Industry-wide partnership on threat-informed defense improves security for all

Credit to Author: Eric Avena| Date: Wed, 16 Sep 2020 16:00:39 +0000

MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). Microsoft is proud to be part of this industry-wide collaborative project.

The post Industry-wide partnership on threat-informed defense improves security for all appeared first on Microsoft Security.

Read more

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

Credit to Author: Jim Flack| Date: Tue, 15 Sep 2020 16:00:22 +0000

We’re excited to release a new tool called OneFuzz, an extensible fuzz testing framework for Azure.

The post Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale appeared first on Microsoft Security.

Read more

Force firmware code to be measured and attested by Secure Launch on Windows 10

Credit to Author: Eric Avena| Date: Tue, 01 Sep 2020 16:00:54 +0000

For important security features on Windows to properly do their jobs, the platform’s firmware and hardware must be trustworthy and healthy. Learn about Secure Launch, which leverages the principle of Dynamic Root of Trust for Measurement (DRTM), and System Management Mode (SMM) protection.

The post Force firmware code to be measured and attested by Secure Launch on Windows 10 appeared first on Microsoft Security.

Read more

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

Credit to Author: Eric Avena| Date: Thu, 27 Aug 2020 16:00:27 +0000

Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.

The post Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning appeared first on Microsoft Security.

Read more

Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics

Credit to Author: Eric Avena| Date: Wed, 29 Jul 2020 16:30:03 +0000

Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains. It connects related existing alerts and generates additional alerts where suspicious events that could otherwise be missed can be detected.

The post Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics appeared first on Microsoft Security.

Read more

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

Credit to Author: Eric Avena| Date: Thu, 23 Jul 2020 16:00:53 +0000

Learn how we’re using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times.

The post Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection appeared first on Microsoft Security.

Read more

Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents

Credit to Author: Eric Avena| Date: Thu, 09 Jul 2020 16:00:27 +0000

The incidents view in Microsoft Threat Protection empowers SOC analysts by automatically fusing attack evidence and providing a consolidated view of an attack chain and affected assets, as well as a single-click remediation with easy-to-read analyst workflows.

The post Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents appeared first on Microsoft Security.

Read more

Introducing Kernel Data Protection, a new platform security technology for preventing data corruption

Credit to Author: Eric Avena| Date: Wed, 08 Jul 2020 17:30:05 +0000

Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.

The post Introducing Kernel Data Protection, a new platform security technology for preventing data corruption appeared first on Microsoft Security.

Read more