Microsoft gains strong customer and analyst momentum in the Cloud Access Security Brokers (CASB) market

After a strong year of product updates and innovations, were excited to so see that Microsoft jumped into the Challenger position in Gartners 2018 Magic Quadrant for Cloud Access Security Brokers CASB and solidified its leadership position in KuppingerColes 2018 Leadership Compass in the same...

Best practices for securely using Microsoft 365—the CIS Microsoft 365 Foundations Benchmark now available

This post was cowritten by Jonathan Trull, Chief Security Advisor, Cybersecurity Solutions Group, and Sean Sweeney, Chief Security Advisor, Cybersecurity Solutions Group. Were excited to announce the availability of the Center for Internet Securitys CIS Microsoft 365 Foundations Benchmarkdevelope...

Guide to Developing a National Cybersecurity Strategy—a resource for policymakers to respond to cybersecurity challenges

Nations from every corner of the world are increasingly leveraging digital transformation to grow their economies and empower businesses to improve services, including vital services provided by critical infrastructures. This adoption of new information communications technologies ICT has...

Be careful of data without context: The case of malware scanning of journaled emails

Recently, we shared details on how effectiveness is measured for Office 365 Exchange Online Protection EOP and Advanced Threat Protection ATP. We also followed up with a comprehensive update on Office 365s improved ability to stop phishing emails from impacting users. These reports highlighted:...

Two new Microsoft 365 offerings help address security and compliance needs

Today, were introducing two new offerings to help address the security and compliance needs in an age of increasingly sophisticated cybersecurity threats as well as complex information protection needs due to regulations like GDPR. The new Identity & Threat Protection and Information Protection &...

The challenges of adopting a consistent cybersecurity framework in the insurance industry

As hacking events have increased in number and severity, we in the cybersecurity community have united around common strategies that all organizations can implement to reduce their risk. Universal best practices provide organizations with many useful tools to protect their businesses. But what...

Windows Defender ATP has protections for USB and removable devices

Meet Jimmy. Jimmy is an employee in your company. He Does Things With Computers official title. Last Wednesday, as Jimmy got out of his car after parking in the company-owned parking lot, he saw something on the ground. That something is a 512GB USB flash drive! Jimmy picks up the drive, whistlin...

Tackling phishing with signal-sharing and machine learning

Across services in Microsoft Threat Protection, the correlation of security signals enhances the comprehensive and integrated security for identities, endpoints, user data, cloud apps, and infrastructure. Our industry-leading visibility into the entire attack chain translates to enriched protecti...

The AI cybersecurity impact for IoT

I meet with customers around the globe in all sectorsbanks with ATM networks, energy companies with critical infrastructure, natural resource companies with remote automated operations, healthcare organizations with medical devices, manufacturing companies with production environmentsand they all...

Zero Trust part 1: Identity and access management

Once in a while, a simple phrase captures our imagination, expressing a great way to think about a problem. Zero Trust is such a phrase. Today, Ill define Zero Trust and then discuss the first step to enabling a Zero Trust modelstrong identity and access management. In subsequent blogs, well cove...

Step 2. Manage authentication and safeguard access: top 10 actions to secure your environment

This series outlines the most fundamental steps you can take with your investment in Microsoft 365 security solutions. We will provide advice on activities such as setting up identity management through active directory, malware protection, and more. In this post, we explain how to enable single...

Microsoft AI competition explores the next evolution of predictive technologies in security

Predictive technologies are already effective at detecting and blocking malware at first sight. A new malware prediction competition on Kaggle will challenge the data science community to push these technologies even furtherto stop malware before it is even seen. The Microsoft-sponsored competiti...

The evolution of Microsoft Threat Protection, December update

December was another month of significant development for Microsoft Threat Protection capabilities. As a quick recap, Microsoft Threat Protection is an integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and infrastructure. Last month, we shared...

Voice of the Customer: The Walsh Group found that Azure Active Directory gives them a competitive edge

Peter Vallianatos, director of IT Infrastructure and Security, and Phillip Nottoli, director of Enterprise Architecture at The Walsh Group. Hello! This is Sue Bohn from the Customer & Partner Success team for the Identity Division. Im delighted to announce the next post in our Voice of the Custom...

CISO series: Strengthen your organizational immune system with cybersecurity hygiene

One of the things I love about my job is the time I get to spend with security professionals, learning firsthand about the challenges of managing security strategy and implementation day to day. There are certain themes that come up over and over in these conversations. My colleague Ken Malcolmso...

Step 1. Identify users: top 10 actions to secure your environment

This series outlines the most fundamental steps you can take with your investment in Microsoft 365 security solutions. Well provide advice on activities such as setting up identity management through active directory, malware protection, and more. In this post, we explain how to create a single...

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine...

Kicking off the Microsoft Graph Security Hackathon

Cybersecurity is one of the hottest sectors in tech with Gartner forecasting worldwide information spending to exceed $124 billion by the end of 2019. New startups and security solutions are coming onto the market while attackers continue to find new ways to breach systems. The security solutions...

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted public sector institutions and...

CISO series: Secure your privileged administrative accounts with a phased roadmap

In my role, I often meet with CISOs and security architects who are updating their security strategy to meet the challenges of continuously evolving attacker techniques and cloud platforms. A frequent topic is prioritizing security for their highest value assets, both the assets that have the mos...

Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks

Several weeks ago, the Windows Defender Advanced Threat Protection Windows Defender ATP team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia. Given the target region and verticals, the attack chain, and the toolsets...

How to help maintain security compliance

This is the last post in our eight-blog series on deploying Intelligent Security scenarios. To read the previous entries, check out the Deployment series page. Your employees need to access, generate, and share organizational information ranging from extremely confidential to informal; you must...

What’s new in Windows Defender ATP

Across Windows Defender Advanced Threat Protection Windows Defender ATP engineering and research teams, innovation drives our mission to protect devices in the modern workplace. Our goal is to equip security teams with the tools and insights to protect, detect, investigate, and automatically...

The evolution of Microsoft Threat Protection, November update

At Ignite 2018, we announced Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure Figure 1. The foundation of the solution is the Microsoft Intelligent Security Graph, which...

CISO series: Lessons learned—4 priorities to achieve the largest security improvements

In my past life as CISO, Ive worked for small companies, state governments, and large enterprises, and one thing that has been true at all of them is that there is an infinite number of security initiatives in each organization you could implement, yet the resources to accomplish those tasks are...

Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specif...

CISO series: Build in security from the ground up with Azure enterprise

As an executive security advisor at Microsoft and a former CISO, I meet with other CISOs every week to discuss cybersecurity, cloud architecture, and sometimes everything under the sun regarding technology. During these discussions with CISOs and other senior security executives of large...

How to share content easily and securely

This is the seventh post in our eight-blog series on deploying Intelligent Security scenarios. To read the previous entries, check out the Deployment series page. Cumbersome restrictions and limitations on mobile devices, apps, and remote access can be taxing from an IT perspective and frustratin...

Windows Defender Antivirus can now run in a sandbox

Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to lead the industry in raisin...

CISO series: Partnering with the C-Suite on cybersecurity

In my last blog, we looked at five communication techniques that can help engage business managers in the work of cybersecurity. This week, well look at how to use those techniques to bring the C-Suite into the conversation. Not too long ago, I was speaking with the CIO of a large company some...

Top 10 security steps in Microsoft 365 that political campaigns can take today

The increasing frequency of cyberattacks make clear that more must be done to protect key democratic institutions from cyber-enabled interference. Withjust a fewweeks left before theU.S.midtermelections and early voting under way,campaignsmust stay vigilant in protecting against cyberattacks to...

Take steps to secure your business and users with our security business assessment

Businesses can no longer afford to take cybersecurity for granted. You cant read the news without seeing a splashy headline about a successful hack or data breach at a well-known company. However, this isnt just a problem for large enterprisesincreasingly small and medium-sized businesses are...

Voice of the Customer: Walmart embraces the cloud with Azure Active Directory

Todays post was written by Sue Bohn, partner director of Program Management and Ben Byford and Gerald Corson, senior directors of Identity and Access Management at Walmart. Greetings! Im Sue Bohn, partner director of Program Management at Microsoft. Im an insatiable, lifelong learner and I lead t...

CISO series: Building a security-minded culture starts with talking to business managers

Cybersecurity is everyones business; protecting the company and its users against data leaks is no longer just the responsibility of IT and security operations. Everyone from the board to Firstline Workers has an important role to play. A culture that encourages individuals to believe they have a...

How Office 365 learned to reel in phish

Today's post was coauthored by Debraj Ghosh, Senior Product Marketing Manager, and Jason Rogers, Principal Group Program Manager at Microsoft. We recently reported how we measure catch rates of malicious emails for Office 365 Exchange Online Protection EOP available with any Office 365 subscripti...

Secure file storage

This is a blog series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out Collaborate Securely, the fifth...

Making it real—harnessing data gravity to build the next gen SOC

This post was coauthored by Diana Kelley, Cybersecurity Field CTO, andSin John,EMEA Chief Security Advisor, Cybersecurity Solutions Group. In our first blog, Diana and I talked about the concept of data gravity and how it could, conceptually, help organizations take a more cloud-ready approach to...

Microsoft partners with DigiCert to begin deprecating Symantec TLS certificates

Starting in September 2018, Microsoft began deprecating the SSL/TLS capability of Symantec root certificates due to compliance issues. Google, Mozilla, and Apple have also announced deprecation plans related to Symantec SSL/TLS certificates. Symantec cryptographic certificates are used in critica...

Ignite 2018 highlights: password-less sign-in, confidential computing, new threat protection, and more

What a week it was in Orlando! Ignite is always a biggie, and this one was no exception. For all of us here at Microsoft who get to work on security, spending time with customers to learn how you are using our security products today and to share new innovations to come is a highlight. At this...

Collaborate securely

This is a blog series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out Protecting user identities, the...

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV

Consider this scenario: Two never-before-seen, heavily obfuscated scripts manage to slip past file-based detection and dynamically load an info-stealing payload into memory. The scripts are part of a social engineering campaign that tricks potential victims into running the scripts, which use the...

Delivering security innovation that puts Microsoft’s experience to work for you

Cybersecurity is the central challenge of our digital age. Without it, everything from our personal email accounts and privacy to the way we do business, and all types of critical infrastructure, are under threat. As attackers evolve, staying ahead of these threats is getting harder. Microsoft ca...

Get deeper into security at Microsoft Ignite 2018

This year at Microsoft Ignite, we will be making some exciting announcementsfrom new capabilities for identity management and information protection to powerful artificial intelligence AI innovations that can help you stay ahead of an often overwhelming surge in threats and security alerts. Join ...

Office VBA + AMSI: Parting the veil on malicious macros

As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface AMSI, enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. Macro-based threats...

Small businesses targeted by highly localized Ursnif campaign

Cyber thieves are continuously looking for new ways to get people to click on a bad link, open a malicious file, or install a poisoned update in order to steal valuable data. In the past, they cast as wide a net as possible to increase the pool of potential victims. But attacks that create a lot ...

Practical application of artificial intelligence that can transform cybersecurity

As I write this blog post, Im sitting by the beach on my computer in a sunny destination while my family plays in the water. Were on vacation, but we all have our own definition of fun. For me its writing blogs on the beachreally! The headspace is outstanding for uninterrupted thinking time and...

Protecting user identities

This is a blog series that responds to common questions we receive from customers about the deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out Cybersecurity threats: How ...

Building the security operations center of tomorrow—harnessing the law of data gravity

This post was coauthored by Diana Kelley, Cybersecurity Field CTO, and Sin John, EMEA Chief Security Advisor, Cybersecurity Solutions Group. Youve got a big dinner planned and your dishwasher goes on the fritz. You call the repair company and are lucky enough to get an appointment for that...

Partnering with the industry to minimize false positives

Every day, antivirus capabilities in Windows Defender Advanced Threat Protection Windows Defender ATP protect millions of customers from threats. To effectively scale protection, Windows Defender ATP uses intelligent systems that combine multiple layers of machine learning models, behavior-based...

Finding the signal of community in all the noise at Black Hat

I dont know about you, but I find large conferences overwhelming. Dont get me wrong, nothing beats the innovative potential of bringing a diverse group of brilliant people together to hash through thorny issues and share insights. But there are so many speakers, booths, and people, it can be a...