Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation

The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of such an advanced attack as APT29. When looking at protection results out of the box, without configuration changes, Microsoft Threat Protection MTP: Provid...

Zero Trust Deployment Guide for Microsoft Azure Active Directory

Microsoft is providing a series of deployment guides for customers who have engaged in a Zero Trust security strategy. In this guide, we cover how to deploy and configure Azure Active Directory Azure AD capabilities to support your Zero Trust security strategy. For simplicity, this document will...

Data governance matters now more than ever

Knowing, protecting, and governing your organizational data is critical to adhere to regulations and meet security and privacy needs. Arguably, that’s never been truer than it is today as we face these unprecedented health and economic circumstances. To help organizations to navigate privacy duri...

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations. Multiple ransomware groups that have been accumulating access and maintaining...

Managing risk in today’s IoT landscape: not a one-and-done

The reality of securing IoT over time It’s difficult to imagine any aspect of everyday life that isn’t affected by the influence of connectivity. The number of businesses that are using IoT is growing at a fast pace. By 2021, approximately 94 percent of businesses will be using IoT. Connectivity...

Protecting your organization against password spray attacks

When hackers plan an attack, they often engage in a numbers game. They can invest significant time pursing a single, high-value target—someone in the C-suite for example and do “spear phishing.” Or if they just need low-level access to gain a foothold in an organization or do reconnaissance, they...

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

Over the last fifteen years, attacks against critical infrastructure figure1 have steadily increased in both volume and sophistication. Because of the strategic importance of this industry to national security and economic stability, these organizations are targeted by sophisticated, patient, and...

MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats

As attackers use more advanced techniques, it’s even more important that defenders have visibility not just into each of the domains in their environment, but also across them to piece together coordinated, targeted, and advanced attacks. This level of visibility will allow us to get ahead of...

NERC CIP Compliance in Azure vs. Azure Government cloud

As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...

Security guidance for remote desktop adoption

As the volume of remote workers quickly increased over the past two to three months, the IT teams in many companies scrambled to figure out how their infrastructures and technologies would be able to handle the increase in remote connections. Many companies were forced to enhance their capabiliti...

Secure the software development lifecycle with machine learning

Every day, software developers stare down a long list of features and bugs that need to be addressed. Security professionals try to help by using automated tools to prioritize security bugs, but too often, engineers waste time on false positives or miss a critical security vulnerability that has...

Afternoon Cyber Tea: Building operational resilience in a digital world

Operational resiliency is a topic of rising importance in the security community. Unplanned events, much like the one we are facing today, are reminders of how organizations can be prepared to respond to a cyberattack. Ian Coldwater and I explored a variety of options in my episode of Afternoon...

Enable remote work while keeping cloud deployments secure

As our customers shift to remote work in response to the COVID-19 outbreak, many have asked how to maintain the security posture of their cloud assets. Azure Security Center security controls can help you monitor your security posture as usage of cloud assets increases. These are three common...

Microsoft shares new threat intelligence, security guidance during global crisis

Ready or not, much of the world was thrust into working from home, which means more people and devices are now accessing sensitive corporate data across home networks. Defenders are working round the clock to secure endpoints and ensure the fidelity of not only those endpoints, but also identitie...

Mobile security—the 60 percent problem

This blog post is part of the Microsoft Intelligence Security Association MISA guest blog series. To learn more about MISA, visit the MISA webpage. Off the top of your head, what percentage of endpoints in your organization are currently protected? Something in the 98 percent+ range? Most...

Protecting your data and maintaining compliance in a remote work environment

In this difficult time, remote work is becoming the new normal for many companies around the world. Employees are using tools like Microsoft Teams to collaborate, chat, and connect in new ways to try to keep their businesses moving forward amidst the challenging global health crisis. I sincerely...

Turning collaboration and customer engagement up with a strong identity approach

In these challenging times, it’s even more apparent that modern companies are managing a blended workforce that encompasses not only their full-time staff and customers but also their contractors, consultants, subsidiaries, suppliers, partners, and soon-to-be customers. Balancing friction-less...

Microsoft Defender ATP can help you secure your remote workforce

As the number of home-based workers has accelerated in the last few weeks, it’s introduced new challenges. You may want to expand the number and types of devices employees can use to access company resources. You need to support a surge in SaaS usage. And it’s important to adjust security policie...

Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team

Recently, we published our first case report 001: …And Then There Were Six by the Microsoft Detection and Response Team DART. We received significant positive response from our customers and colleagues and our team has been getting inquiries asking for more reports. We are glad to share the DART...

Attack matrix for Kubernetes

Kubernetes, the most popular container orchestration system and one of the fastest-growing projects in the history of open source, becomes a significant part of many companies’ compute stack. The flexibility and scalability of containers encourage many developers to move their workloads to...

Zero Trust framework to enable remote work

Zero Trust Assessment tool now live! With such a large influx of employees working remotely, many of the traditional network-based security controls are unable to protect the organization. For many organizations, there are two options: route all remote traffic through a strained legacy network...

Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do

True to form, human-operated ransomware campaigns are always on prowl for any path of least resistance to gain initial access to target organizations. During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices...

Welcoming a more diverse workforce into cybersecurity: expanding the pipeline

Despite much focus on increasing the number of women in cybersecurity, as an industry we are still falling short. For many companies the problem starts with the tech pipeline—there just aren’t enough resumes from qualified female candidates. But I think the real problem is that our definition of...

Making it easier for your remote workforce to securely access all the apps they need, from anywhere

Since I published my last blog, Five identity priorities for 2020, COVID-19 has upended the way we work and socialize. Now that physical distancing has become essential to protect everyone’s health, more people than ever are going online to connect and get things done. As we all adjust to a new...

Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios

With the bulk of end users now working remotely, legacy network architectures that route all remote traffic through a central corporate network are suddenly under enormous strain. The result can be poorer performance, productivity, and user experience. Many organizations are now rethinking their...

Welcoming and retaining diversity in cybersecurity

I doubt I’d be in the role I am now if leaders at one of my first jobs hadn’t taken an interest in my career. Although I taught myself to code when I was young, I graduated from college with a degree in English Literature and began my post-college career in editorial. I worked my way up to...

Defending the power grid against supply chain attacks—Part 2: Securing hardware and software

Artificial intelligence AI and connected devices have fueled digital transformation in the utilities industry. These technological advances promise to reduce costs and increase the efficiency of energy generation, transmission, and distribution. They’ve also created new vulnerabilities...

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

Following a short hiatus, Astaroth came back to life in early February sporting significant changes in its attack chain. Astaroth is an info-stealing malware that employs multiple fileless techniques and abuses various legitimate processes to attempt running undetected on compromised machines. Th...

Protecting against coronavirus themed phishing attacks

The world has changed in unprecedented ways in the last several weeks due to the coronavirus pandemic. While it has brought out the best in humanity in many ways, as with any crisis it can also attract the worst in some. Cybercriminals use people’s fear and need for information in phishing attack...

Welcoming more women into cybersecurity: the power of mentorships

From the way our industry tackles cyber threats, to the language we have developed to describe these attacks, I’ve long been a proponent to challenging traditional schools of thought—traditional cyber-norms—and encouraging our industry to get outside its comfort zones. It’s important to expand ou...

Forrester names Microsoft a Leader in 2020 Enterprise Detection and Response Wave

I’m proud to announce that Microsoft is positioned as a Leader in The Forrester Wave: Enterprise Detection and Response, Q1 2020. Among the Leaders in the report, Microsoft received the highest score in the current offering category. Microsoft also received the highest score of all participating...

Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have...

Work remotely, stay secure—guidance for CISOs

With many employees suddenly working from home, there are things an organization and employees can do to help remain productive without increasing cybersecurity risk. While employees in this new remote work situation will be thinking about how to stay in touch with colleagues and coworkers using...

Empower Firstline Workers with Azure AD and YubiKey passwordless authentication

At the end of February, Microsoft announced the FIDO2 passwordless support for hybrid environments. The integration of FIDO2-based YubiKeys and Azure Active Directory Azure AD is a game changer. It combines the ubiquity of Azure AD, the usability of YubiKey, and the security of both solutions to...

Guarding against supply chain attacks—Part 3: How software becomes compromised

Do you know all the software your company uses? The software supply chain can be complex and opaque. It’s comprised of software that businesses use to run operations, such as customer relationship management CRM, enterprise resource planning ERP, and project management. It also includes the...

Threat hunting: Part 1—Why your SOC needs a proactive hunting team

Cybersecurity can often feel like a game of whack-a-mole. As our tools get better at stopping one type of attack, our adversaries innovate new tactics. Sophisticated cybercriminals burrow their way into network caverns, avoiding detection for weeks or even months, as they gather information and...

Behavioral blocking and containment: Transforming optics into protection

In today’s threat landscape—overrun by fileless malware that live off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, human-operated attacks that adapt to what adversaries find on compromised machines, and other sophisticated threats—behavioral...

Real-life cybercrime stories from DART, the Microsoft Detection and Response Team

When we published our first blog about the Microsoft Detection and Response Team DART in March of 2019, we described our mission as responding to compromises and helping our customers become cyber-resilient. In pursuit of this mission we had already been providing onsite reactive incident respons...

Human-operated ransomware attacks: A preventable disaster

Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ...

IT executives prioritize Multi-Factor Authentication in 2020

In 2020, many IT executives will roll out or expand their implementation of Multi-Factor Authentication MFA to better safeguard identities. This is one of the key findings of a survey conducted by Pulse Q&A for Microsoft in October 2019.1 Specifically, 59 percent of executives will implement or...

Quick wins—single sign-on (SSO) and Multi-Factor Authentication (MFA)

With Multi-Factor Authentication MFA and single sign-on SSO being a few of the most effective countermeasures against modern threats, organizations should consider a Cloud Identity as a Service IDaaS, and MFA solution, like Azure Active Directory AD. Here are seven benefits: 1. Azure AD is simple...

Microsoft identity acronyms—what do they mean and how do they relate to each other?

As a security advisor working with one to three Chief Information Security Officers CISOs each week, the topic of identity comes up often. These are smart people who have often been in industry for decades. They have their own vocabulary of acronyms that only security professionals know such as...

MISA expands with new members and new product additions

Another RSA Conference RSAC and another big year for the Microsoft Intelligent Security Association MISA. MISA was launched at RSAC 2018 with 26 members and a year later we had doubled in size to 53 members. Today, I am excited to share that the association has again doubled in size to 102 member...

Azure Sphere—Microsoft’s answer to escalating IoT threats—reaches general availability

Today Azure Sphere—Microsoft’s integrated security solution for IoT devices and equipment—is widely available for the development and deployment of secure, connected devices. Azure Sphere’s general availability milestone couldn’t be timelier. From consumer device hacking and botnets to nation sta...

New Microsoft Security innovations and partnerships

Today on the Official Microsoft Blog, Ann Johnson, Corporate Vice President of the Cybersecurity Solutions Group, shared how Microsoft is helping turn the tide in cybersecurity by putting artificial intelligence AI in the hands of defenders. She announced the general availability of Microsoft...

Microsoft Insider Risk Management and Communication Compliance in Microsoft 365 now generally available

Microsoft Insider Risk Management and Communication Compliance in Microsoft 365—now generally available—help organizations address internal risks, such as IP theft or code of conduct policy violations. The new Microsoft Insider Risk Management solution helps to quickly identify, detect, and act o...

Free import of AWS CloudTrail logs through June 2020 and other exciting Azure Sentinel updates

SecOps teams are increasingly challenged to protect assets across distributed environments, analyze the growing volume of security data, and prioritize response to real threats. As a cloud-native SIEM solution security information and event management, Azure Sentinel uses artificial intelligence ...

Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals

Cybercrime is as much a people problem as it is a technology problem. To respond effectively, the defender community must harness machine learning to compliment the strengths of people. This is the philosophy that undergirds Azure Sentinel. Azure Sentinel is a cloud-native SIEM that exploits...

Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation

Attackers will cross multiple domains like email, identity, endpoints, and applications to find the point of least resistance. Today’s defense solutions have been designed to protect, detect, and block threats for each domain separately, allowing attackers to exploit the seams and threshold...

Unifying security policy across all mobile form-factors with Wandera and Microsoft

The way we work is evolving—technology enables more effective employees by helping them to be productive where and when they choose. Businesses have also been enjoying the productivity benefits of an always-on and always-connected workforce. While new business applications and device form-factors...