{"id":15394,"date":"2019-05-24T19:00:59","date_gmt":"2019-05-25T03:00:59","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/05\/24\/news-9143\/"},"modified":"2019-05-24T19:00:59","modified_gmt":"2019-05-25T03:00:59","slug":"news-9143","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/05\/24\/news-9143\/","title":{"rendered":"Executing on the vision of Microsoft Threat Protection"},"content":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Tue, 14 May 2019 16:00:48 +0000<\/strong><\/p>\n<p>Over the last several months, we\u2019ve provided regular updates on the rapid progress we\u2019re making with <a href=\"https:\/\/www.microsoft.com\/security\/blog\/the-evolution-of-microsoft-threat-protection\/\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Protection<\/a>, which enables your organization to:<\/p>\n<ul>\n<li><strong>Protect your assets<\/strong> <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/04\/25\/microsoft-threat-protection-april-update\/\" target=\"_blank\" rel=\"noopener\">with identity-driven security and powerful conditional access policies<\/a> which ensure your assets are secured from unauthorized users, devices, or apps.<\/li>\n<li><strong>Connect the dots<\/strong> between disparate threat signals and develop <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/See-How-Microsoft-Threat-Protection-is-the-Future-of-threat\/ba-p\/360197\" target=\"_blank\" rel=\"noopener\">threat incidents<\/a> by grouping alerts from different parts of your environment, stitching together the elements of a threat.<\/li>\n<li><strong>Empower your defenders<\/strong>, providing in-depth analysis to identify the full scope and impact of a threat.<\/li>\n<\/ul>\n<p>We support these capabilities by offering you <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/securitycompliance\/automated-investigation-response-office\" target=\"_blank\" rel=\"noopener\">intelligent automation<\/a> as well as <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/02\/28\/announcing-microsoft-threat-experts\/\" target=\"_blank\" rel=\"noopener\">human expertise<\/a> to quickly resolve situations and keep your business running. I recently shared our vision of Microsoft Threat Protection with Jeremy Chapman in a Microsoft Mechanics video broadcast:<\/p>\n<div class=\"wds-base64-el\" data-tag=\"PHA+PGlmcmFtZSBzcmM9Imh0dHBzOi8vd3d3LnlvdXR1YmUuY29tL2VtYmVkLzNnZTFhQW0xalgwIiB3aWR0aD0iOTAwIiBoZWlnaHQ9IjUwMCIgZnJhbWVib3JkZXI9IjAiIGFsbG93ZnVsbHNjcmVlbj0iYWxsb3dmdWxsc2NyZWVuIj48c3BhbiBjbGFzcz0ibWNlX1NFTFJFU19zdGFydCIgc3R5bGU9IndpZHRoOiAwcHg7IGxpbmUtaGVpZ2h0OiAwOyBvdmVyZmxvdzogaGlkZGVuOyBkaXNwbGF5OiBpbmxpbmUtYmxvY2s7IiBkYXRhLW1jZS10eXBlPSJib29rbWFyayI+77u\/PC9zcGFuPjwvaWZyYW1lPjwvcD4=\"><\/div>\n<p>We strongly believe in our vision and are confident our customers will benefit from enhanced security with Microsoft Threat Protection as we continue adding capabilities with unstoppable momentum. Today, I want to spend time highlighting what Microsoft Threat Protection <em>can already do for you<\/em>. While we\u2019re very excited about the vision and pushing towards releasing more features, it\u2019s important to share the significant advantages which are already available with Microsoft Threat Protection <strong>today<\/strong>. I\u2019m going to use a real example of a common, yet lethal, threat type to showcase how Microsoft Threat Protection already makes your organization more secure.<\/p>\n<h3>Executing on our vision<\/h3>\n<p>The more threats we see, the more we can stop. This virtual cycle means that each threat we see helps further enhance our machine learning models, which in turn improves our ability to stop subsequent threats. As we\u2019ve shared in the past, the <a href=\"http:\/\/cloud-platform-assets.azurewebsites.net\/intelligent-security-graph\/\" target=\"_blank\" rel=\"noopener\">Microsoft Intelligent Security Graph<\/a> (Figure 1) enables us to see billions of threats and assess 6.5 <em>trillion<\/em> signals daily. Importantly, we don\u2019t only see a large quantity of threats, but we also see threats from a wide variety of sources. Through the Intelligent Security Graph, threat signals are seamlessly shared across all the services in Microsoft Threat Protection, providing comprehensive security across multiple attack vectors.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-1.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89407 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-1.png\" alt=\"Infographic of the strength of signal offered by the Microsoft Intelligent Security Graph.\" width=\"2035\" height=\"1164\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-1.png 2035w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-1-300x172.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-1-768x439.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-1-1024x586.png 1024w\" sizes=\"auto, (max-width: 2035px) 100vw, 2035px\" \/><\/a><\/p>\n<p><em>Figure 1. The strength of signal offered by the Microsoft Intelligent Security Graph.<\/em><\/p>\n<p>A <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/12\/19\/tackling-phishing-with-signal-sharing-and-machine-learning\/\" target=\"_blank\" rel=\"noopener\">great example<\/a> of how Microsoft Threat Protection is already executing on its promised vision is how we address phishing campaigns. Phishing has been on a steady rise over the last few years. As the provider of one of the largest email services on the planet, we expect to be a primary target for attacks. In 2018 alone, Microsoft\u2019s analysts analyzed (Figure 2) over 300,000 phishing campaigns and 8 million business email compromise (BEC) attempts.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89420 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Figure-2-Phishing-campaigns-and-BEC-attempt-in-2018-JPG.jpg\" alt=\"Infographic showing data from Office 365 security analysts on the phishing campaigns and BEC attempts from 2018.\" width=\"1067\" height=\"389\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Figure-2-Phishing-campaigns-and-BEC-attempt-in-2018-JPG.jpg 1067w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Figure-2-Phishing-campaigns-and-BEC-attempt-in-2018-JPG-300x109.jpg 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Figure-2-Phishing-campaigns-and-BEC-attempt-in-2018-JPG-768x280.jpg 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Figure-2-Phishing-campaigns-and-BEC-attempt-in-2018-JPG-1024x373.jpg 1024w\" sizes=\"auto, (max-width: 1067px) 100vw, 1067px\" \/><\/p>\n<p><em>Figure 2. Data from Office 365 security analysts on the phishing campaigns and BEC attempts from 2018.<\/em><\/p>\n<p>While these numbers can be worrisome, Microsoft Threat Protection <em>is designed<\/em> to secure your organization from phishing, whether the campaign attacks the endpoint, email, or through the web. In a <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/12\/19\/tackling-phishing-with-signal-sharing-and-machine-learning\/\" target=\"_blank\" rel=\"noopener\">recent campaign<\/a>, anomaly detection algorithms in\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/windowsforbusiness\/windows-atp?ocid=cx-blog-mmpc\" target=\"_blank\" rel=\"noopener\">Microsoft Defender Advanced Threat Protection (ATP)<\/a>\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-antivirus\/windows-defender-antivirus-in-windows-10\" target=\"_blank\" rel=\"noopener\">next-generation protection<\/a> pointed to multiple PDF files <em>that <\/em>\u00a0<em>Microsoft could detect<\/em>. We were the only organization able to detect these phish PDFs because we leveraged the knowledge from multiple security services operating on various attack vectors. In this example, the malicious PDF files (Figure 3) were blocked by machine learning models, enhanced by assimilating signals from multiple services of Microsoft Threat Protection.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-3.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89409 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-3.png\" alt=\"Image of one of several PDF files that only Microsoft was detecting (as Trojan:PDF\/Sonbokli.A!cl) at the time it was first observed (Source: VirusTotal).\" width=\"1465\" height=\"1159\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-3.png 1465w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-3-300x237.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-3-768x608.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Evolution-image-3-1024x810.png 1024w\" sizes=\"auto, (max-width: 1465px) 100vw, 1465px\" \/><\/a><\/p>\n<p><em>Figure 3. One of several PDF files <strong>that only Microsoft was detecting<\/strong> (as Trojan:PDF\/Sonbokli.A!cl) at the time it was first observed (Source:\u00a0<\/em><a href=\"https:\/\/www.virustotal.com\/\" target=\"_blank\" rel=\"noopener\">VirusTotal<\/a><em>).<\/em><\/p>\n<p>Through the Microsoft Intelligent Security Graph, the detection algorithm was enriched with URL and domain reputation intelligence from\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-smartscreen\/windows-defender-smartscreen-overview\" target=\"_blank\" rel=\"noopener\">Microsoft Defender SmartScreen<\/a>, the service powering the anti-phishing technology in Microsoft Edge, as well as the\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-exploit-guard\/network-protection-exploit-guard\" target=\"_blank\" rel=\"noopener\">network protection<\/a>\u00a0capability in Microsoft Defender ATP.<\/p>\n<p>Additionally, <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/securitycompliance\/office-365-atp\" target=\"_blank\" rel=\"noopener\">Office 365 Advanced Threat Protection (ATP)<\/a> provided rich optics from PDF phish files distributed via email. When\u00a0Office 365\u00a0ATP detects a suspicious file or URL in emails, it can detonate the file and apply heuristics and sophisticated machine learning to determine a verdict. This verdict is shared with other services in Microsoft Threat Protection. In the case of these PDF files, all the services in Microsoft Threat Protection could immediately block the corrupted PDF files because the original signal from Office 365\u00a0ATP was shared with all the other services in Microsoft Threat Protection.<\/p>\n<p>Microsoft Threat Protection also stops threats <em>quickly<\/em> because of its unique attributes. Every day, Microsoft\u00a0<a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/08\/09\/protecting-the-protector-hardening-machine-learning-defenses-against-adversarial-attacks\/\" target=\"_blank\" rel=\"noopener\">sees millions of new attacks<\/a>\u00a0that run for just 60 minutes or less. This fast pace requires security to be automatic, in real-time, and accurate. The signal sharing and mitigation across Microsoft Threat Protection is robust and comprehensive. Below (Figure 4) is an actual timeline showing how the threat originally identified by SmartScreen provided signal to both Office ATP and Microsoft Defender ATP, which both blocked the threat.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89422 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Microsoft_Threat_Protection_Blog_Timeline-1.gif\" alt=\"Image of a threat timeline of a campaign from the first identification with SmartScreen to mitigations by Office ATP\/Exchange Online Protection (EOP) and Microsoft Defender ATP.\" width=\"1920\" height=\"1080\" \/><\/p>\n<p><em>Figure 4. Threat timeline of this campaign from the first identification with SmartScreen to mitigations by Office ATP\/Exchange Online Protection (EOP) and Microsoft Defender ATP.<\/em><\/p>\n<h3>Great intelligence enables great security<\/h3>\n<p>Our unparalleled intelligence, seamless integration, and best-of-breed solutions for multiple attack vectors leads to the staggering numbers of threats we can detect and mitigate across multiple threat vectors. Below are statistics of the threats which Microsoft Threat Protection mitigated in 2018 (Figure 5). What\u2019s important is not only the number of threats we\u2019ve detected and blocked, but also the fact that we do so for threats across multiple, disparate attack vectors. This is the same strength of security you will benefit from when you implement Microsoft Threat Protection.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89421 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Rob-Blog-Stats-bold-JPG.jpg\" alt=\"Image of Microsoft Threat Protection in action. Some of the detections and mitigations already offered with the solution.\" width=\"1999\" height=\"958\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Rob-Blog-Stats-bold-JPG.jpg 1999w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Rob-Blog-Stats-bold-JPG-300x144.jpg 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Rob-Blog-Stats-bold-JPG-768x368.jpg 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/05\/Rob-Blog-Stats-bold-JPG-1024x491.jpg 1024w\" sizes=\"auto, (max-width: 1999px) 100vw, 1999px\" \/><\/p>\n<p><em>Figure 5. Microsoft Threat Protection in action. Some of the detections and mitigations already offered with the solution.<\/em><\/p>\n<h3>Revamped website to keep you up to date<\/h3>\n<p>Today, we\u2019re excited to launch our new <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/technology\/threat-protection\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Protection website<\/a>, where you\u2019ll find great collateral summarizing the full scope of capabilities offered by Microsoft Threat Protection. On the site, you\u2019ll find <em>three new webcasts<\/em> where our engineers offer details and examples of:<\/p>\n<ul>\n<li><strong>Automated Incident Response<\/strong>\u2014Unique SecOps capabilities only available with Microsoft.<\/li>\n<li><strong>Azure Sentinel<\/strong>\u2014Our newly launched SIEM-as-a-service.<\/li>\n<li><strong>Microsoft Threat Experts and Threat and Vulnerability Management<\/strong>\u2014For endpoints.<\/li>\n<\/ul>\n<p>The new site also links to all the services which are part of Microsoft Threat Protection with great collateral offering details on how the individual services help secure specific attack vectors.<\/p>\n<h3>Experience the evolution of Microsoft Threat Protection<\/h3>\n<p>Hopefully, I gave you a glimpse of how Microsoft Threat Protection has already started executing on the vision of securing the modern organization. Take a moment to\u00a0<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\" target=\"_blank\" rel=\"noopener\">learn more about Microsoft Threat Protection<\/a>, read our <a href=\"https:\/\/www.microsoft.com\/security\/blog\/the-evolution-of-microsoft-threat-protection\/\" target=\"_blank\" rel=\"noopener\">previous monthly updates<\/a>, and visit our <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/technology\/threat-protection\" target=\"_blank\" rel=\"noopener\">new website<\/a>.<\/p>\n<p><a href=\"https:\/\/customers.microsoft.com\/en-us\/story\/telit-professional-services-microsoft-365\" target=\"_blank\" rel=\"noopener\">Organizations<\/a> have already transitioned to Microsoft Threat Protection and <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/What-s-New\/SecOps-is-more-effective-thanks-to-Microsoft-Windows-Defender\/m-p\/272925#M145\" target=\"_blank\" rel=\"noopener\">partners<\/a> are leveraging its powerful capabilities. Begin a trial of Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution available to your organization.<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/enterprise-mobility-security\/mtptrial\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Protection trial<\/a><\/li>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/free\/\" target=\"_blank\" rel=\"noopener\">Microsoft Azure Sentinel<\/a><\/li>\n<\/ul>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/05\/14\/executing-vision-microsoft-threat-protection\/\">Executing on the vision of Microsoft Threat Protection<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/05\/14\/executing-vision-microsoft-threat-protection\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Tue, 14 May 2019 16:00:48 +0000<\/strong><\/p>\n<p>Learn about how we\u2019re already executing on the vision of Microsoft Threat Protection\u2014the premier solution for securing the modern workplace across identities, endpoints, user data, apps, and infrastructure.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/05\/14\/executing-vision-microsoft-threat-protection\/\">Executing on the vision of Microsoft Threat Protection<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[21869,21871,21870,17202],"class_list":["post-15394","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-evolution-of-microsoft-threat-protection","tag-evolution-of-microsoft-threat-protection-page","tag-microsoft-intelligent-security-graph","tag-microsoft-intelligent-security-graph-isg"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15394"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15394\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15394"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}