Defending the power grid against supply chain attacks—Part 1: The risk defined

Most people don’t think about electricity. If the internet works, their food is refrigerated, and their debit card is approved, why should they? Its ubiquity and reliability render it invisible—a bit of magic that powers much of modern life. That is, until a large storm passes through. Localized...

Changing the Monolith—Part 4: Quick tech wins for a cloud-first world

You may have heard that identity is the “new” perimeter. Indeed, with the proliferation of phishing attacks over the past few years, one of the best ways to secure data is to ensure that identity—the primary way we access data—can be trusted. How do we secure identity? Start by evaluating how use...

Mattress Firm deployed Azure Active Directory to securely connect Firstline Workers to their SaaS apps and to each other

Today, we have another interesting story for the Voice of the Customer blog series. Tony Miller and Jon Sider of Mattress Firm deployed Azure Active Directory Azure AD to create a secure authentication experience for employees, including their Firstline Workforce. Much like sleep and a good...

NERC CIP compliance in Azure

When I did my first North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP compliance project it was 2009. NERC CIP was at version 3. It was the first mandatory cybersecurity standard that the utility I was working for had to meet. As it does today, the Bulk...

Building on secure productivity

Among the most common and powerful attack vectors we have seen are those that exploit the daily tradeoff users make between security and productivity. Often, this can be as simple as a document hiding an exploit or a malicious link. As an industry, we’re used to thinking of security and...

Afternoon Cyber Tea—From threat intelligence to chatbots: A look at AI in cybersecurity

I’ve often said our teams should be as diverse as the problems we are trying to solve. Hiring a diverse security team isn’t just the right thing to do, it’s also good business. This is a topic I’m very passionate about, so I was delighted to interview Jane Frankland for the second podcast of...

Visionary security partners to be honored at the very first Microsoft Security 20/20 event

Microsoft Security 20/20 is nearly here and our team is putting the final touches on what we think will be a memorable event. Microsoft Security 20/20 will put the spotlight on companies and individuals with a clear-eyed view of the security challenges we face and smart solutions to help solve...

Ghost in the shell: Investigating web shell attacks

Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. The organization enlisted the services of Microsoft’s Detection and...

RSA Conference 2020—Empower your defenders with artificial intelligence and automation

The RSA Conference 2020 kicks off in less than three weeks, and the Microsoft Security team can’t wait. This is one of our most important annual events because it provides an invaluable opportunity for us to connect with customers, partners, and other security thought leaders. New ideas are...

Guarding against supply chain attacks—Part 2: Hardware risks

The challenge and benefit of technology today is that it’s entirely global in nature. This reality is brought into focus when companies assess their supply chains, and look for ways to identify, assess, and manage risks across the supply chain of an enterprise. Part 2 of the “Guarding against...

New capabilities for eDiscovery now available

With the exponential growth of data, there is a pressing need for broader visibility into ever-increasing case activities that require eDiscovery to extend to chat-based communication and collaboration tools. New capabilities help you manage eDiscovery in Microsoft Teams including the ability to...

Changing the Monolith—Part 3: What’s your process?

In my 25-year journey, I have led security and privacy programs for corporations and provided professional advisory services for organizations of all types. Often, I encounter teams frantically running around in their own silos, trying to connect the dots and yet unsure if those are the right dot...

Cyber-risk assessments—the solution for companies in the Fourth Industrial Revolution

Technology continues to play a critical role in shaping the global risks landscape for individuals, governments, and businesses. According to the World Economic Forum's Global Risks Report 2020, cyberattacks are ranked as the second risk of greatest concern for business globally over the next 10...

Afternoon Cyber Tea—The State of Cybersecurity: How did we get here? What does it mean?

Every year the number and scale of cyberattacks grows. Marc Goodman, a global security strategist, futurist, and author of the book, Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, thinks a lot about how we got here and what it means, which is why he w...

5 identity priorities for 2020

Today, Joy Chik, Corporate Vice President of Identity, shared five priorities central to security that organizations should prioritize in 2020 as they digitally transform. These priorities are based on many conversations with our customers, including: 1. Connect all applications and cloud resourc...

Data privacy is about more than compliance—it’s about being a good world citizen

Happy Data Privacy Day! Begun in 2007 in the European Union E.U. and adopted by the U.S. in 2008, Data Privacy Day is an international effort to encourage better protection of data and respect for privacy. It’s a timely topic given the recent enactment of the California Consumer Privacy Act CCPA...

New privacy assessments now included in Microsoft Compliance Score

Keeping up with rapidly changing regulatory requirements has become one of the biggest challenge’s organizations face today. Just as companies finished preparing for the General Data Protection Regulation GDPR, California’s privacy regulation—California Consumer Privacy Act CCPA—went into effect ...

Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure

The Azure security team is pleased to announce that the Azure Security Benchmark v1 ASB is now available. ASB is a collection of over 90 security best practices recommendations you can employ to increase the overall security and compliance of all your workloads in Azure. The ASB controls are base...

Microsoft and Zscaler help organizations implement the Zero Trust model

While digital transformation is critical to business innovation, delivering security to cloud-first, mobile-first architectures requires rethinking traditional network security solutions. Some businesses have been successful in doing so, while others still remain at risk of very costly breaches...

sLoad launches version 2.0, Starslord

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Background Intelligent Transfer Service BITS for malicious activities, has launched version 2.0. The new version comes on the heels of a comprehensive blog we published detailing the malware’s multi-stage...

How companies can prepare for a heightened threat environment

With high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any compa...

Changing the monolith—Part 2: Whose support do you need?

In Changing the monolith—Part 1: Building alliances for a secure culture, I explored how security leaders can build alliances and why a commitment to change must be signaled from the top. But whose support should you recruit in the first place? In Part 2, I address considerations for the...

Introducing Microsoft Application Inspector

Modern software development practices often involve building applications from hundreds of existing components, whether they’re written by another team in your organization, an external vendor, or someone in the open source community. Reuse has great benefits, including time-to-market, quality, a...

How to implement Multi-Factor Authentication (MFA)

Another day, another data breach. If the regular drumbeat of leaked and phished accounts hasn't persuaded you to switch to Multi-Factor Authentication MFA already, maybe the usual January rush of 'back to work' password reset requests is making you reconsider. When such an effective option for...

Rethinking cyber scenarios—learning (and training) as you defend

In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and final post in the series, Keenan and I...

Changing the monolith—Part 1: Building alliances for a secure culture

Any modern security expert can tell you that we’re light years away from the old days when firewalls and antivirus were the only mechanisms of protection against cyberattacks. Cybersecurity has been one of the hot topics of boardroom conversation for the last eight years, and has been rapidly...

Microsoft 365 helps governments adopt a Zero Trust security model

For governments to function, the flow of data on a massive scale is required—including sensitive information about critical infrastructure, citizens, and public safety and security. The security of government information systems is subject to constant attempted attacks and in need of a modern...

Threat hunting in Azure Advanced Threat Protection (ATP)

As members of Microsoft’s Detection and Response Team DART, we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult as you...

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center SOC operations. We share strategies and learnings from our SOC, which protects Microsoft, and our Detection and Response Team DART, who helps our customers addre...

Mobile threat defense and intelligence are a core part of cyber defense

The modern workplace is a mobile workplace. Today’s organizations rely on mobility to increase productivity and improve the customer experience. But the proliferation of smartphones and other mobile devices has also expanded the attack surface of roughly 5 billion mobile devices in the world, man...

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

Computers with Windows Remote Desktop Protocol RDP exposed to the internet are an attractive target for adversaries because they present a simple and effective way to gain access to a network. Brute forcing RDP, a secure network communications protocol that provides remote access over port 3389,...

Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution

Data governance has relied on transferring data to a third-party for hosting an archive service. Emails, documents, chat logs, and third-party data Bloomberg, Facebook, LinkedIn, etc. must be saved in a way that it can’t be changed and won’t be lost. Data governance is part of IT at the enterpris...

Norsk Hydro responds to ransomware attack with transparency

Last March, aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware. The attack began with an infected email and locked the files on thousands of servers and PCs. All 35,000 Norsk Hydro employees across 40 countries were affected. In the throes of this crisis, executives ma...

How to secure your IoT deployment during the security talent shortage

Businesses across industries are placing bigger and bigger bets on the Internet of Things IoT as they look to unlock valuable business opportunities. But time and time again, as I meet with device manufacturers and businesses considering IoT deployments, there are concerns over the complexity of...

Ransomware response—to pay or not to pay?

The increased connectivity of computers and the growth of Bring Your Own Device BYOD in most organizations is making the distribution of malicious software malware easier. Unlike other types of malicious programs that may usually go undetected for a longer period, a ransomware attack is usually...

Finding a common language to describe AI security threats

As artificial intelligence AI and machine learning systems become increasingly important to our lives, it’s critical that when they fail we understand how and why. Many research papers have been dedicated to this topic, but inconsistent vocabulary has limited their usefulness. In collaboration wi...

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service BITS is a component of the Windows operating...

GALLIUM: Targeting global telecom

Microsoft Threat Intelligence Center MSTIC is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need to protect...

Go passwordless to strengthen security and reduce costs

We all know passwords are inherently unsecure. They’re also expensive to manage. Users struggle to remember them. It’s why we’re so passionate about eliminating passwords entirely. Passwordless solutions, such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app, provide mor...

The quiet evolution of phishing

The battle against phishing is a silent one: every day, Office 365 Advanced Threat Protection detects millions of distinct malicious URLs and email attachments. Every year, billions of phishing emails don’t ever reach mailboxes—real-world attacks foiled in real-time. Heuristics, detonation, and...

Improve cyber supply chain risk management with Microsoft Azure

For years, Microsoft has tracked threat actors exploiting federal cyber supply chain vulnerabilities. Supply chain attacks target software developers, systems integrators, and technology companies. Tactics often include obtaining source code, build processes, or update mechanisms to compromise...

Microsoft Security—a Leader in 5 Gartner Magic Quadrants

Gartner has named Microsoft Security a Leader in five Magic Quadrants. This is exciting news that we believe speaks to the breadth and depth of our security offerings. Gartner places vendors as Leaders who demonstrate balanced progress and effort in all execution and vision categories. This means...

Spear phishing campaigns—they’re sharper than you think

Even your most security-savvy users may have difficulty identifying honed spear phishing campaigns. Unlike traditional phishing campaigns that are blasted to a large email list in hopes that just one person will bite, advanced spear phishing campaigns are highly targeted and personal. They are so...

Gartner Names Microsoft a Leader in the 2019 Enterprise Information Archiving (EIA) Magic Quadrant

We often hear from customers about the explosion of data, and the challenge this presents for organizations in remaining compliant and protecting their information. We’ve invested in capabilities across the landscape of information protection and information governance, inclusive of archiving,...

Insights from one year of tracking a polymorphic threat

A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every 20-30 minutes on thousands of devices. We gave...

Going in-depth on the Windows 10 random number generation infrastructure

Throughout the years, we've had ongoing conversations with researchers, developers, and customers around our implementation of certain security features within the Windows operating system. Most recently, we have open-sourced our cryptography libraries as a way to contribute and show our continue...

Rethinking cyber learning—consider gamification

As promised, I’m back with a follow-up to my recent post, Rethinking how we learn security, on how we need modernize the learning experience for cybersecurity professionals by gamifying training to make learning fun. Some of you may have attended the recent Microsoft Ignite events in Orlando and...

Changing security incident response by utilizing the power of the cloud—DART tools, techniques, and procedures: part 1

This is the first in a blog series discussing the tools, techniques, and procedures that the Microsoft Detection and Response Team DART use to investigate cybersecurity incidents at our customer organizations. Today, we introduce the team and give a brief overview of each of the tools that utiliz...

Zero Trust strategy—what good looks like

Zero Trust has managed to both inspire and confuse the cybersecurity industry at the same time. A significant reason for the confusion is that Zero Trust isn’t a specific technology, but a security strategy and arguably the first formal strategy, as I recently heard Dr. Chase Cunningham, Principa...

Microsoft works with researchers to detect and protect against new RDP exploits

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and...