Trickbot disrupted

As announced today, Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure. As a result, operators will no longer be able to use...

Sophisticated new Android malware marks the latest evolution of mobile ransomware

Attackers are persistent and motivated to continuously evolve – and no platform is immune. That is why Microsoft has been working to extend its industry-leading endpoint protection capabilities beyond Windows. The addition of mobile threat defense into these capabilities means that Microsoft...

Best practices for defending Azure Virtual Machines

One of the things that our Detection and Response Team DART and Customer Service and Support CSS security teams see frequently during investigation of customer incidents are attacks on virtual machines from the internet. This is one area in the cloud security shared responsibility model where...

Why we invite security researchers to hack Azure Sphere

Fighting the security battle so our customers don’t have to IoT devices are becoming more prevalent in almost every aspect of our lives—we will rely on them in our homes, our businesses, as well as our infrastructure. In February, Microsoft announced the general availability of Azure Sphere, an...

3 ways Microsoft helps build cyber safety awareness for all

This tumultuous year has brought paradigm shifts across every facet of daily life. A global pandemic has pushed much of our lives online—work, school, entertainment, shopping, and socializing. But one thing remains unchanged: people everywhere share a common need for safety. Today, our need for...

Why integrated phishing-attack training is reshaping cybersecurity—Microsoft Security

Phishing is still one of the most significant risk vectors facing enterprises today. Innovative email security technology like Microsoft Defender for Office 365 stops a majority of phishing attacks before they hit user inboxes, but no technology in the world can prevent 100 percent of phishing...

Microsoft Advanced Compliance Solutions in Zero Trust Architecture

Zero Trust revolves around three key principles: verify explicitly, use least privileged access, and assume breach. Microsoft’s Advanced Compliance Solutions are an important part of Zero Trust. This post applies a Zero Trust lens to protecting an organization’s sensitive data and maintaining...

Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise

Today, Microsoft is releasing a new annual report, called the Digital Defense Report, covering cybersecurity trends from the past year. This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and tha...

Microsoft Security—detecting empires in the cloud

Microsoft consistently tracks the most advanced threat actors and evolving attack techniques. We use these findings to harden our products and platform and share them with the security community to help defenders everywhere better protect the planet. Recently, the Microsoft Threat Intelligence...

Microsoft Security: 6 tips for enabling people-centric cybersecurity with security training

Everyone knows about phishing scams, and most of us think we’re too smart to take the bait. Our confidence often reaches superhero levels when we’re logged onto a company network. As Chief Security Advisor for Microsoft, and previously at telco Swisscom, it’s my business to understand how well...

Microsoft delivers unified SIEM and XDR to modernize security operations

The threat landscape continues to increase in both complexity and the level of sophistication of the attacks we observe. Attackers target the most vulnerable resources in an organization and then traverse laterally to target high-value assets. No longer can you expect to stay safe by protecting...

Microsoft announces cloud innovation to simplify security, compliance, and identity

2020 will be remembered as a year of historic transformation. The pandemic has changed the way businesses operate and people work. One thing that has not changed is our basic human nature and the need to feel safe. Being safe and feeling safe is what allows us to do more, create more, and have...

Identity at Microsoft Ignite: Rising to the challenges of secure remote access and employee productivity

These past months have changed the way we work in so many ways. When businesses and schools went remote overnight, many of you had to adapt quickly to ensure your users could stay productive while working from home. Bad actors are trying to exploit these seismic shifts, making it more important...

Enable secure remote work, address regulations and uncover new risks with Microsoft Compliance

As we talk with a broad range of customers in the current environment, we hear some consistent challenges businesses are facing. With so many remote workers, people are creating, sharing, and storing data in new ways, which fosters productivity, but can also introduce new risks. A recent Microsof...

Vectra and Microsoft join forces to step up detection and response

This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Click here to learn more about MISA. Traditional security operations center SOC processes typically involve a wide variety of disparate event notification tools that force overworked analysts to battl...

Industry-wide partnership on threat-informed defense improves security for all

MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 which Microsoft tracks as TAAL, a collection of threat intelligence, MITRE ATT&CK data, supporting scripts, and utilities designed to enable red teams to emulate the...

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

Microsoft is dedicated to working with the community and our customers to continuously improve and tune our platform and products to help defend against the dynamic and sophisticated threat landscape. Earlier this year, we announced that we would replace the existing software testing experience...

Microsoft Security: Use baseline default tools to accelerate your security career

I wrote a series of blogs last year on how gamified learning through cyber ranges can create more realistic and impactful cybersecurity learning experiences and help attract tomorrow’s security workforce. With the global talent shortage in this field, we need to work harder to bring people into t...

STRONTIUM: Detecting new patterns in credential harvesting

Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections. Analysts from Microsoft Threat Intelligence Center MSTIC and Microsoft Identity Security have been tracking this new...

Accelerate your adoption of SIEM using Azure Sentinel and a new offer from Microsoft

Take advantage of the efficiency benefits of Cloud-native SIEM using Azure Sentinel Today, security needs are evolving faster than ever—and the importance of being agile and cost-effective has never been clearer. Security teams need to get more done, faster, with less budget. On-premises security...

3 ways Microsoft 365 can help you reduce helpdesk costs

With more people than ever working remotely, organizations must maximize employee productivity while protecting an ever-growing digital footprint. Many have stitched together specialized security solutions from different vendors to improve their cybersecurity posture, but this approach is expensi...

Force firmware code to be measured and attested by Secure Launch on Windows 10

You cannot build something great on a weak foundation – and security is no exception. Windows is filled with important security features like Hypervisor-protected code integrity HVCI and Windows Defender Credential Guard that protect users from advanced hardware and firmware attacks. For these...

Microsoft Security: How to cultivate a diverse cybersecurity team

Boost creative problem solving with a diverse cybersecurity team In cybersecurity, whether we are talking about cryptocurrency mining, supply chain attacks, attacks against IoT, or COVID-19-related phishing lures, we know that gaining the advantage over our adversaries requires greater diversity ...

Microsoft Security: What cybersecurity skills do I need to become a CISO?

Build the business skills you need to advance to Chief Information Security Officer For many cybersecurity professionals, the ultimate career goal is to land a chief information security officer CISO job. A CISO is an executive-level position responsible for cyber risk management and operations...

Microsoft Zero Trust deployment guide for your applications

Introduction More likely than not, your organization is in the middle of a digital transformation characterized by increased adoption of cloud apps and increased demand for mobility. In the age of remote work, users expect to be able to connect to any resource, on any device, from anywhere in the...

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe the affected network’s...

Rethinking IoT/OT Security to Mitigate Cyberthreats

We live in an exciting time. We’re in the midst of the fourth industrial revolution—first steam, followed by electricity, then computers, and, now, the Internet of Things. A few years ago, IoT seemed like a futuristic concept that was on the distant horizon. The idea that your fridge would be...

How can Microsoft Threat Protection help reduce the risk from phishing?

Microsoft Threat Protection can help you reduce the cost of phishing The true cost of a successful phishing campaign may be higher than you think. Although phishing defenses and user education have become common in many organizations, employees still fall prey to these attacks. This is a problem...

How to detect and mitigate phishing risks with Microsoft and Terranova Security

Detect, assess, and remediate phishing risks across your organization A successful phishing attack requires just one person to take the bait. That’s why so many organizations fall victim to these cyber threats. To reduce this human risk, you need a combination of smart technology and people-centr...

How do I implement a Zero Trust security model for my Microsoft remote workforce?

Digital empathy should guide your Zero Trust implementation Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations are empowering people...

Microsoft and Corrata integrate to extend cloud app security to mobile endpoints

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. The growth of mobile and remote work and the emergence of the “post perimeter” world has made keeping track of shadow IT a huge challenge for enterprise IT teams. What...

Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Transport Layer Security TLS 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170, the first step in a broader rollout to Windows 10 systems. TLS 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a...

Gartner announces the 2020 Magic Quadrant for Unified Endpoint Management

I’m excited to announce that, last week, Gartner listed Microsoft as a Leader in its 2020 Magic Quadrant for Unified Endpoint Management. You can read the entire report here, and you can see a snapshot of the Magic Quadrant below. You will note that we improved on both the “Ability to Execute” an...

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don’t just sniff out threats,...

New Forrester study shows customers who deploy Microsoft Azure AD benefit from 123% ROI.

Over the past six months, organizations around the world have accelerated digital transformation efforts to rapidly enable a remote workforce. As more employees than ever access apps via their home networks, the corporate network perimeter has truly disappeared, making identity the control plane...

Microsoft Office 365—Do you have a false sense of cloud security?

Through difficult times, some adversaries will find opportunities and COVID-19 has proven to be a ripe opportunity for them to target a new, expanding, remote workforce. While these threats morph and evolve, Microsoft’s Detection and Response Team DART finds ways to endure and help organizations...

How to organize your security team: The evolution of cybersecurity roles and responsibilities

Digital transformation, cloud computing, and a sophisticated threat landscape are forcing everyone to rethink the functions of each role on their security teams, from Chief Information Security Officers CISOs to practitioners. With billions of people around the globe working from home, changes to...

Zero Trust: From security option to business imperative overnight

Not long ago when I spoke with customers about Zero Trust, our conversations focused on discussing the principles, defining scope, or sharing our own IT organization’s journey. Zero Trust was something interesting to learn about, and most organizations were very much in the exploratory phase. As...

Afternoon Cyber Tea: Revisiting social engineering: The human threat to cybersecurity

Most of us know ‘Improv’ through film, theatre, music or even live comedy. It may surprise you to learn that the skills required for improvisational performance art, can also make you a good hacker? In cybersecurity, while quite a bit of focus is on the technology that our adversaries use, we mus...

Associate Microsoft and Pradeo to manage and secure Android Enterprise mobile devices

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Want to learn more on how Android Enterprise works with existing mobility management and security solutions? This article will explain how Android Enterprise fits in a...

CISO Stressbusters: Post #4: 4 tips for running a highly effective security operation

Rebecca Wynn, Global CISO & Chief Privacy Officer CISO of 247.ai , shares her advice for relieving stress in today’s CISO Stressbuster post. In many organizations, CISO is held accountable for security breaches, yet they don’t have control over all the decisions and systems that impact cyber risk...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open-source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics

In theory, a cyberattack can be disrupted at every phase of the attack chain. In reality, however, defense stack boundaries should overlap in order to be effective. When a threat comes via email, for example, even with good security solutions in place, organizations must assume that the threat ma...

Empower your analysts to reduce burnout in your security operations center

Effective cybersecurity starts with a skilled and empowered team. In a world with more remote workers and an evolving threat landscape, you need creative problem solvers defending your organization. Unfortunately, many traditional security organizations operate in a way that discourages growth,...

Guiding principles of our identity strategy: staying ahead of evolving customer needs

Last June, when I shared the 5 principles driving a customer-obsessed identity strategy at Microsoft, many of you had embraced the idea of a boundaryless environment, but relatively few had implemented it in practice. A global pandemic made remote access essential and forced many of you to...

Afternoon Cyber Tea: Peak, Plateau, or Plummet? Cyber security trends that are here to stay and how to detect and recover from ransomware attacks

The rapidity of change in the cyberthreat landscape can be daunting for today’s cyber defense teams. Just as they perfect the ability to block one attack method, adversaries change their approach. Tools like artificial intelligence and machine learning allow us to pivot quickly, however, knowing...

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

The application of deep learning and other machine learning methods to threat detection on endpoints, email and docs, apps, and identities drives a significant piece of the coordinated defense delivered by Microsoft Threat Protection. Within each domain as well as across domains, machine learning...

Preventing data loss and mitigating risk in today’s remote work environment

The shift to remote work over the past few months has increased the need for organizations to re-evaluate their security and risk management practices. With employees accessing corporate data at times on home computers or sharing and collaborating in new ways, organizations could be at greater ri...

Hello open source security! Managing risk with software composition analysis

When first learning to code many people start with a rudimentary “Hello World” program. Building the program teaches developers the basics of a language as they write the code required to display “Hello World” on a screen. As developers get more skilled, the complexity of the programs they build...

5 cybersecurity paradigm shifts that will lead to more inclusive digital experiences

Whether responding to a natural disaster, defending against a cyberattack, or meeting the unprecedented demands to enable the largest workforce in history to work remotely, we amplify our human capacity through technology. At Microsoft, cybersecurity is the underpinning to helping organizations...