Microsoft continues to extend security for all with mobile protection for Android

Just a year ago, we shared our first steps on a journey to enable our customers to protect endpoints running a variety of platforms with our announcement of Microsoft Defender ATP for Mac. Knowing that each of our customers have unique environments and unique needs and are looking for more...

Microsoft acquires CyberX to accelerate and secure customers’ IoT deployments

Today, we’re excited to announce that Microsoft has acquired CyberX, a comprehensive, network-based IoT security platform with continuous threat monitoring and sophisticated analytics that addresses IoT security in a holistic way across the enterprise. CyberX will complement the existing Azure Io...

Modernizing the security operations center to better secure a remote workforce

The response to COVID-19 has required many security operations centers SOCs to rethink how they protect their organizations. With so many employees working remotely, IT groups are routing more traffic directly to cloud apps, rather than through the network. In this model, traditional network...

Barracuda and Microsoft: Securing applications in public cloud

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Barracuda Cloud Application Protection CAP platform features integrations with Microsoft Azure Active Directory Azure AD and Azure Security Center. A component of CAP,...

Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint

The increasing pervasiveness of cloud services in today’s work environments, accelerated by a crisis that forced companies around the globe to shift to remote work, is significantly changing how defenders must monitor and protect organizations. Corporate data is spread across multiple...

Moving to cloud-based SIEM: the cost advantage

Companies weigh multiple factors in any technology implementation, balancing risks with business needs and IT capabilities. And while the same is true with cloud-based security information and event management SIEM solutions, cost overwhelmingly shapes the discussion as well. For example, accordi...

UEFI scanner brings Microsoft Defender ATP protection to a new level

Microsoft Defender Advanced Threat Protection Microsoft Defender ATP is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface UEFI scanner. Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutio...

Stay ahead of multi-cloud attacks with Azure Security Center

The COVID-19 crisis has challenged just about every business on the planet to quickly adapt and transform. With massive workforces now remote, IT administrators and security professionals are under increased pressure to keep these workers connected and productive while combating evolving threats,...

Exploiting a crisis: How cybercriminals behaved during the outbreak

In the past several months, seemingly conflicting data has been published about cybercriminals taking advantage of the COVID-19 outbreak to attack consumers and enterprises alike. Big numbers can show shifts in attacker behavior and grab headlines. Cybercriminals did indeed adapt their tactics to...

Zero Trust—Part 1: Networking

Enterprises used to be able to secure their corporate perimeters with traditional network controls and feel confident that they were keeping hackers out. However, in a mobile- and cloud-first world, in which the rate and the sophistication level of security attacks are increasing, they can no...

Barracuda and Microsoft: Removing security barriers to faster public cloud adoption

Barracuda’s CloudGen Firewall is tightly integrated with Microsoft Azure Virtual WAN, Azure Active Directory Azure AD, Azure Security Center, and Azure Sentinel. Integrated into Azure, Barracuda’s networking and security capabilities enable customers’ secure infrastructure migrations and the use ...

Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

In September 2019, MITRE evaluated Microsoft Threat Protection MTP and other endpoint security solutions. The ATT&CK evaluation lasted for three days, with a professional red team from MITRE emulating many advanced attack behaviors used by the nation-state threat group known as YTTRIUM APT29. Aft...

What’s new in Microsoft 365 Compliance and Risk Management

The world has dramatically changed over the past three months. As Satya shared in our recent quarterly earnings, we have seen two years’ worth of digital transformation in two months. With that significant amount of rapid change, it’s more important than ever to make sure your business-critical...

Misconfigured Kubeflow workloads are a security risk

Azure Security Center ASC monitors and defends thousands of Kubernetes clusters running on top of AKS. Azure Security Center regularly searches for and research for new attack vectors against Kubernetes workloads. We recently published a blog post about a large scale campaign against Kubernetes...

The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware

The linchpin of successful cyberattacks, exemplified by nation state-level attacks and human-operated ransomware, is their ability to find the path of least resistance and progressively move across a compromised network. Determining the full scope and impact of these attacks is one the most...

11 security tips to help stay safe in the COVID-19 era

The COVID-19 pandemic has changed our daily routines, the ways we work, and our reliance on technology. Many of us are now working remotely, students are attending classes virtually, and we’re relying more on social media and social networks to stay connected as we define what our new normal look...

Managing cybersecurity like a business risk: Part 1—Modeling opportunities and threats

In recent years, cybersecurity has been elevated to a C-suite and board-level concern. This is appropriate given the stakes. Data breaches can have significant impact on a company’s reputation and profits. But, although businesses now consider cyberattacks a business risk, management of cyber ris...

4 identity partnerships to help drive better security

At Microsoft, we are committed to driving innovation for our partnerships within the identity ecosystem. Together, we are enabling our customers, who live and work in a heterogenous world, to get secure and remote access to the apps and resources they need. In this blog, we’d like to highlight ho...

Zero Trust Deployment Guide for devices

The modern enterprise has an incredible diversity of endpoints accessing their data. This creates a massive attack surface, and as a result, endpoints can easily become the weakest link in your Zero Trust security strategy. Whether a device is a personally owned BYOD device or a corporate-owned a...

Zero Trust and its role in securing the new normal

As the global crisis around COVID-19 continues, security teams have been forced to adapt to a rapidly evolving security landscape. Schools, businesses, and healthcare organizations are all getting work done from home on a variety of devices and locations, extending the potential security attack...

Build support for open source in your organization

Have you ever stared at the same lines of code for hours only to have a coworker identify a bug after just a quick glance? That’s the power of community! Open source software development is guided by the philosophy that a diverse community will produce higher quality code by allowing anyone to...

Success in security: reining in entropy

Your network is unique. It’s a living, breathing system evolving over time. Data is created. Data is processed. Data is accessed. Data is manipulated. Data can be forgotten. The applications and users performing these actions are all unique parts of the system, adding degrees of disorder and...

Cybersecurity best practices to implement highly secured devices

Almost three years ago, we published The Seven Properties of Highly Secured Devices, which introduced a new standard for IoT security and argued, based on an analysis of best-in-class devices, that seven properties must be present on every standalone device that connects to the internet in order ...

Microsoft Build brings new innovations and capabilities to keep developers and customers secure

As both organizations and developers adapt to the new reality of working and collaborating in a remote environment, it’s more important than ever to ensure that their experiences are secure and trusted. As part of this week’s Build virtual event, we’re introducing new Identity innovation to help...

Operational resilience in a remote work world

Microsoft CEO Satya Nadella recently said, “We have seen two years’ worth of digital transformation in two months.” This is a result of many organizations having to adapt to the new world of document sharing and video conferencing as they become distributed organizations overnight. At Microsoft, ...

Open-sourcing new COVID-19 threat intelligence

A global threat requires a global response. While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cybercriminals using COVID-19 as a lure to mount attacks. As a security intelligence community, we are stronger when we share...

Secured-core PCs help customers stay ahead of advanced data theft

Researchers at the Eindhoven University of Technology recently revealed information around "Thunderspy," an attack that relies on leveraging direct memory access DMA functionality to compromise devices. An attacker with physical access to a system can use Thunderspy to read and copy data even fro...

Empowering your remote workforce with end-user security awareness

COVID-19 has rapidly transformed how we all work. Organizations need quick and effective user security and awareness training to address the swiftly changing needs of the new normal for many of us. To help our customers deploy user training quickly, easily and effectively, we are announcing the...

CISO stress-busters: post #1 overcoming obstacles

As part of the launch of the U.S. space program’s moon shot, President Kennedy famously said we do these things “not because they are easy, but because they are hard.” The same can be said for the people responsible for security at their organizations; it is not a job one takes because it is easy...

Microsoft researchers work with Intel Labs to explore new deep learning approaches for malware classification

The opportunities for innovative approaches to threat detection through deep learning, a category of algorithms within the larger framework of machine learning, are vast. Microsoft Threat Protection today uses multiple deep learning-based classifiers that detect advanced threats, for example,...

Protect your accounts with smarter ways to sign in on World Passwordless Day

As the world continues to grapple with COVID-19, our lives have become increasingly dependent on digital interactions. Operating at home, we’ve had to rely on e-commerce, telehealth, and e-government to manage the everyday business of life. Our daily online usage has increased by over 20 percent...

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go...

Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

This is the sixth blog in the Lessons learned from the Microsoft SOC series designed to share our approach and experience from the front lines of our security operations center SOC protecting Microsoft and our Detection and Response Team DART helping our customers with their incidents. For a visu...

Mitigating vulnerabilities in endpoint network stacks

The skyrocketing demand for tools that enable real-time collaboration, remote desktops for accessing company information, and other services that enable remote work underlines the tremendous importance of building and shipping secure products and services. While this is magnified as organizations...

Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation

The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of such an advanced attack as APT29. When looking at protection results out of the box, without configuration changes, Microsoft Threat Protection MTP: Provid...

Zero Trust Deployment Guide for Microsoft Azure Active Directory

Microsoft is providing a series of deployment guides for customers who have engaged in a Zero Trust security strategy. In this guide, we cover how to deploy and configure Azure Active Directory Azure AD capabilities to support your Zero Trust security strategy. For simplicity, this document will...

Data governance matters now more than ever

Knowing, protecting, and governing your organizational data is critical to adhere to regulations and meet security and privacy needs. Arguably, that’s never been truer than it is today as we face these unprecedented health and economic circumstances. To help organizations to navigate privacy duri...

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations. Multiple ransomware groups that have been accumulating access and maintaining...

Managing risk in today’s IoT landscape: not a one-and-done

The reality of securing IoT over time It’s difficult to imagine any aspect of everyday life that isn’t affected by the influence of connectivity. The number of businesses that are using IoT is growing at a fast pace. By 2021, approximately 94 percent of businesses will be using IoT. Connectivity...

Protecting your organization against password spray attacks

When hackers plan an attack, they often engage in a numbers game. They can invest significant time pursing a single, high-value target—someone in the C-suite for example and do “spear phishing.” Or if they just need low-level access to gain a foothold in an organization or do reconnaissance, they...

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

Over the last fifteen years, attacks against critical infrastructure figure1 have steadily increased in both volume and sophistication. Because of the strategic importance of this industry to national security and economic stability, these organizations are targeted by sophisticated, patient, and...

MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats

As attackers use more advanced techniques, it’s even more important that defenders have visibility not just into each of the domains in their environment, but also across them to piece together coordinated, targeted, and advanced attacks. This level of visibility will allow us to get ahead of...

NERC CIP Compliance in Azure vs. Azure Government cloud

As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...

Security guidance for remote desktop adoption

As the volume of remote workers quickly increased over the past two to three months, the IT teams in many companies scrambled to figure out how their infrastructures and technologies would be able to handle the increase in remote connections. Many companies were forced to enhance their capabiliti...

Secure the software development lifecycle with machine learning

Every day, software developers stare down a long list of features and bugs that need to be addressed. Security professionals try to help by using automated tools to prioritize security bugs, but too often, engineers waste time on false positives or miss a critical security vulnerability that has...

Afternoon Cyber Tea: Building operational resilience in a digital world

Operational resiliency is a topic of rising importance in the security community. Unplanned events, much like the one we are facing today, are reminders of how organizations can be prepared to respond to a cyberattack. Ian Coldwater and I explored a variety of options in my episode of Afternoon...

Enable remote work while keeping cloud deployments secure

As our customers shift to remote work in response to the COVID-19 outbreak, many have asked how to maintain the security posture of their cloud assets. Azure Security Center security controls can help you monitor your security posture as usage of cloud assets increases. These are three common...

Microsoft shares new threat intelligence, security guidance during global crisis

Ready or not, much of the world was thrust into working from home, which means more people and devices are now accessing sensitive corporate data across home networks. Defenders are working round the clock to secure endpoints and ensure the fidelity of not only those endpoints, but also identitie...

Mobile security—the 60 percent problem

This blog post is part of the Microsoft Intelligence Security Association MISA guest blog series. To learn more about MISA, visit the MISA webpage. Off the top of your head, what percentage of endpoints in your organization are currently protected? Something in the 98 percent+ range? Most...

Protecting your data and maintaining compliance in a remote work environment

In this difficult time, remote work is becoming the new normal for many companies around the world. Employees are using tools like Microsoft Teams to collaborate, chat, and connect in new ways to try to keep their businesses moving forward amidst the challenging global health crisis. I sincerely...