for everything in our lives, we’re more than ready to be done with passwords. Passwords are a hassle to use, and they present security risks for users...

Becoming resilient by understanding cybersecurity risks: Part 2

In part one of this blog series, we looked at how being resilient to cybersecurity threats is about understanding and managing the organizational impact from the evolution of human conflict that has existed since the dawn of humanity. In part two of this series, we further explore the imperative ...

Terranova Security Gone Phishing Tournament reveals continued weak spot in cybersecurity

The Terranova Security annual Gone Phishing Tournament wrapped up in October 2020, spanning 98 countries and industries including healthcare, consumer goods, transport, energy, IT, finance, education, manufacturing, and more. Using templates created from actual phishing attacks created by Microso...

Ensuring customers are protected from Solorigate

Microsoft is monitoring a dynamic threat environment surrounding the discovery of a sophisticated attack that included compromised binaries from a legitimate software. These binaries, which are related to the SolarWinds Orion Platform, could be used by attackers to remotely access devices. We hav...

Siemens USA CISO: 3 essentials to look for in a cloud provider

In the latest episode of my series, The Shiproom, I spoke with Kurt John, Chief Cybersecurity Officer CISO at Siemens USA. Kurt is listed in Security Magazine’s Top 10 most influential cybersecurity leaders, and he also serves on a special cybersecurity committee organized by the...

New cloud-native breadth threat protection capabilities in Azure Defender

As the world adapts to working remotely, the threat landscape is constantly evolving, and security teams struggle to protect workloads with multiple solutions that are often not well integrated nor comprehensive enough. This results in serious threats avoiding detection, as well as security teams...

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat...

Building a Zero Trust business plan

These past six months have been a remarkable time of transformation for many IT organizations. With the forced shift to remote work, IT professionals have had to act quickly to ensure people continue working productively from home—in some cases bringing entire organizations online over a weekend...

EDR in block mode stops IcedID cold

We are happy to announce the general availability of endpoint detection and response EDR in block mode in Microsoft Defender for Endpoint. EDR in block mode turns EDR detections into real-time blocking of malicious behaviors, malware, and artifacts. It uses Microsoft Defender for Endpoint’s...

Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security

This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. You can learn more about MISA here. Cybercriminals have ramped up their initial compromises through phishing and pharming attacks using a variety of tools and tactics that, while numerous, are simple...

Deliver productive and seamless user experiences with Azure Active Directory

Several months into the COVID-19 pandemic, many of us are still working remotely, and our organizations are still adjusting. Top of mind for every IT leader in this current landscape is meeting users’ needs for seamless access to resources while safeguarding the business from cyber threats. The...

Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet

The accelerated rate of digital transformation we have seen this past year presents both challenges and endless opportunities for individuals, organizations, businesses, and governments around the world. Cybersecurity is the underpinning of helping protect these opportunities. By examining the...

Manage, govern, and get more value out of your data with Azure Purview

Data is the currency of today’s economy. Data is being created faster than ever in more locations than organizations can track. In fact, IDC has predicted that global data will grow to more than 175 zettabytes by 2025. To put that into context, that’s 175 trillion 1GB USB drives. At the same time...

Protect your SQL Server on-premises, in Azure, and in multicloud

Azure Defender for SQL is now generally available for use with SQL Server on premises, in multicloud deployments on Amazon Web Services AWS, and Google Cloud Platform GCP, and in virtual machines on Azure. Azure Defender for SQL constantly monitors your SQL Server for known vulnerabilities and...

Azure Sentinel achieves a Leader placement in Forrester Wave, with top ranking in Strategy

I’m thrilled to announce Forrester Research has named Microsoft Azure Sentinel as a “Leader” in The Forrester Wave: Security Analytics Platform Providers, Q4 2020. When we released Azure Sentinel almost a year ago—the industry’s first cloud-native SIEM on a major public cloud—our goal was to...

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent...

Zerologon is now detected by Microsoft Defender for Identity

There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to provide you with the best...

Go inside the new Azure Defender for IoT including CyberX

In 2020, the move toward digital transformation and Industry 4.0 took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational efficiency and reduce costs. But the cybersecurity model for operational technology OT was already shown to be...

Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management

Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory Azure AD has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide. Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guidin...

IoT security: how Microsoft protects Azure Datacenters

Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices. Security is the foundation for durable innovation and business resilience. Every industry investing in IoT must...

Modernize secure access for your on-premises resources with Zero Trust

Change came quickly in 2020. More likely than not, a big chunk of your workforce has been forced into remote access. And with remote work came an explosion of bring-your-own-device BYOD scenarios, requiring your organization to extend the bounds of your network to include the entire internet and...

Cyberattacks targeting health care must stop

In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Kore...

Gartner names Microsoft a Leader in the 2020 Magic Quadrant for Cloud Access Security Brokers

The past few months have changed the way we work in many ways, working from home, social distancing, and remote operations have all had impacts on our previously known ways of life. At Microsoft, we have been working hard to assist our customers adjust to this rapidly changing and evolving work...

Key layers for developing a Smarter SOC with CyberProof-managed Microsoft Azure security services

This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA here. Security teams are struggling to reduce the time to detect and respond to threats due to the complexity and volume of alerts being generated from multiple security...

Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs

The role of the Windows PC and trust in technology are more important than ever as our devices keep us connected and productive across work and life. Windows 10 is the most secure version of Windows ever, built with end-to-end security for protection from the edge to the cloud all the way down to...

Forrester TEI study: Azure Sentinel delivers 201 percent ROI over 3 years and a payback of less than 6 months

2020 has been a transitional year, ushering in broad changes in how, and where, we work. Security operations SecOps teams face more significant challenges than ever as they protect the organization in this rapidly changing environment. These teams need a flexible, cost-effective, and efficient...

System Management Mode deep dive: How SMM isolation hardens the platform

Ensuring that the platform firmware is healthy and trustworthy is fundamental to guaranteeing that powerful platform security features like Hypervisor-protected code integrity HVCI and Windows Defender Credential Guard are functioning as expected. Windows 10 achieves this by leveraging a...

Empowering employees to securely work from anywhere with an internet-first model and Zero Trust

Like many this year, our Microsoft workforce had to quickly transition to a work from the home model in response to COVID-19. While nobody could have predicted the world’s current state, it has provided a very real-world test of the investments we have made implementing a Zero Trust security mode...

Extend data loss prevention to your devices with Microsoft Endpoint Data Loss Prevention, now generally available

Microsoft Endpoint Data Loss Prevention Endpoint Data Loss Prevention DLP | What it is and how to set it up in Microsoft 365. Watch today Managing and protecting data is critical to any organization. Data is growing exponentially, and remote work is making it even harder to manage risks around...

Microsoft recognized as a Leader in the 2020 Gartner Magic Quadrant for Enterprise Information Archiving

Organizations face an increasing volume of data generated daily and ever-evolving regulations around how that data is managed. To help navigate this complex information landscape, we are focused on delivering integrated, intelligent, and user-centric solutions. Over the past few years, we...

It’s Cybersecurity Awareness Month and there is still a lot to do

October is National Cyber Security Awareness Month NCSAM. And there is still a lot to do! For the last 17 years, the National Cybersecurity Awareness Month NCSAM campaign, driven by the Department of Homeland Security, has raised awareness about the importance of cyber security across the Nation...

Unilever CISO on balancing business risks with cybersecurity

Imagine showing up to work every day knowing that your job requires protecting 160,000 employees creating more than 450 products around the world—tea, ice cream, personal care, laundry and dish soaps—across a customer base of more than two and a half billion people every day. Unilever Chief...

Back to the future: What the Jericho Forum taught us about modern security

Some of the earliest formal work on what we now call Zero Trust started around in a security consortium known as the Jericho Forum which later merged into The Open Group Security Forum. This started as a group of like-minded CISOs wrestling with the limitations of the dominant and unquestioned...

Cyberattacks against machine learning systems are more common than you think

Machine learning ML is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses, eager to capitalize on advancements in ML, have not scrutinized the security of their ML systems. Today, along with...

Addressing cybersecurity risk in industrial IoT and OT

As the industrial Internet of Things IIoT and operational technology OT continue to evolve and grow, so too, do the responsibilities of the Chief Information Security Officer CISO. The CISO now needs to mitigate risks from cloud-connected machinery, warehouse systems, and smart devices scattered...

CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats

This year, we have seen five significant security paradigm shifts in our industry. This includes the acknowledgment that the greater the diversity of our data sets, the better the AI and machine learning outcomes. This diversity gives us an advantage over our cyber adversaries and improves our...

Announcing the Zero Trust Deployment Center

Organizations have been digitally transforming at warp speed in response to the way businesses operate and how people work. As a result, digital security teams have been under immense pressure to ensure their environments are resilient and secure. Many have turned to a Zero Trust security model t...

CISO Stressbusters: 7 tips for weathering the cybersecurity storms

An essential requirement of being a Chief Information Security Officer CISO is stakeholder management. In many organizations, security is still seen as a support function; meaning, any share of the budget you receive may be viewed jealously by other departments. Bringing change to an organization...

Security Unlocked—A new podcast exploring the people and AI that power Microsoft Security solutions

It’s hard to keep pace with all the changes happening in the world of cybersecurity. Security experts and leaders must continue learning and unlearning to stay ahead of the ever-evolving threat landscape. In fact, many of us are in this field because of our desire to continuously challenge...

Becoming resilient by understanding cybersecurity risks: Part 1

All risks have to be viewed through the lens of the business or organization. While information on cybersecurity risks is plentiful, you can’t prioritize or manage any risk until the impact and likelihood to your organization is understood and quantified. This rule of thumb on who should be...

Advanced protection for web applications in Azure with Radware’s Microsoft Security integration

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA here. The state of application security Companies face a wide range of security challenges, such as Open Source Foundation for Application Security Project OWASP vulnerabilities,...