{"id":15929,"date":"2019-07-29T09:00:32","date_gmt":"2019-07-29T17:00:32","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/07\/29\/news-9673\/"},"modified":"2019-07-29T09:00:32","modified_gmt":"2019-07-29T17:00:32","slug":"news-9673","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/07\/29\/news-9673\/","title":{"rendered":"The evolution of Microsoft Threat Protection\u2014July update"},"content":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Mon, 29 Jul 2019 16:00:50 +0000<\/strong><\/p>\n<p>Modern security teams need to proactively, efficiently, and effectively hunt for threats across multiple attack vectors. To address this need, today we\u2019re excited to give you a glimpse of a new threat hunting capability coming soon to Microsoft Threat Protection. Building off the <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/microsoft-defender-atp\/overview-hunting\" target=\"_blank\" rel=\"noopener\">threat hunting technology<\/a> currently available in <a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/windows\/microsoft-defender-atp\" target=\"_blank\" rel=\"noopener\">Microsoft Defender Advanced Threat Protection (ATP)<\/a>, we are adding the ability to hunt for threats across endpoints and email (Figure 1).<\/p>\n<p>The new Microsoft Threat Protection advanced threat hunting allows:<\/p>\n<ul>\n<li><strong>Easy access to telemetry<\/strong>\u2014The telemetry data is accessible in easy to use tables for you to query.<\/li>\n<li><strong>Enhanced portal experience<\/strong>\u2014Certain query results, such as machine name, link directly to the relevant portal, consolidating the hunting query experience and the portal investigation experience.<\/li>\n<li><strong>Detailed query templates<\/strong>\u2014A welcome page provides examples designed to get you started and get you familiar with the tables and the query language.<\/li>\n<\/ul>\n<p>The example in Figure 1 demonstrates how Microsoft Threat Protection enables hunting for red teams leveraging a compromised account to store a payload on a local SharePoint site and for sending emails to individuals within the organization. Having the email come from an internal sender and pointing to a local SharePoint site guarantees a high click-through rate. With the advanced hunting capability in Microsoft Threat Protection, this scenario easier to identity, discover, and ultimately remediate<em>.<\/em> As Microsoft Threat Protection evolves, we\u2019ll continue to extend the advanced hunting capability across the enterprise. Look for more details on threat hunting across endpoints and email in the coming weeks.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89682 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1.png\" alt=\"\" width=\"1805\" height=\"1014\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1.png 1805w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1-300x169.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1-768x431.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1-1024x575.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1-687x385.png 687w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1-1083x609.png 1083w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1-767x431.png 767w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-1-539x303.png 539w\" sizes=\"auto, (max-width: 1805px) 100vw, 1805px\" \/><\/a><\/p>\n<p><em>Figure 1. Hunting query example: Find the red team!<\/em><\/p>\n<h3>Connecting the dots to protect your users<\/h3>\n<p>As we\u2019ve <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/04\/25\/microsoft-threat-protection-april-update\/\" target=\"_blank\" rel=\"noopener\">discussed previously<\/a>, securing enterprise identities is paramount for effective threat protection in modern organizations. Microsoft Threat Protection is built on best-in-class identity protection, and we\u2019re pleased to announce the <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/06\/20\/investigating-identity-threats-hybrid-cloud-environments\/\" target=\"_blank\" rel=\"noopener\">general availability of our new identity threat investigation experience<\/a>, which correlates identity events from Microsoft Cloud App Security, Azure Advanced Threat Protection, and Azure Active Directory Identity Protection into a single investigation experience for security analysts and hunters alike.<\/p>\n<p>Leverage state-of-the-art User and Entity Behavior Analytics (UEBA) capabilities to provide a risk score and rich contextual information for individual users across on-premises and cloud services. With the high volume of threat signals today\u2019s security teams must analyze, it\u2019s a challenge to know which users and threats to prioritize for deeper investigations (Figure 2). The new identity threat investigation experience enables security analysts to prioritize their investigations, helping reduce investigation times and eliminating the need to toggle between identity security solutions.<\/p>\n<p>For more details <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Prioritize-user-investigations-in-Cloud-App-Security\/ba-p\/700136\" target=\"_blank\" rel=\"noopener\">check out our blog<\/a> and get a deeper dive in our <a href=\"https:\/\/docs.microsoft.com\/en-us\/cloud-app-security\/tutorial-ueba\" target=\"_blank\" rel=\"noopener\">technical documentation<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-2.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89683 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-2.png\" alt=\"\" width=\"1420\" height=\"701\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-2.png 1420w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-2-300x148.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-2-768x379.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-2-1024x506.png 1024w\" sizes=\"auto, (max-width: 1420px) 100vw, 1420px\" \/><\/a><\/p>\n<p><em>Figure 2. Top user view by investigation priority.<\/em><\/p>\n<h3>Delivering on our promise to empower defenders<\/h3>\n<p>Earlier this year, <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/03\/21\/microsoft-defender-atp-for-mac-new-threat-and-vulnerability-management-capabilities\/\" target=\"_blank\" rel=\"noopener\">we announced<\/a> two capabilities for email security with the public preview of <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Microsoft-Defender-ATP\/MDATP-Threat-amp-Vulnerability-Management-now-publicly-available\/ba-p\/460977\" target=\"_blank\" rel=\"noopener\">Threat &amp; Vulnerability Management<\/a> and the extension of our <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Microsoft-Defender-ATP\/Announcing-Microsoft-Defender-ATP-for-Mac\/ba-p\/378010\" target=\"_blank\" rel=\"noopener\">endpoint security capabilities to macOS<\/a>. We\u2019re excited to deliver on the promise of both these milestones for our endpoint security, which further empower defenders relying on our services to secure their organizations.<\/p>\n<p>At the end of June, <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Microsoft-Defender-ATP\/Microsoft-Defender-ATP-for-Mac-is-here\/ba-p\/743891\" target=\"_blank\" rel=\"noopener\">we announced the general availability<\/a> of our endpoint security for macOS. Offered through Microsoft Defender ATP, it enables integrated experiences in Microsoft Defender Security Center across Windows and macOS clients. It supports the three latest versions of macOS: Mojave, High Sierra, and Sierra. Customers can use Microsoft Intune and Jamf to deploy and manage Microsoft Defender ATP for Mac. Just like with Microsoft Office applications on macOS, Microsoft Auto Update is used to manage Microsoft Defender ATP for Mac updates. Check out the <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-antivirus\/microsoft-defender-atp-mac\" target=\"_blank\" rel=\"noopener\">public documentation<\/a> to see what\u2019s available now.<\/p>\n<p>We further enhanced endpoint security <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/03\/21\/microsoft-defender-atp-for-mac-new-threat-and-vulnerability-management-capabilities\/\" target=\"_blank\" rel=\"noopener\">with the general availability<\/a> of Threat &amp; Vulnerability Management for endpoints (Figure 3), which offers customers:<\/p>\n<ul>\n<li>Continuous discovery of vulnerabilities and misconfigurations.<\/li>\n<li>Prioritization based on business context and dynamic threat landscape.<\/li>\n<li>Seamless correlation of vulnerabilities providing enhanced breach insights.<\/li>\n<li>Ability to assess vulnerability at the single-machine level to enrich and provide greater detail on incident investigations.<\/li>\n<li>Built-in remediation processes through unique integration with Intune and Microsoft System Center Configuration Manager.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-3.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89684 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-3.png\" alt=\"\" width=\"997\" height=\"546\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-3.png 997w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-3-300x164.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-3-768x421.png 768w\" sizes=\"auto, (max-width: 997px) 100vw, 997px\" \/><\/a><\/p>\n<p><em>Figure 3. The Threat &amp; Vulnerability Management dashboard.<\/em><\/p>\n<p>This month, we also enriched the experience for security teams managing email security by <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Empower-security-teams-to-easily-report-suspicious-emails-amp\/ba-p\/752622\" target=\"_blank\" rel=\"noopener\">introducing an email submission<\/a> feature offered through Office 365 ATP. Microsoft is <a href=\"https:\/\/docs.microsoft.com\/en-us\/security\/msrc\/fy18-strategy-brief\" target=\"_blank\" rel=\"noopener\">home to 3,500 security professionals<\/a>, and now your organization can leverage their expertise to get quick and accurate analysis of potential email threats with the click of a button (Figure 4). The submission process is easy to use, and our Microsoft experts provide quick feedback, including insights on configurations that may have caused a false positive or false negative, reducing the time to investigate issues and improving overall effectiveness.<\/p>\n<p>The new submission process allows admins to:<\/p>\n<ul>\n<li>Submit suspicious emails, files, and URLs to Microsoft for analysis.<\/li>\n<li>Find and remove rules allowing malicious content into the tenant.<\/li>\n<li>Find and remove rules blocking good content into the tenant.<\/li>\n<\/ul>\n<p>Here\u2019s a quick run-through of the experience. You can also learn more about it in our <a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FOffice365%2FSecurityCompliance%2Fadmin-submission&amp;data=02%7C01%7Cv-dysnod%40microsoft.com%7C2b4c6b08132e4348669b08d7096c53fc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636988233193888314&amp;sdata=1KC5wyNryACaQ0%2FsvV0MsmKZsP7GXLDgv6QF2dKpyx0%3D&amp;reserved=0\" target=\"_blank\" rel=\"noopener\">technical docs<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-4.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89685 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-4.png\" alt=\"\" width=\"986\" height=\"438\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-4.png 986w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-4-300x133.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/07\/Microsoft-Threat-Protection-July-update-4-768x341.png 768w\" sizes=\"auto, (max-width: 986px) 100vw, 986px\" \/><\/a><\/p>\n<p><em>Figure 4. Admin submission experience with Office 365 ATP.<\/em><\/p>\n<h3>Experience the evolution of Microsoft Threat Protection<\/h3>\n<p>Take a moment to\u202f<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\" target=\"_blank\" rel=\"noopener\">learn more about Microsoft Threat Protection<\/a>, read our previous\u202f<a href=\"https:\/\/www.microsoft.com\/security\/blog\/the-evolution-of-microsoft-threat-protection\/\" target=\"_blank\" rel=\"noopener\">monthly updates<\/a>, and visit\u202fthe <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/technology\/threat-protection\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Protection webpage<\/a>.\u202fOrganizations like <a href=\"https:\/\/customers.microsoft.com\/en-us\/story\/telit-professional-services-microsoft-365\" target=\"_blank\" rel=\"noopener\">Telit<\/a> have already transitioned to Microsoft Threat Protection, and <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/What-s-New\/SecOps-is-more-effective-thanks-to-Microsoft-Windows-Defender\/m-p\/272925#M145\" target=\"_blank\" rel=\"noopener\">partners<\/a> are leveraging its powerful capabilities.<\/p>\n<p>Begin a trial of Microsoft Threat Protection services, which also includes our newly launched SIEM and Azure Sentinel, to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/enterprise-mobility-security\/mtptrial\" target=\"_blank\" rel=\"noopener\">Microsoft Threat Protection trial<\/a><\/li>\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" target=\"_blank\" rel=\"noopener\">Microsoft Azure Sentinel trial<\/a><\/li>\n<\/ul>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/07\/29\/evolution-of-microsoft-threat-protection-july-update\/\">The evolution of Microsoft Threat Protection\u2014July update<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/07\/29\/evolution-of-microsoft-threat-protection-july-update\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Mon, 29 Jul 2019 16:00:50 +0000<\/strong><\/p>\n<p>Learn about the latest enhancements to Microsoft Threat Protection, the premier solution for securing the modern workplace across identities, endpoints, user data, apps, and infrastructure.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/07\/29\/evolution-of-microsoft-threat-protection-july-update\/\">The evolution of Microsoft Threat Protection\u2014July update<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[21869,21871,21494,22452,21484,21509],"class_list":["post-15929","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-evolution-of-microsoft-threat-protection","tag-evolution-of-microsoft-threat-protection-page","tag-microsoft-cloud-app-security","tag-microsoft-defender-advanced-threat-protection","tag-microsoft-defender-atp","tag-office-365-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15929"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15929\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}