Step 10. Detect and investigate security incidents: top 10 actions to secure your environment

"Step 10. Detect and investigate security incidents" is the final installment in the Top 10 actions to secure your environment blog series. Here we walk you through how to set up Azure Advanced Threat Protection Azure ATP to secure identities in the cloud and on-premises. Azure ATP is a service i...

Secure your journey to the cloud with free DMARC monitoring for Office 365

Not knowing who is sending email “from” your organization is an enormous problem for IT managers for two reasons. One problem is “shadow IT”—cloud services that employees have signed up for without IT oversight. Many of these services send mail—to employees, customers, or marketing prospects—whic...

Demystifying Password Hash Sync

This blog is part of a series of posts providing a behind-the-scenes look of Microsoft’s Detection and Response Team DART. While responding to cybersecurity incidents around the world, DART engages with customers who are wary about using Password Hash Sync PHS or are not utilizing this service’s...

Uncovering Linux based cyberattack using Azure Security Center

As more and more enterprises move to the cloud, they also bring their own set of security challenges. Today, almost half of Azure virtual machines VMs are running on Linux, and as the Linux server population grows, so are the attacks targeting them. As detection capabilities advance, attackers ar...

UK launches cyberstrategy with long-term relevance

Like most major global economies, the United Kingdom continues to place cybersecurity issues front and center. The National Cyber Security Strategy: 2016-2021 document—published by the UK Government and released nearly two years ago—describes the plan to make the UK secure and resilient in...

New browser extensions for integrating Microsoft’s hardware-based isolation

The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox. We introduced the container technology in 2017. Since then, we have been evolving the technology and...

Step 9. Protect your OS: top 10 actions to secure your environment

In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection Microsoft Defender ATP to defend your Windows, macOS, Linux, iOS, and Android devices from advanced threats. In an...

Ovum recommends Microsoft security to safeguard your hybrid and multi cloud environments

According to a new Ovum report, "Azure Sentinel…positions Microsoft to be a force for change in a security information and events management SIEM market that is ripe for disruption at the moment." As enterprises migrate to the cloud, they’re increasingly operating on-premises and cloud environmen...

Announcing the all new Attack Surface Analyzer 2.0

Few of us know what is really happening on our systems when we install new software from new or untrusted sources. This is important because most installation processes require elevated privileges, which can lead to undesired system configuration changes. Knowing what changes have been made is...

Decentralized identity and the path to digital privacy

Security is the central challenge of the digital age. Our digital lives have moved into the cloud. People now use multiple devices to connect to multiple applications through many different networks. Just about everything is connected to the internet, where threats remain constant and evolving. I...

Executing on the vision of Microsoft Threat Protection

Over the last several months, we’ve provided regular updates on the rapid progress we’re making with Microsoft Threat Protection, which enables your organization to: Protect your assets with identity-driven security and powerful conditional access policies which ensure your assets are secured fro...

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Stealing user credentials is a key step for attackers to move laterally across victim networks. In today’s attacks, we see a range of tools used to achieve credential theft, requiring protections that target the root behavior and not just individual known tools as is often done by traditional...

Safeguard your most sensitive data with Microsoft 365

I am Security Operations’ SecOps worst nightmare. Or at least I used to be. As an industrious product marketer, I often share intellectual property think: details of new product capabilities or spreadsheets that contain customer personal identifying information PII with colleagues and vendors. We...

3 investments Microsoft is making to improve identity management

As a large enterprise with global reach, Microsoft has the same security risks as its customers. We have a distributed, mobile workforce who access corporate resources from external networks. Many individuals struggle to remember complex passwords or reuse one password across many accounts, which...

Identity enhancements to support the more than 1 million active third-party applications on our platform

This week at //build 2019, we’re announcing several enhancements to our identity platform for developers. These enhancements are designed to support the more than one million active third-party applications using our identity platform each month and include: Our work to unify the Microsoft identi...

Developing connected security solutions

Many organizations deploy dozens of security products and services from Microsoft and others to combat increasing cyberthreats. As a result, the ability to quickly extract value from these solutions has become more challenging. This creates opportunity for developers to build solutions that augme...

Get security beyond Microsoft products with Microsoft 365

Over time, organizations and individuals acquire stuff. Things we love and things we need. Things we don’t need but can’t seem to get rid of. I was confronted with this challenge when we bought a 1908 craftsman home. How could I make my beloved modern furniture and mandatory kid-friendly gear wor...

Updates for Microsoft 365 help strengthen data privacy

As data continues to grow exponentially and travel across organizational boundaries, privacy and compliance professionals play an increasingly strategic role within organizations. Several updates—announced today—for Microsoft 365 provide organizations with more control and options to strengthen...

Understand and improve your security posture with Microsoft 365

I kickstarted 2019 with a “dry,” keto January. And, as so often happens, I found a parallel between my personal life and my chosen industry, cybersecurity. In this case, it was measurement. How do you know if you’re healthy? There are clear indicators when you’re not healthy, such as a sore throa...

Oversharing and safety in the age of social media

Many years ago, I worked with healthcare organizations to install infrastructure to support the modernization of their information systems. As I traversed hospitals – both in public and private sectors – I was often struck by one particular best practice: the privacy reminders were ubiquitous. If...

The evolution of Microsoft Threat Protection, April update

Microsoft Threat Protection continues to energize the threat protection market with our most recent announcements. Customers are excited about the launch of Microsoft Defender Advanced Threat Protection ATP, which extends Microsoft’s best in class endpoint security to Mac and adds powerful new...

Lessons learned from the Microsoft SOC—Part 2: Organizing people

In the second post in our series, we focus on the most valuable resource in the security operations center SOC—our people. This series is designed to share our approach and experience with operations, so you can use what we learned to improve your SOC. In Part 1: Organization, we covered the SOC’...

Defend your digital landscape with Microsoft 365

What is it about the middle of the night that brings our fears to the surface? For me, it’s the unknown dangers that may confront my young daughter and how I will protect her. Fear of the unknown can also disrupt the sleep of a chief information security officer CISO who worries about the...

Discover and manage shadow IT with Microsoft 365

While IT teams methodically plan corporate adoption of cloud services, the rest of us have dived in headfirst. Ten years ago, a vendor shared a video file with me via Dropbox because it was too big to email. It was my first experience with a cloud file sharing service, and when I realized I could...

Introducing the security configuration framework: A prioritized guide to hardening Windows 10

In the past, we left defining the security configuration for Windows 10 as a task for every customer to sort out. As a result, we saw as many different configurations as we saw customers. Standardization has many advantages, so we developed a security configuration framework to help simplify...

Forcepoint DLP integration with Microsoft Information Protection—protecting your critical data

Many organizations are undergoing a rapid digital transformation that is challenging their traditional approach to data security. Organizations in highly regulated industries or who partner with organizations in regulated industries are often faced with accelerated timelines and requirements to...

4 tried-and-true prevention strategies for enterprise-level security

Why is it that dentists advise people over and over to floss, yet so few do it? It only takes a minute of your time, yet if you’re running late or feeling tired, you may be tempted to skip it. That is until you remember your upcoming teeth cleaning appointment. There is nothing like the memory of...

Building the security operations center of tomorrow—better insights with compound detection

In the physical world, humans are fantastic at connecting low quality signals into high quality analysis. Consider speaking with someone in a crowded place. You may not hear every word they say, but because you are fluent in the language and can piece together context from the words, you can hear...

Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability

In early March, we discovered a cyberattack that used an exploit for CVE-2018-20250, an old WinRAR vulnerability disclosed just several weeks prior, and targeted organizations in the satellite and communications industry. A complex attack chain incorporating multiple code execution techniques...

Step 8. Protect your documents and email: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 8. Protect your documents and email,” you’ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat...

The language of InfoSec

As the cybersecurity industry has evolved, one dynamic has remained consistent: our industry-"speak". We use a language that is very unique, difficult for new folks to understand, and oftentimes just plain sensationalistic. While any industry has its own technical terms, our language can also be ...

Steer clear of tax scams

In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two weeks leading up to it, when about 25...

Secure access to your enterprise with Microsoft 365 Enterprise E5

Most lessons in cybersecurity are born out of necessity. In this case, it was my need for a haircut. Last weekend, I was reminded why it’s time to rethink the conventional wisdom about secure passwords and user access. I was making an appointment online and at the very end of the process, the...

Announcing new capabilities for the Microsoft Azure Security Center

Microsoft Azure Security Center—the central hub for monitoring and protecting against related incidents within Azure—has released new capabilities. The following features—announced at Hannover Messe 2019—are now generally available for the Azure Security Center: Advanced Threat Protection for Azu...

Announcing the Microsoft Graph Security Hackathon winners

Bringing together information from multiple disconnected security systems to solve today’s security challenges is complex. We recently asked Microsoft Graph Security Hackathon participants to come up with innovative solutions using the Microsoft Graph Security API, and they did not disappoint. We...

Step 7. Discover shadow IT and take control of your cloud apps: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 7. Discover shadow IT and take control of cloud apps,” you’ll learn how to set up Microsoft Cloud App Security MCAS to identify, access...

DART: the Microsoft cybersecurity team we hope you never meet

If you spent 270 days away from home, not on vacation, you’d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, I know it’s because one of our customers is in need. It means there is a security compromise and they may ...

From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw

With Microsoft continuously improving kernel mitigations and raising the bar for exploiting native kernel components, third-party kernel drivers are becoming a more appealing target for attackers and an important area of research for security analysts. A vulnerability in a signed third-party driv...

Announcing Microsoft Defender ATP for Mac and new Threat and Vulnerability Management capabilities

On February 28, 2019, we announced Microsoft Threat Experts, a new managed hunting service within the Microsoft 365 Security portfolio that enables customers to extend their expertise and insights with the help of Microsoft security professionals. This release showcased our philosophy that securi...

5 steps financial institutions can take to reduce their cybercrime risk

When it comes to cybersecurity, financial institutions are uniquely challenged as they are often a target for hackers. My customers rightly worry about exposing their business and the broader financial system to a security breach. Some are reticent to adopt new technology that will help them stay...

Recommendations for deploying the latest Attack surface reduction rules for maximum impact

The keystone to good security hygiene is limiting your attack surface. Attack surface reduction is a technique to remove or constrain exploitable behaviors in your systems. In this blog, we discuss the two attack surface reduction rules introduced in the most recent release of Windows and cover...

Lessons learned from the Microsoft SOC—Part 1: Organization

We’re frequently asked how we operate our Security Operations Center SOC at Microsoft particularly as organizations are integrating cloud into their enterprise estate. This is the first in a three part blog series designed to share our approach and experience, so you can use what we learned to...

Why the Pipeline Cybersecurity Initiative is a critical step

It’s well known by now that pipeline attacks and attacks on utilities of all kinds have been an unfortunately well-trodden path by cyber-adversaries in numerous countries for a few years now. These types of attacks are not theoretical, and the damage done to date—as well as the potential damage—i...

Step 5. Set up mobile device management: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 5. Set up mobile device management,” you’ll learn how to plan your Microsoft Intune deployment and set up Mobile Device Management MDM ...

The evolution of Microsoft Threat Protection, February update

February is an exciting month of enhancements for Microsoft Threat Protection. For those who have followed our monthly updates November, December, and January, you’re aware that Microsoft Threat Protection helps provide users optimal security from the moment they sign in, use email, work on...

Solving the TLS 1.0 problem

The use of Transport Layer Security TLS encryption for data in transit is a common way to help ensure the confidentiality and integrity of data transmitted between devices, such as a web server and a computer. However, in recent years older versions of the protocol have been shown to have...

Securing the future of AI and machine learning at Microsoft

Artificial intelligence AI and machine learning are making a big impact on how people work, socialize, and live their lives. As consumption of products and services built around AI and machine learning increases, specialized actions must be undertaken to safeguard not only your customers and thei...

Announcing the new Security Engineering website

To meet users’ expectations for security when using a product or cloud service, security must be an integral part of all aspects of the lifecycle. We all know this, and yet time has proven that this is far easier said than done because there is no single approach nor silver bullet that works in...

Defending critical infrastructure is imperative

The Cybersecurity Tech Accord’s upcoming webinar and the importance of public-private partnership Today, cyberattacks from increasingly sophisticated actors threaten organizations across every sector, and whether a Fortune 500 company or a local bakery, organizations of all sizes need to take ste...

CISO series: Talking cybersecurity with the board of directors

In today’s threat landscape, boards of directors are more interested than ever before in their company's cybersecurity strategy. If you want to maintain a board’s confidence, you can’t wait until after an attack to start talking to them about how you are securing the enterprise. You need to engag...