New privacy assessments now included in Microsoft Compliance Score

Keeping up with rapidly changing regulatory requirements has become one of the biggest challenge’s organizations face today. Just as companies finished preparing for the General Data Protection Regulation GDPR, California’s privacy regulation—California Consumer Privacy Act CCPA—went into effect ...

Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure

The Azure security team is pleased to announce that the Azure Security Benchmark v1 ASB is now available. ASB is a collection of over 90 security best practices recommendations you can employ to increase the overall security and compliance of all your workloads in Azure. The ASB controls are base...

Microsoft and Zscaler help organizations implement the Zero Trust model

While digital transformation is critical to business innovation, delivering security to cloud-first, mobile-first architectures requires rethinking traditional network security solutions. Some businesses have been successful in doing so, while others still remain at risk of very costly breaches...

sLoad launches version 2.0, Starslord

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Background Intelligent Transfer Service BITS for malicious activities, has launched version 2.0. The new version comes on the heels of a comprehensive blog we published detailing the malware’s multi-stage...

How companies can prepare for a heightened threat environment

With high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any compa...

Changing the monolith—Part 2: Whose support do you need?

In Changing the monolith—Part 1: Building alliances for a secure culture, I explored how security leaders can build alliances and why a commitment to change must be signaled from the top. But whose support should you recruit in the first place? In Part 2, I address considerations for the...

Introducing Microsoft Application Inspector

Modern software development practices often involve building applications from hundreds of existing components, whether they’re written by another team in your organization, an external vendor, or someone in the open source community. Reuse has great benefits, including time-to-market, quality, a...

How to implement Multi-Factor Authentication (MFA)

Another day, another data breach. If the regular drumbeat of leaked and phished accounts hasn't persuaded you to switch to Multi-Factor Authentication MFA already, maybe the usual January rush of 'back to work' password reset requests is making you reconsider. When such an effective option for...

Rethinking cyber scenarios—learning (and training) as you defend

In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and final post in the series, Keenan and I...

Changing the monolith—Part 1: Building alliances for a secure culture

Any modern security expert can tell you that we’re light years away from the old days when firewalls and antivirus were the only mechanisms of protection against cyberattacks. Cybersecurity has been one of the hot topics of boardroom conversation for the last eight years, and has been rapidly...

Microsoft 365 helps governments adopt a Zero Trust security model

For governments to function, the flow of data on a massive scale is required—including sensitive information about critical infrastructure, citizens, and public safety and security. The security of government information systems is subject to constant attempted attacks and in need of a modern...

Threat hunting in Azure Advanced Threat Protection (ATP)

As members of Microsoft’s Detection and Response Team DART, we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult as you...

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center SOC operations. We share strategies and learnings from our SOC, which protects Microsoft, and our Detection and Response Team DART, who helps our customers addre...

Mobile threat defense and intelligence are a core part of cyber defense

The modern workplace is a mobile workplace. Today’s organizations rely on mobility to increase productivity and improve the customer experience. But the proliferation of smartphones and other mobile devices has also expanded the attack surface of roughly 5 billion mobile devices in the world, man...

Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks

Computers with Windows Remote Desktop Protocol RDP exposed to the internet are an attractive target for adversaries because they present a simple and effective way to gain access to a network. Brute forcing RDP, a secure network communications protocol that provides remote access over port 3389,...

Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution

Data governance has relied on transferring data to a third-party for hosting an archive service. Emails, documents, chat logs, and third-party data Bloomberg, Facebook, LinkedIn, etc. must be saved in a way that it can’t be changed and won’t be lost. Data governance is part of IT at the enterpris...

Norsk Hydro responds to ransomware attack with transparency

Last March, aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware. The attack began with an infected email and locked the files on thousands of servers and PCs. All 35,000 Norsk Hydro employees across 40 countries were affected. In the throes of this crisis, executives ma...

How to secure your IoT deployment during the security talent shortage

Businesses across industries are placing bigger and bigger bets on the Internet of Things IoT as they look to unlock valuable business opportunities. But time and time again, as I meet with device manufacturers and businesses considering IoT deployments, there are concerns over the complexity of...

Ransomware response—to pay or not to pay?

The increased connectivity of computers and the growth of Bring Your Own Device BYOD in most organizations is making the distribution of malicious software malware easier. Unlike other types of malicious programs that may usually go undetected for a longer period, a ransomware attack is usually...

Finding a common language to describe AI security threats

As artificial intelligence AI and machine learning systems become increasingly important to our lives, it’s critical that when they fail we understand how and why. Many research papers have been dedicated to this topic, but inconsistent vocabulary has limited their usefulness. In collaboration wi...

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service BITS is a component of the Windows operating...

GALLIUM: Targeting global telecom

Microsoft Threat Intelligence Center MSTIC is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need to protect...

Go passwordless to strengthen security and reduce costs

We all know passwords are inherently unsecure. They’re also expensive to manage. Users struggle to remember them. It’s why we’re so passionate about eliminating passwords entirely. Passwordless solutions, such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app, provide mor...

The quiet evolution of phishing

The battle against phishing is a silent one: every day, Office 365 Advanced Threat Protection detects millions of distinct malicious URLs and email attachments. Every year, billions of phishing emails don’t ever reach mailboxes—real-world attacks foiled in real-time. Heuristics, detonation, and...

Improve cyber supply chain risk management with Microsoft Azure

For years, Microsoft has tracked threat actors exploiting federal cyber supply chain vulnerabilities. Supply chain attacks target software developers, systems integrators, and technology companies. Tactics often include obtaining source code, build processes, or update mechanisms to compromise...

Microsoft Security—a Leader in 5 Gartner Magic Quadrants

Gartner has named Microsoft Security a Leader in five Magic Quadrants. This is exciting news that we believe speaks to the breadth and depth of our security offerings. Gartner places vendors as Leaders who demonstrate balanced progress and effort in all execution and vision categories. This means...

Spear phishing campaigns—they’re sharper than you think

Even your most security-savvy users may have difficulty identifying honed spear phishing campaigns. Unlike traditional phishing campaigns that are blasted to a large email list in hopes that just one person will bite, advanced spear phishing campaigns are highly targeted and personal. They are so...

Gartner Names Microsoft a Leader in the 2019 Enterprise Information Archiving (EIA) Magic Quadrant

We often hear from customers about the explosion of data, and the challenge this presents for organizations in remaining compliant and protecting their information. We’ve invested in capabilities across the landscape of information protection and information governance, inclusive of archiving,...

Insights from one year of tracking a polymorphic threat

A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every 20-30 minutes on thousands of devices. We gave...

Going in-depth on the Windows 10 random number generation infrastructure

Throughout the years, we've had ongoing conversations with researchers, developers, and customers around our implementation of certain security features within the Windows operating system. Most recently, we have open-sourced our cryptography libraries as a way to contribute and show our continue...

Rethinking cyber learning—consider gamification

As promised, I’m back with a follow-up to my recent post, Rethinking how we learn security, on how we need modernize the learning experience for cybersecurity professionals by gamifying training to make learning fun. Some of you may have attended the recent Microsoft Ignite events in Orlando and...

Changing security incident response by utilizing the power of the cloud—DART tools, techniques, and procedures: part 1

This is the first in a blog series discussing the tools, techniques, and procedures that the Microsoft Detection and Response Team DART use to investigate cybersecurity incidents at our customer organizations. Today, we introduce the team and give a brief overview of each of the tools that utiliz...

Zero Trust strategy—what good looks like

Zero Trust has managed to both inspire and confuse the cybersecurity industry at the same time. A significant reason for the confusion is that Zero Trust isn’t a specific technology, but a security strategy and arguably the first formal strategy, as I recently heard Dr. Chase Cunningham, Principa...

Microsoft works with researchers to detect and protect against new RDP exploits

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and...

Microsoft Cloud Security solutions provide comprehensive cross-cloud protection

The infrastructure, data, and apps built and run in the cloud are the foundational building blocks for a modern business. No matter where you are in your cloud journey, you likely utilize every layer of the cloud—from infrastructure as a service IaaS to platform as a service PaaS to software as a...

Thinking about the balance between compliance and security

Today, many organizations still struggle to adhere to General Data Protection Regulation GDPR mandates even though this landmark regulation took effect nearly two years ago. A key learning for some: being compliant does not always mean you are secure. Shifting privacy regulations, combined with...

Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM

Just a month ago, I communicated the details about Azure Sentinel reaching general availability. Since then, many customers have shared how Azure Sentinel has empowered their teams to be nimble and more efficient. ASOS, one of the largest online fashion retailers, is an excellent example of this...

Microsoft Intelligent Security Association grows to more than 80 members

Sometimes an idea sparks, and it feels so natural, so organic, that it takes on a life of its own and surprises you by how fast it grows. The Microsoft Intelligent Security Association MISA was one of these ideas. It was born out of a desire to be easy to do business with and be a better partner ...

Further enhancing security from Microsoft, not just for Microsoft

Legacy infrastructure. Bolted-on security solutions. Application sprawl. Multi-cloud environments. Company data stored across devices and apps. IT and security resource constraints. Uncertainty of where and when the next attack or leak will come, including from the inside. These are just a few of...

Microsoft announces new innovations in security, compliance, and identity at Ignite

Today, at the Microsoft Ignite Conference, we’re announcing new innovations designed to help customers across their security, compliance, and identity needs. With so much going on at Ignite this week, I want to highlight the top 10 announcements: 1. Azure Sentinel—We’re introducing new connectors...

Improve security with a Zero Trust access model

Zero Trust is a security model that I believe can begin to turn the tide in the cybersecurity battles. Traditional perimeter-based network security has proved insufficient because it assumes that if a user is inside the corporate perimeter, they can be trusted. We’ve learned that this isn't true...

Gartner names Microsoft a Leader in the 2019 Cloud Access Security Broker (CASB) Magic Quadrant

In Gartner’s third annual Magic Quadrant for Cloud Access Security Brokers CASB, Microsoft was named a Leader based on its completeness of vision and ability to execute in the CASB market. Microsoft was also identified as strongest in execution. Gartner led the industry when they defined the term...

Experts on demand: Your direct line to Microsoft security insight, guidance, and expertise

Microsoft Threat Experts is the managed threat hunting service within Microsoft Defender Advanced Threat Protection ATP that includes two capabilities: targeted attack notifications and experts on demand. Today, we are extremely excited to share that experts on demand is now generally available a...

IoT security will set innovation free: Azure Sphere general availability scheduled for February 2020

Today, at the IoT Solutions World Congress, we announced that Azure Sphere will be generally available in February of 2020. General availability will mark our readiness to fulfill our security promise at scale, and to put the power of Microsoft’s expertise to work for our customers every day—by...

Traditional perimeter-based network defense is obsolete—transform to a Zero Trust model

Digital transformation has made the traditional perimeter-based network defense obsolete. Your employees and partners expect to be able to collaborate and access organizational resources from anywhere, on virtually any device, without impacting their productivity. Customers expect personalized...

Microsoft and partners design new device security requirements to protect against targeted firmware attacks

Recent developments in security research and real-world attacks demonstrate that as more protections are proactively built into the OS and in connected services, attackers are looking for other avenues of exploitation with firmware emerging as a top target. In the last three years alone, NIST’s...

Best practices for adding layered security to Azure security with Check Point’s CloudGuard IaaS

The cloud is changing the way we build and deploy applications. Most enterprises will benefit from the cloud’s many advantages through hybrid, multi, or standalone cloud architectures. A recent report showed that 42 percent of companies have a multi-cloud deployment strategy. The advantages of th...

Top 6 email security best practices to protect against phishing attacks and business email compromise

Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency...

Guarding against supply chain attacks—Part 1: The big picture

Every day, somewhere in the world, governments, businesses, educational organizations, and individuals are hacked. Precious data is stolen or held for ransom, and the wheels of “business-as-usual” grind to a halt. These criminal acts are expected to cost more than $2 trillion in 2019, a four-fold...

Microsoft’s 4 principles for an effective security operations center

The Microsoft Cyber Defense Operations Center CDOC fields trillions of security signals every day. How do we identify and respond to the right threats? One thing that won’t surprise you: we leverage artificial intelligence AI, machine learning, and automation to narrow the focus. But technology i...