Protect your organization from ransomware

{"sites":[{"pages":[{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Technology designed for extortion","id":"Introduction","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":2,"name":"Technology designed for extortion","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VoC7","content":"<p>Ransomware is a type of malware that encrypts files, folders, or infrastructure, preventing access to critical data or assets. It can target any endpoint, such as home computers, mobile devices, enterprise PCs, or servers.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Technology designed for extortion"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"A payoff that’s difficult to trace","id":"What-it-is","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":3,"name":"A payoff that’s difficult to trace","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vrj3","content":"<p>Criminals use ransomware to demand money in exchange for releasing encrypted files. They may also threaten to leak sensitive data to the public. Because attackers usually insist on payment in cryptocurrency, tracing is extremely difficult.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"A payoff that’s difficult to trace"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Everyone’s a target","id":"Why-it-matters","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":4,"name":"Everyone’s a target","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vmqg","content":"<p>The three most frequently targeted sectors are consumer, financial, and manufacturing. However, this represents only 37 percent of total ransomware attacks, indicating no industry is immune. Even healthcare continues to be attacked during the pandemic.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Everyone’s a target"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Global costs continue to rise","id":"How-it-works","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":5,"name":"Global costs continue to rise","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vh48","content":"<p>In the last year, there was a 130 percent increase in the number of organizations hit with ransomware. The impact has been felt globally with ransom demands running into the many millions of dollars and few legal options available to victims.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Global costs continue to rise"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Organizational compromise from a single device","id":"summary","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":6,"name":"Organizational compromise from a single device","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vmqh","content":"<p>Attackers use a variety of techniques to gain access, including malicious emails and documents and vulnerable devices, identities, and software. Then, they seek out administrator credentials or other accounts with privileged access, so they can compromise the entire organization.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Organizational compromise from a single device"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Encryption, exfiltration, and extortion","id":"introduction-encryption","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":7,"name":"Encryption, exfiltration, and extortion","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vmqi","content":"<p>Some ransomware attacks will encrypt a victim’s files or assets, demanding a ransom for the decryption key. Others will also exfiltrate data, which carries extensive reputational risk because the stolen data may be released to the public.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Encryption, exfiltration, and extortion"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"The stakes have changed","id":"summary1","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9ZC?ver=8262","imageAlt":"[noalt]","imageHeight":730,"imageWidth":1297,"itemIndex":8,"name":"Summary","videoHref":"","content":"<p>The growth trajectory for ransomware and extortion is enormous, and a successful attack can be expensive for those who fall victim. Mitigating these attacks is now an urgent priority for organizations around the globe.<br />\n&nbsp;</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"The stakes have changed"}],"arialabel":"A threat with global impact","id":"ransomware","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":1,"name":"Ransomware defined","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4U8Qy","content":"<p>Ransomware is a type of extortion that can have a crippling impact on individuals, organizations, and national security. Attackers often use ransomware to target sectors like public health and critical infrastructure, but every industry is vulnerable.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"A threat with global impact"},{"pages":[{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Email is the entryway","id":"initial-access-email ","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":10,"name":"Email is the entryway","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vkzl","content":"<p>Phishing emails are a common entry point. They often appear to be from a trusted sender or source and use social engineering and malicious content to trick unsuspecting people into unintentionally compromising their security.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Email is the entryway"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Spear phishing targets high-value employees","id":"initial-access-spear","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":11,"name":"Spear phishing targets high-value employees","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VuvK","content":"<p>Spear phishing is a phishing technique characterized by customized content tailored to certain recipients. Attackers use public information to identify individuals and research their backgrounds. They use this information to write emails that will motivate the target to act.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Spear phishing targets high-value employees"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"It starts with one compromised identity","id":"credential-theft","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":12,"name":"Credential theft","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VrNI","content":"<p>For ransomware to be successful, attackers must steal credentials and compromise an identity. This can take many forms. For example, some people inadvertently provide their username and password by entering them into a site that appears legitimate.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"It starts with one compromised identity"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Broader identity theft","id":"the-impact-broader","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":13,"name":"Broader identity theft","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VrNR","content":"<p>Once attackers have compromised someone’s device, they may immediately begin encrypting data. However, more ambitious attackers will use this access to download more malware and look for opportunities to extract additional usernames and passwords.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Broader identity theft"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Worms facilitate further compromise","id":"the-impact-worm","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":14,"name":"Worms facilitate further compromise","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vmxu","content":"<p>Worms, another type of malware, enable ransomware to move throughout a network using techniques, such as stealing credentials and sessions, accessing file shares, exploiting vulnerabilities, or using legitimate administrative functions.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Worms facilitate further compromise"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Data is now at risk","id":"the-impact-data","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":15,"name":"Data is now at risk","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vmxw","content":"<p>In many cases, simply connecting the infected endpoint to an organizational network is enough to see widespread compromise and significant business disruption.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Data is now at risk"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Automate your defenses","id":"summary","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VhtS?ver=ce0e","imageAlt":"[noalt]","imageHeight":730,"imageWidth":1297,"itemIndex":16,"name":"Summary","videoHref":"","content":"<p>Commodity ransomware relies on well-known techniques and common vulnerabilities to replicate at scale. To stay head, organizations need to automate their defense, through education and a multilayered threat detection and response strategy.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Automate your defenses"}],"arialabel":"Low effort, high profit","id":"commodity","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":9,"name":"Commodity ransomware","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vmqn","content":"<p>Commodity ransomware is a highly automated tactic designed to spread indiscriminately, exploiting devices with relative weaknesses. A single attack may target millions of users in the hope that a small percentage fall victim.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Low effort, high profit"},{"pages":[{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Vulnerable targets provide a foothold","id":"initial-access-vulnerable ","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":18,"name":"Vulnerable targets provide a foothold","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VkA7","content":"<p>Human-operated ransomware uses many of the same techniques as commodity ransomware to establish an initial foothold in a network, such as malicious emails and documents, vulnerable endpoints, compromised identities, and software weaknesses.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Vulnerable targets provide a foothold"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Additional accounts are compromised","id":"initial-access-additional","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":19,"name":"Additional accounts are compromised","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VrQ2","content":"<p>From their initial access point, attackers deploy malware to steal additional credentials that facilitate moving through the network. If antivirus protection is entirely missing from server-class endpoints, this step is trivial for the attacker.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Additional accounts are compromised"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"The goal is administrative access","id":"credential-theft-the-goal","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":20,"name":"The goal is administrative access","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VrQ3","content":"<p>Rather than an automated, opportunistic approach like commodity ransomware, human-operated attacks typically move laterally through the network, compromising endpoints and identities, and using malware to obtain complete organizational compromise.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"The goal is administrative access"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"The attack is escalated","id":"credential-theft-the-attack","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":21,"name":"The attack is escalated","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VkAz","content":"<p>By compromising an administrative account, attackers can move with impunity within the network, accessing any resource and disabling any security control. Critical data centers and cloud resources essential to business operations are vulnerable.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"The attack is escalated"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Maximum pressure","id":"the-impact-maximum","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":22,"name":"Maximum pressure","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4V9yd","content":"<p>Attackers increase the pressure to pay by exfiltrating sensitive data. This puts an organization in legal jeopardy if personally identifiable information is leaked, and competitive disadvantage through the loss of trade secrets.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Maximum pressure"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Complete compromise","id":"the-impact-complete","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":23,"name":"Complete compromise","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4Vmyf","content":"<p>By carefully navigating the network, attackers ensure their compromise of the organization is complete. No endpoints or backups are left untouched, leaving organizations crippled and without access to the very tools needed to effectively recover.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Complete compromise"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":"Defend with comprehensive protection","id":"summary","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Vy6d?ver=26d2","imageAlt":"[noalt]","imageHeight":730,"imageWidth":1297,"itemIndex":24,"name":"Summary","videoHref":"","content":"<p>To defend against the sophisticated adversaries behind human-operated ransomware, organizations need a comprehensive strategy, including a ransomware response plan, best-in-class detection and prevention, and holistic breach remediation.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Defend with comprehensive protection"}],"arialabel":"A hands-on attack against an organization","id":"human","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":17,"name":"Human-operated ransomware","videoHref":"https://www.microsoft.com/en-au/videoplayer/embed/RE4VcgT","content":"<p>As security solutions have gotten better at blocking techniques like phishing, attackers are starting to move away from commodity ransomware. Human-operated ransomware is spread by an attacker moving inside the compromised network of the target organization.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"A hands-on attack against an organization"},{"pages":[{"order":0,"position":0,"slides":[{"order":0,"position":0,"tiles":[],"arialabel":"Visualize the attack","id":"01","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bj?ver=efbe","imageAlt":"A high severity incident investigation in Microsoft Sentinel.","imageHeight":658,"imageWidth":1096,"itemIndex":27,"name":"Visualize the attack","videoHref":"","content":"<p>From the investigation graph, Tim sees the data collected from various enterprise systems, the users and infrastructure under threat, the attack techniques in use, and the connections between each.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Visualize the attack"},{"order":0,"position":1,"tiles":[],"arialabel":"Understand which resources are impacted","id":"02","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VmzV?ver=f8fb","imageAlt":"A high severity incident investigation in Microsoft Sentinel showing a specific user and how they are connected.","imageHeight":658,"imageWidth":1096,"itemIndex":28,"name":"Understand which resources are impacted","videoHref":"","content":"<p>By bringing together information from multiple data sources, Tim understands more about the target and the actions leading up to the breach.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Understand which resources are impacted"}],"tiles":[],"arialabel":"Achieve enterprise-wide insight into attacks","id":"microsoft-sentinel-achieve","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VeiW?ver=56fa","imageAlt":"Incidents sorted by severity in Microsoft Sentinel.","imageHeight":658,"imageWidth":1096,"itemIndex":26,"name":"Microsoft Sentinel","videoHref":"","content":"<p>Tim uses Microsoft Sentinel to see a high priority incident needing investigation. The active human-operated ransomware attack has been identified through detections from Microsoft 365 Defender and Microsoft Defender for Cloud.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Achieve enterprise-wide insight into attacks"},{"order":0,"position":0,"slides":[{"order":0,"position":0,"tiles":[],"arialabel":"Trace and remediate across systems","id":"03","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bs?ver=1d86","imageAlt":"An incident graph showing the users involved and how they are all connected.","imageHeight":658,"imageWidth":1096,"itemIndex":30,"name":"Trace and remediate across systems","videoHref":"","content":"<p>Through the graph view, Tim sees how the spear phishing email led an employee to click on a link and download a malicious document. From there, the attacker moved laterally. Automated remediation fixed affected endpoints and mailboxes.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Trace and remediate across systems"},{"order":0,"position":1,"tiles":[],"arialabel":"Delve into attack details","id":"04","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VmzY?ver=14c0","imageAlt":"A timeline of possible lateral movement within an incident in Microsoft 365 Defender.","imageHeight":658,"imageWidth":1096,"itemIndex":31,"name":"Delve into attack details","videoHref":"","content":"<p>By drilling into the initial alert, Tim learns how the attacker used their access from the malicious document and Mimikatz to gather credentials and move laterally.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Delve into attack details"},{"order":0,"position":2,"tiles":[],"arialabel":"Resolve the complex attack","id":"05","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VmA1?ver=d3d9","imageAlt":"A summary of a resolved incident in Microsoft 365 Defender.","imageHeight":658,"imageWidth":1096,"itemIndex":32,"name":"Resolve the complex attack","videoHref":"","content":"<p>With fully automated and policy-driven manual remediation, Tim’s able to stop this attack in its tracks. The incident has been quickly resolved, leaving Tim and his team with time to focus on more proactive defense.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Resolve the complex attack"},{"order":0,"position":3,"tiles":[],"arialabel":"Proactively deploy preventative mitigations","id":"06","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VkDk?ver=09d7","imageAlt":"An overview of a ransomware threat in Microsoft Defender.","imageHeight":658,"imageWidth":1096,"itemIndex":33,"name":"Proactively deploy preventative mitigations","videoHref":"","content":"<p>By learning more from Microsoft Threat Experts about the class of attack and how it works, Tim quickly identifies a number of vulnerable devices.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Proactively deploy preventative mitigations"},{"order":0,"position":4,"tiles":[],"arialabel":"Understand organizational vulnerabilities","id":"07","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bw?ver=8484","imageAlt":"Mitigations and secure configurations for a ransomware threat in Microsoft 365 Defender.","imageHeight":658,"imageWidth":1096,"itemIndex":34,"name":"Understand organizational vulnerabilities","videoHref":"","content":"<p>Using a Zero Trust security strategy, Tim enforces granular access control and implements multifactor authentication. This helps him protect his Microsoft 365 estate against attacks like this in the future.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Understand organizational vulnerabilities"},{"order":0,"position":5,"tiles":[],"arialabel":"Improve defenses with expert recommendations","id":"08","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VejV?ver=fe12","imageAlt":"A security recommendation to request mediation for advanced protection against ransomware.","imageHeight":658,"imageWidth":1096,"itemIndex":35,"name":"Improve defenses with expert recommendations","videoHref":"","content":"<p>Microsoft 365 Defender helps Tim deploy a specific mitigation for ransomware attacks to use client and cloud heuristics to determine if a file resembles ransomware. This protects endpoints from even the most recent variations.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Improve defenses with expert recommendations"}],"tiles":[],"arialabel":"Get actionable recommendations","id":"microsoft-365-defender-get","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bp?ver=0b2b","imageAlt":"An incident summary showing alerts, scope, impacted entities and more.","imageHeight":658,"imageWidth":1096,"itemIndex":29,"name":"Microsoft 365 Defender","videoHref":"","content":"<p>From the Microsoft 365 Defender incident screen, Tim gains deeper insight into the attack through 22 automatically correlated alerts and expert threat advice.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Get actionable recommendations"},{"order":0,"position":0,"slides":[{"order":0,"position":0,"tiles":[],"arialabel":"Automatically detect and fix vulnerabilities","id":"09","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Vek1?ver=578d","imageAlt":"A list of recommendations to impact your secure score in Microsoft Defender for Cloud.","imageHeight":658,"imageWidth":1096,"itemIndex":37,"name":"Automatically detect and fix vulnerabilities","videoHref":"","content":"<p>Microsoft Defender for Cloud identifies a series of servers without endpoint protection. Tim deploys the same automated remediation and cloud-based protection offered by Microsoft Defender for Endpoint across every device.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Automatically detect and fix vulnerabilities"},{"order":0,"position":1,"tiles":[],"arialabel":"Improve security without impacting operations","id":"10","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VmA5?ver=9562","imageAlt":"A list of affected resources in Microsoft Defender for Cloud.","imageHeight":658,"imageWidth":1096,"itemIndex":38,"name":"Improve security without impacting operations","videoHref":"","content":"<p>With just one click, Tim deploys endpoint protection across at-risk machines. And with the continuous monitoring by Microsoft Defender for Cloud, he’ll be ready to maintain compliance throughout his IT estate over time.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Improve security without impacting operations"},{"order":0,"position":2,"tiles":[],"arialabel":"Comprehensive threat detection and response","id":"11","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bz?ver=27c5","imageAlt":"A chart outlining an attack that starts with a malicious email, an attacker gaining control through multiple steps and ending with the attacker grabbing data through data exfiltration.","imageHeight":658,"imageWidth":1096,"itemIndex":39,"name":"Comprehensive threat detection and response","videoHref":"","content":"<p>Microsoft solutions helped Tim detect and respond to a sophisticated ransomware attack. Microsoft Sentinel provided an overview, Microsoft 365 Defender correlated alerts, and Microsoft Defender for Cloud helped him secure his infrastructure.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Comprehensive threat detection and response"}],"tiles":[],"arialabel":"Protect cloud resources and workloads","id":"microsoft-defender-for-cloud-protect","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VejY?ver=a38a","imageAlt":"An overview in Microsoft Defender for Cloud showing secure score, regulatory compliance measurements and more.","imageHeight":658,"imageWidth":1096,"itemIndex":36,"name":"Microsoft Defender for Cloud","videoHref":"","content":"<p>Tim now turns his focus to fortifying his security perimeter. Microsoft Defender for Cloud accelerates this process by analyzing his infrastructure environment to provide a set of actionable recommendations.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Protect cloud resources and workloads"}],"arialabel":"Detect and respond to a sophisticated attack","id":"demo","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VpaQ?ver=2460","imageAlt":"An infographic showing a malicious email as a place an attacker exploits vulnerability.","imageHeight":658,"imageWidth":1096,"itemIndex":25,"name":"Ransomware demo ","videoHref":"","content":"<p>With recent moves to the cloud, demand for remote working, and an aging application portfolio, Tim and his SecOps team at an online retailer are busier than ever. Microsoft threat protection helps them detect, respond, and mitigate new threats.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Detect and respond to a sophisticated attack"}],"itemsCount":39}