{"id":25566,"date":"2024-12-12T08:00:42","date_gmt":"2024-12-12T16:00:42","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/12\/12\/news-19295\/"},"modified":"2024-12-12T08:00:42","modified_gmt":"2024-12-12T16:00:42","slug":"news-19295","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/12\/12\/news-19295\/","title":{"rendered":"Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&#038;CK\u00ae Evaluations: Enterprise\u200b\u200b"},"content":{"rendered":"<p><strong>Credit to Author: Karthik Selvaraj| Date: Wed, 11 Dec 2024 17:00:00 +0000<\/strong><\/p>\n<h2 class=\"wp-block-heading\" id=\"delivering-industry-leading-detection-for-a-sixth-consecutive-year-1\">Delivering industry-leading detection for a sixth consecutive year<\/h2>\n<p>For the sixth year in a row, <a href=\"https:\/\/www.microsoft.com\/security\/business\/siem-and-xdr\/microsoft-defender-xdr\">Microsoft Defender XDR<\/a> demonstrated industry-leading extended detection and response (XDR) capabilities in the independent <strong><a href=\"https:\/\/evals.mitre.org\">MITRE ATT&amp;CK\u00ae Evaluations: Enterprise<\/a>.<\/strong> The cyberattack used during the detection test highlights the importance of a unified XDR platform and showcases Defender XDR as a leading solution for securing your multi-operating system estate, with the following results:<\/p>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-large&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136791 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1600,&quot;targetHeight&quot;:900,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: Three charts showing Microsoftu2019s technique coverage across the three different attack scenarios for MITREu2019s Detection test.&quot;,&quot;alt&quot;:&quot;Three charts showing Microsoftu2019s technique coverage across the three different attack scenarios for MITREu2019s Detection test.&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-1024x576.webp\" alt=\"Three charts showing Microsoft&rsquo;s technique coverage across the three different attack scenarios for MITRE&rsquo;s Detection test.\" class=\"wp-image-136791 webp-format\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-1024x576.webp 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-300x169.webp 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-768x432.webp 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-1536x864.webp 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-615x346.webp 615w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-336x189.webp 336w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-189x106.webp 189w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-630x354.webp 630w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4.webp 1600w\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture1-4-1024x576.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: Three charts showing Microsoft\u2019s technique coverage across the three different attack scenarios for MITRE\u2019s Detection test.\" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><figcaption class=\"wp-element-caption\"><em>Figure 1. Diagram of Microsoft Defender XDR&rsquo;s MITRE Tactics, Techniques, and Procedures (TTP) coverage for all cyberattack stages in Detection.<\/em><\/figcaption><\/figure>\n<ul class=\"wp-block-list\">\n<li><strong>Achieved industry-leading, cross-platform detection<\/strong>: 100% technique level detections across all attack stages for Linux and macOS threats leveraging our <a href=\"https:\/\/learn.microsoft.com\/defender-endpoint\/linux-support-ebpf\" target=\"_blank\" rel=\"noreferrer noopener\">new extended Berkeley Packet Filter (eBPF) Linux sensor<\/a> and macOS behavioral monitoring engine that delivers rich actionable content.<\/li>\n<li><strong>Delivered <u>zero<\/u> false positives<\/strong>, providing powerful security without overwhelming the security operations center (SOC). Defender XDR accurately alerted on and blocked only malicious activity every time so the SOC can focus their limited time and resources on responding to real cyberthreats at hand. Key to this result are critical cross-platform capabilities like remote encryption detection for gaining deeper visibility into the cyberattacker\u2019s machines and behavior monitoring for detecting emerging threats on macOS. <\/li>\n<li><strong>Equips the SOC with powerful technology like Microsoft Security Copilot<\/strong>, the industry\u2019s first generative AI for security, to thwart attacks with contextual insight and speed with capabilities like script analysis that translates obfuscated PowerShell scripts into intuitive explanations of a script\u2019s role in the cyberattack.<\/li>\n<li><strong>Deep visibility into remote encryption, <\/strong>providing unprecedented visibility into encryption attempts originating from remote machines that might not even be onboarded to Defender XDR and putting an end to an advanced cyberattack vector being used in over 70% of recent ransomware cases.\u00b9<a id=\"_msocom_1\"><\/a><\/li>\n<\/ul>\n<div class=\"wp-block-msxcm-cta-block\" data-moray data-bi-an=\"CTA Block\">\n<div class=\"card d-block mx-ng mx-md-0\">\n<div class=\"row no-gutters\">\n<div class=\"col-md-4\"> \t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"600\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/MSFT_M365_Apr_SecurityGIF11_Blog_GIF_240410_FINAL.gif\" class=\"card-img img-object-cover\" alt=\"Decorative moving image with various dots\" \/>\t\t\t\t<\/div>\n<div class=\"d-flex col-md\">\n<div class=\"card-body align-self-center p-4 p-md-5\">\n<h2>Microsoft Defender XDR<\/h2>\n<div class=\"mb-3\">\n<p>Supercharge your SecOps effectiveness with XDR.<\/p>\n<\/p><\/div>\n<div class=\"link-group\"> \t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/security\/business\/siem-and-xdr\/microsoft-defender-xdr\" class=\"btn btn-link text-decoration-none p-0\" > \t\t\t\t\t\t\t\t<span>Learn more<\/span> \t\t\t\t\t\t\t\t<span class=\"glyph-append glyph-append-chevron-right glyph-append-xsmall\"><\/span> \t\t\t\t\t\t\t<\/a> \t\t\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>Defender XDR is the industry\u2019s broadest natively integrated XDR platform spanning<strong> endpoints, hybrid identities, email, collaboration tools, software as a service (SaaS) apps, and data <\/strong>with centralized visibility, powerful analytics, and automatic attack disruption, a powerful response capability unique to Microsoft.&nbsp;<\/p>\n<blockquote class=\"wp-block-quote blockquote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&nbsp;A note on this year\u2019s emulation: It is Microsoft\u2019s opinion that the Protection test does not mirror realistic cyberthreats that organizations face. The Protection test methodology differed significantly from the Detection test that emulated an end-to-end attack scenario reflective of the cyberthreat landscape.&nbsp; See our statement below.<span data-contrast=\"auto\" xml:lang=\"EN-US\" lang=\"EN-US\" class=\"TextRun EmptyTextRun SCXW125340087 BCX0\" style=\"-webkit-user-drag: none; -webkit-tap-highlight-color: transparent; margin: 0px; padding: 0px; user-select: text; background-color: rgb(255, 255, 255); font-size: 12pt; font-style: italic; line-height: 21px; font-family: &quot;Segoe UI&quot;, &quot;Segoe UI_EmbeddedFont&quot;, &quot;Segoe UI_MSFontService&quot;, sans-serif; font-variant-ligatures: none !important;\"><\/span>&nbsp;<\/em><\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\" id=\"customer-reality-is-core-to-microsoft-s-testing-approach\">Customer reality is core to Microsoft\u2019s testing approach<\/h2>\n<p>Microsoft Security\u2019s mission is to build a safer world while enabling all organizations, users, and services to be as productive as possible. On the ground this means equipping security analysts with a holistic, actionable view of the cyberthreat landscape to minimize time to remediate legitimate bad actors.<\/p>\n<p>As we develop our product, we strive to find the right balance between providing industry-leading security while ensuring under-sourced security operations teams are not flooded with false positives. We hold ourselves accountable for delivering on this goal by regularly participating in product evaluations to identify gaps and improve our products. This year, our conclusion from the MITRE protection test is that it was designed to evade protection mechanisms to the extent that it is unrepresentative of an actual cyberattack, a methodology that Microsoft disagrees with.<\/p>\n<p>The core issue is the micro-testing methodology, which is inconsistent with how cyberattackers typically operate, moving laterally within organizations by gaining access to identities and privileges over time. These broader signals are critical for distinguishing between benign and malicious activities so we can balance protecting organizations from cyberattacks while supporting the broadest set of benign use cases across a massive customer base worldwide.<\/p>\n<p>For example, MITRE used &#8220;micro emulations\u201d starting with a highly privileged user and applications signed by a trusted certificate \u202fto conduct cyberattack steps in isolation without adequate context. Signed apps executed by privileged users is a benign scenario we see on thousands of Windows machines a day. Using a trusted certificate isn\u2019t suspicious unless the associated user was compromised\u2014context that the MITRE test lacked. Nor were there signals provided to enable us to determine that the certificate in the trusted root authority had been compromised or was seen to be signing malicious applications.<\/p>\n<p>Microsoft will not implement the test\u2019s recommendations as they do not reflect cyberattack patterns on customer environments. Doing so would cause outages for legitimate customer scenarios.<\/p>\n<p>We appreciate the ongoing collaborative dialogue with MITRE on the topic of testing methodology and look forward to our continued partnership into the future.<a id=\"_msocom_1\"><\/a><\/p>\n<h2 class=\"wp-block-heading\" id=\"how-microsoft-fended-off-adversaries-in-the-detection-test\">How Microsoft fended off adversaries in the Detection test<\/h2>\n<p>In previous evaluations, MITRE scoped emulated behaviors to a specific cyberthreat actor group, like <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/12\/04\/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage\/?msockid=3bef1be87261641b09e20845732c65d6\">Secret Blizzard<\/a>. This year, MITRE has added ransomware as an attack category informing a range of malicious behaviors carried out against Windows and Linux. For the macOS portion of the emulation, MITRE applied adversarial behaviors inspired by cyberthreat actors that the Democratic People\u2019s Republic of North Korea (DPRK) sponsors. Microsoft Threat Intelligence tracks <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/11\/22\/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon\/?msockid=338e258c41bb6f81148430a545bb645d\">these groups<\/a> at a granular level, for example, Sapphire Sleet, Ruby Sleet, Moonstone Sleet, and others that commonly escalate privileges and target user credentials on macOS.<\/p>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-3.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-large&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136828 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1677,&quot;targetHeight&quot;:889,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: Image showing bar charts comparing the MITRE TTP coverage for all participating vendors in this yearu2019s MITRE Detection test. &quot;,&quot;alt&quot;:&quot;Image showing bar charts comparing the MITRE TTP coverage for all participating vendors in this yearu2019s MITRE Detection test. &quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-3-1024x543.webp\" alt=\"Image showing bar charts comparing the MITRE TTP coverage for all participating vendors in this year&rsquo;s MITRE Detection test. \" class=\"wp-image-136828 webp-format\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-3-1024x543.webp 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-3-300x159.webp 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-3-768x407.webp 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-3-1536x814.webp 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-3.webp 1677w\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-3-1024x543.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: Image showing bar charts comparing the MITRE TTP coverage for all participating vendors in this year\u2019s MITRE Detection test. \" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><figcaption class=\"wp-element-caption\"><em>Figure 2. Diagram of participating vendors&rsquo; TTP coverage for all cyberattack stages in Detection<\/em><\/figcaption><\/figure>\n<p>Let\u2019s take a closer look at how Microsoft Defender XDR once again achieved industry-leading results in this year\u2019s MITRE evaluation and how Microsoft is shaping the future of security to respond to the most prevalent cyberthreats like ransomware.<\/p>\n<h2 class=\"wp-block-heading\" id=\"a-leader-in-detection-for-every-cyberattack-stage-100-technique-level-detections-for-linux-and-macos-cyberthreats\">A leader in detection for every cyberattack stage: 100% technique level detections for Linux and macOS cyberthreats<\/h2>\n<p><a id=\"_msocom_1\"><\/a><\/p>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-3.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-large&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136830 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1677,&quot;targetHeight&quot;:889,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: Image showing bar charts comparing the MITRE TTP coverage for all participating vendors for Linux and macOS in yearu2019s MITRE Detection test.&quot;,&quot;alt&quot;:&quot;Image showing bar charts comparing the MITRE TTP coverage for all participating vendors for Linux and macOS in yearu2019s MITRE Detection test.&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-3-1024x543.webp\" alt=\"Image showing bar charts comparing the MITRE TTP coverage for all participating vendors for Linux and macOS in year&rsquo;s MITRE Detection test.\" class=\"wp-image-136830 webp-format\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-3-1024x543.webp 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-3-300x159.webp 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-3-768x407.webp 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-3-1536x814.webp 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-3.webp 1677w\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-3-1024x543.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: Image showing bar charts comparing the MITRE TTP coverage for all participating vendors for Linux and macOS in year\u2019s MITRE Detection test.\" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><figcaption class=\"wp-element-caption\">F<em>igure 3. Diagram of Microsoft Defender XDR&rsquo;s MITRE TTP coverage for Linux and macOS in Detection<\/em><\/figcaption><\/figure>\n<p>Organizations often have diverse digital estates spanning multiple operating systems, which is why Microsoft invests heavily in ensuring detection for all major operating systems is both accurate and actionable. Microsoft\u2019s industry-leading cross-platform results are driven by a combination of continuous investments, such as:<\/p>\n<p><em>1. Extending our generative AI solution, Security Copilot, beyond Windows.<\/em><\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/business\/ai-machine-learning\/microsoft-security-copilot\" target=\"_blank\" rel=\"noreferrer noopener\">Security Copilot<\/a> is the only security AI product that combines a specialized language model with security-specific capabilities from Microsoft. These capabilities incorporate a growing set of security-specific skills informed by our unique global threat intelligence and more than 78 trillion daily signals. Summarizing incidents, guiding response actions, using natural language for advanced threat hunting, and analyzing obfuscated PowerShell scripts are just some of the ways Security Copilot helps analysts accelerate workflows and gain new skills. In this evaluation, script analysis played a key role for macOS where we see human-readable explanations alongside the code as well as <a href=\"https:\/\/www.mitre.org\/news-insights\/publication\/ttp-based-hunting\" target=\"_blank\" rel=\"noreferrer noopener\">MITRE Tactics, Techniques, and Procedures<\/a> (TTPs). This way analysts can quickly understand how the adversary is using the file or script.<\/p>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-2.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-large&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136761 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1688,&quot;targetHeight&quot;:854,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: A screenshot showing Security Copilot analyzing malicious script that was used in the MITRE emulation.&quot;,&quot;alt&quot;:&quot;A screenshot showing Security Copilot analyzing malicious script that was used in the MITRE emulation.&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-2-1024x518.webp\" alt=\"A screenshot showing Security Copilot analyzing malicious script that was used in the MITRE emulation.\" class=\"wp-image-136761 webp-format\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-2-1024x518.webp 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-2-300x152.webp 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-2-768x389.webp 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-2-1536x777.webp 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-2.webp 1688w\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-2-1024x518.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: A screenshot showing Security Copilot analyzing malicious script that was used in the MITRE emulation.\" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><figcaption class=\"wp-element-caption\"><em>Figure 4: Step 2.5 &#8211; System Services &#8211; launchctl (T1569.001), alongside Security Copilot script analysis for macOS that makes alerts more actionable<\/em><\/figcaption><\/figure>\n<p><em>2. Delivering enhanced behavioral monitoring capabilities to detect emerging cyberthreats even earlier on macOS.<\/em><\/p>\n<p>Effective security is about the quality and actionability of detections, not just the quantity. These principles guide how we\u2019ve built industry-leading security across Windows, Linux, and macOS. Let\u2019s look at step Mac 4.08 Credentials from Password Stores: Keychain by a suspicious file as an example. Keychain-related file access happens often on macOS, even when a machine is idle. On average, these files may be accessed well over 400 times per hour. This level of activity is normal for many popular applications, such as OneDrive, Adobe Creative Cloud, and the built-in macOS apps. However, sorting out normal versus suspicious access poses a significant challenge for many vendors. We gain this deeper analysis through a combination of advanced behavior monitoring and content scanning, along with Microsoft\u2019s exclusive threat intelligence. This approach helps pinpoint genuinely suspicious access, like those from us.zoom.ZoomHelperTool, providing analysts with the precise data they need to respond effectively.<a id=\"_msocom_1\"><\/a><\/p>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-1.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-large&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136762 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1098,&quot;targetHeight&quot;:720,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: A screenshot of the Defender XDR portal showing deeper context around a particular part of the attack pertaining to macOS.&quot;,&quot;alt&quot;:&quot;A screenshot of the Defender XDR portal showing deeper context around a particular part of the attack pertaining to macOS.&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-1-1024x671.webp\" alt=\"A screenshot of the Defender XDR portal showing deeper context around a particular part of the attack pertaining to macOS.\" class=\"wp-image-136762 webp-format\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-1-1024x671.webp 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-1-300x197.webp 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-1-768x504.webp 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-1.webp 1098w\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture3-1-1024x671.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: A screenshot of the Defender XDR portal showing deeper context around a particular part of the attack pertaining to macOS.\" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><figcaption class=\"wp-element-caption\"><em>Figure 5. MacOS and our cross-platform customers also receive the full context richness provided to Windows around what a malicious file capabilities are which includes a list of MITRE TTPs, strings, imports, and many other file attributes to provide comprehensive context of a cyberattack within a singular portal experience.&nbsp;<\/em>&nbsp;<\/figcaption><\/figure>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-2.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-large&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136804 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1696,&quot;targetHeight&quot;:1120,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: A screenshot of the Defender XDR portal showing an even deeper context analysis on a macOS suspicious file alert.&quot;,&quot;alt&quot;:&quot;A screenshot of the Defender XDR portal showing an even deeper context analysis on a macOS suspicious file alert.&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-2-1024x676.webp\" alt=\"A screenshot of the Defender XDR portal showing an even deeper context analysis on a macOS suspicious file alert.\" class=\"wp-image-136804 webp-format\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-2-1024x676.webp 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-2-300x198.webp 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-2-768x507.webp 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-2-1536x1014.webp 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-2.webp 1696w\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture4-2-1024x676.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: A screenshot of the Defender XDR portal showing an even deeper context analysis on a macOS suspicious file alert.\" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><figcaption class=\"wp-element-caption\"><em>Figure 6. macOS suspicious file alert with a clear description and information on why us.zoom.ZoomHelperTool was considered a suspicious file. Generated Information generated by multivariate machine learning models<\/em>.<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\" id=\"zero-false-positives-across-linux-macos-and-windows\">Zero false positives across Linux, macOS, and Windows<\/h2>\n<p>When benign activities are flagged as malicious, security analysts end up wasting time and resources investigating. At a scale of potentially hundreds to thousands of alerts a day, false positives quickly lead to team burnout and eroded trust in security measures. This year, MITRE introduced a false positive metric by weaving in innocuous actions like legitimate file-sharing in the cyberattack steps to see if evaluated solutions would generate unnecessary alerts. Microsoft employs machine learning-based detections, only alerting on anomalous activity that seems to originate from malicious intent. This approach is how we deliver powerful security without overwhelming the SOC.<\/p>\n<p>Microsoft&#8217;s dedication to protection with minimal false positives is evident in regularly occurring, public antivirus assessments conducted by endpoint testing authorities like <a href=\"https:\/\/www.av-comparatives.org\/enterprise\/latest-tests\/\" target=\"_blank\" rel=\"noreferrer noopener\">AV-Comparatives<\/a>, <a href=\"https:\/\/www.av-test.org\/en\/antivirus\/business-windows-client\/\" target=\"_blank\" rel=\"noreferrer noopener\">AV-Test<\/a>, and <a href=\"https:\/\/selabs.uk\/reports\/?sectors=enterprise&amp;technology=eps\" target=\"_blank\" rel=\"noreferrer noopener\">SE Labs<\/a>.<\/p>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-4.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-full&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136819 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1677,&quot;targetHeight&quot;:891,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: A bar chart comparing the performance of participating vendors in generating false positives in the MITRE Detection test.&quot;,&quot;alt&quot;:&quot;A bar chart comparing the performance of participating vendors in generating false positives in the MITRE Detection test.&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-full wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-4.webp\" alt=\"A bar chart comparing the performance of participating vendors in generating false positives in the MITRE Detection test.\" class=\"wp-image-136819 webp-format\" srcset=\"\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture2-4.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: A bar chart comparing the performance of participating vendors in generating false positives in the MITRE Detection test.\" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><figcaption class=\"wp-element-caption\"><em>Figure 7. Number of false positives generated in this year&rsquo;s MITRE evaluation.<\/em><\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\" id=\"deep-visibility-into-remote-encryption-attempts\"><a id=\"_msocom_1\"><\/a>Deep visibility into remote encryption attempts&nbsp;<\/h2>\n<p>Since 2022, Microsoft has observed a spike in cyberattackers using remote encryption, where a cyberattacker uses a compromised device to encrypt other devices in a given network. As the latest <a href=\"https:\/\/www.microsoft.com\/security\/security-insider\/intelligence-reports\/microsoft-digital-defense-report-2024#section-master-occ0c2\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Digital Defense Report<\/a> points out, 70% percent of successful human-operated ransomware cyberattacks have applied this technique. Gaining insight into a cyberattacker\u2019s machine is typically a blind spot for many antivirus and endpoint detection and response solutions. Defender XDR, however, provides analysts with this critical visibility so that even if an unmanaged device is compromised, it can protect your hybrid organization from advanced cyberattacks like ransomware. <\/p>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture7-1.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-full&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136766 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:736,&quot;targetHeight&quot;:455,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: A screenshot of the Defender XDR portal showing visibility into a remote device used in the attack, evidence of Microsoftu2019s ability to protect against it. &quot;,&quot;alt&quot;:&quot;A screenshot of the Defender XDR portal showing visibility into a remote device used in the attack, evidence of Microsoftu2019s ability to protect against it. &quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-full wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture7-1.webp\" alt=\"A screenshot of the Defender XDR portal showing visibility into a remote device used in the attack, evidence of Microsoft&rsquo;s ability to protect against it. \" class=\"wp-image-136766 webp-format\" srcset=\"\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/12\/Picture7-1.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: A screenshot of the Defender XDR portal showing visibility into a remote device used in the attack, evidence of Microsoft\u2019s ability to protect against it. \" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><figcaption class=\"wp-element-caption\"><em>Figure 8. Step 16.36 &#8211; Data Encrypted for Impact (T1486)<\/em><\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\" id=\"empowering-defenders-with-the-security-they-need\">Empowering defenders with the security they need<\/h2>\n<p>As the cyberthreat landscape rapidly evolves, Microsoft is committed to empowering defenders with industry-leading, cross-platform XDR. Our evaluation philosophy is to reflect the real world by configuring the product as customers would in line with industry best practices. In the MITRE Evaluations, as with all simulations, <a href=\"https:\/\/www.microsoft.com\/security\/business\/siem-and-xdr\/microsoft-defender-xdr\">Microsoft Defender XDR<\/a> achieved industry-leading results without manual processing or fine-tuning and can be run in customer environments without generating an untenable number of false positives. Microsoft\u2019s commitment to delivering cybersecurity while minimizing false positives is reflected in regularly occurring public evaluations.\u202f\u00a0\u00a0<\/p>\n<p>We thank MITRE Engenuity for the opportunity to contribute to and participate in this year\u2019s evaluation.&nbsp;<\/p>\n<h2 class=\"wp-block-heading\" id=\"learn-more\">Learn more<\/h2>\n<p>To learn more about Microsoft Security solutions, visit our\u202f<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\" target=\"_blank\" rel=\"noreferrer noopener\">website.<\/a>\u202fBookmark the\u202f<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Security blog<\/a>\u202fto keep up with our expert coverage on security matters. Also, follow us on LinkedIn (<a href=\"https:\/\/www.linkedin.com\/showcase\/microsoft-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Security<\/a>) and X (<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>)\u202ffor the latest news and updates on cybersecurity.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<p><sup>1<\/sup><a href=\"https:\/\/www.microsoft.com\/security\/security-insider\/intelligence-reports\/microsoft-digital-defense-report-2024?msockid=3bef1be87261641b09e20845732c65d6\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Digital Defense Report 2024<\/a><\/p>\n<p>The post <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/12\/11\/microsoft-defender-xdr-demonstrates-100-detection-coverage-across-all-cyberattack-stages-in-the-2024-mitre-attck-evaluations-enterprise\/\">Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&amp;CK\u00ae Evaluations: Enterprise\u200b\u200b<\/a> appeared first on <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\">Microsoft Security Blog<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/12\/11\/microsoft-defender-xdr-demonstrates-100-detection-coverage-across-all-cyberattack-stages-in-the-2024-mitre-attck-evaluations-enterprise\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Karthik Selvaraj| Date: Wed, 11 Dec 2024 17:00:00 +0000<\/strong><\/p>\n<p>For the sixth year in a row, Microsoft Defender XDR demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE ATT&#038;CK\u00ae Evaluations: Enterprise. The cyberattack used during the detection test highlights the importance of a unified XDR platform and showcases Defender XDR as a leading solution for securing your multi-operating system estate.<\/p>\n<p>The post <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/12\/11\/microsoft-defender-xdr-demonstrates-100-detection-coverage-across-all-cyberattack-stages-in-the-2024-mitre-attck-evaluations-enterprise\/\">Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&amp;CK\u00ae Evaluations: Enterprise\u200b\u200b<\/a> appeared first on <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\">Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[25567],"class_list":["post-25566","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-mitre-attck"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25566"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25566\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}