Automated incident response in Office 365 ATP now generally available

Credit to Author: Todd VanderArk| Date: Mon, 09 Sep 2019 16:00:37 +0000

Powerful automation capabilities help improve the effectiveness and efficiency of investigating and responding to Office 365 alerts.

The post Automated incident response in Office 365 ATP now generally available appeared first on Microsoft Security.

Read more

Deep learning rises: New methods for detecting malicious PowerShell

Credit to Author: Eric Avena| Date: Tue, 03 Sep 2019 16:00:03 +0000

We adopted a deep learning technique that was initially developed for natural language processing and applied to expand Microsoft Defender ATP’s coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector.

The post Deep learning rises: New methods for detecting malicious PowerShell appeared first on Microsoft Security.

Read more

Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant

Credit to Author: Eric Avena| Date: Fri, 23 Aug 2019 16:00:40 +0000

Gartner named Microsoft a Leader in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms positioned highest in execution

The post Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack appeared first on Microsoft Security.

Read more

The evolution of Microsoft Threat Protection—July update

Credit to Author: Todd VanderArk| Date: Mon, 29 Jul 2019 16:00:50 +0000

Learn about the latest enhancements to Microsoft Threat Protection, the premier solution for securing the modern workplace across identities, endpoints, user data, apps, and infrastructure.

The post The evolution of Microsoft Threat Protection—July update appeared first on Microsoft Security.

Read more

New machine learning model sifts through the good to unearth the bad in evasive malware

Credit to Author: Eric Avena| Date: Thu, 25 Jul 2019 16:30:55 +0000

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.

The post New machine learning model sifts through the good to unearth the bad in evasive malware appeared first on Microsoft Security.

Read more

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP next-generation protection exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack appeared first on Microsoft Security.

Read more

Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time

Credit to Author: Eric Avena| Date: Tue, 02 Jul 2019 16:00:13 +0000

I’m excited to announce that Microsoft’s Threat & Vulnerability Management solution is generally available as of June 28! We have been working closely with customers for more than a year to incorporate their real needs and feedback to better address vulnerability management. Our goal is to empower defenders with the tools they need to better…

The post Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time appeared first on Microsoft Security.

Read more

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

Credit to Author: Eric Avena| Date: Mon, 24 Jun 2019 15:00:55 +0000

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Multiple next-generation protection engines to detect and stop a wide range of threats and attacker techniques at multiple points, providing industry-best detection and blocking capabilities.

The post Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection appeared first on Microsoft Security.

Read more

New browser extensions for integrating Microsoft’s hardware-based isolation

Credit to Author: Eric Avena| Date: Thu, 23 May 2019 15:50:07 +0000

The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox. We introduced the container technology in 2017. Since then, we have been evolving the technology and engaging with customers to understand how hardware-based isolation can best help…

The post New browser extensions for integrating Microsoft’s hardware-based isolation appeared first on Microsoft Security.

Read more

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Credit to Author: Eric Avena| Date: Thu, 09 May 2019 17:29:45 +0000

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.

The post Detecting credential theft through memory access modelling with Microsoft Defender ATP appeared first on Microsoft Security.

Read more