-
-
Improving AI-based defenses to disrupt human-operated ransomware
To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques that swiftly identify and block malicious files, processes, or behavior observed during active attacks. -
Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations
For the fourth year in a row, the independent MITRE Engenuity ATT&CK® Evaluations demonstrated that threats are no match for Microsoft’s multi-platform extended detection and response (XDR) defense capabilities. -
3 steps to secure your multicloud and hybrid infrastructure with Azure Arc
In this blog, we will share how you can increase security for on-premises and hybrid infrastructure through offerings including Azure Arc, Microsoft Defender for Cloud, and Secured-core for Azure Stack HCI. -
AI-driven adaptive protection against human-operated ransomware
We developed a cloud-based machine learning system that, when queried by a device, intelligently predicts if it is at risk, then automatically issues a more aggressive blocking verdict to protect the device, thwarting an attacker’s next steps. -
A guide to combatting human-operated ransomware: Part 2
In this post, we will tackle the risks of human-operated ransomware and detail DART’s security recommendations for tactical containment actions and post-incident activities in the event of an attack. -
A guide to combatting human-operated ransomware: Part 1
As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization. -
Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threats
Learn how your infrastructure and security operations can make you vulnerable to insider threats, ransomware, weaponized AI, and more. -
Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting
A probabilistic graphical modeling framework used by Microsoft 365 Defender research and intelligence teams for threat actor tracking enables us to quickly predict the likely threat group responsible for an attack, as well as the likely next attack stages. -
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Sweeping research into massive attacker infrastructures, as well as our real-time monitoring of malware campaigns and attacker activity, directly inform Microsoft security solutions, allowing us to build or improve protections that block malware campaigns and other email threats, both current and future, as well as provide enterprises with the tools for investigating and responding to email campaigns in real-time.