Incident response

Incident response is the process of detecting, investigating, and responding to cyberattacks, security breaches, or IT incidents. Explore the latest trends and intelligence-driven strategies that help you prevent future attacks.

Refine Results

Filtered by

Clear All

Incident response

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
December 17, 2020

5 min read

A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture

This blog post will explain simple Microsoft security defaults and Secure Score—two features you should take advantage of that are easy to utilize and can significantly improve security in Azure AD and Office 365 configurations.
July 28, 2020

5 min read

Empower your analysts to reduce burnout in your security operations center

Strategic use of automation and metrics can help you create a continuous learning culture that keeps your team engaged in the work.
July 20, 2020

4 min read

Hello open source security! Managing risk with software composition analysis

Software composition analysis guides the selection and management of open source components to help you reduce your security risk.
May 6, 2020

6 min read

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

Security incidents don’t happen exclusively during business hours: attackers often wait until the late hours of the night to breach an environment.
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
Learn more
May 4, 2020

7 min read

CISO Series: Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC.
April 22, 2020

5 min read

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

By working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.
April 21, 2020

4 min read

MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats

During the MITRE ATT&CK evaluation, Microsoft Threat Protection delivered on providing the deepest optics, near real time detection, and a complete view of the attack story.
April 8, 2020

7 min read

Microsoft shares new threat intelligence, security guidance during global crisis

Our threat intelligence shows that COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to the pandemic.
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
Learn more
February 4, 2020

5 min read

Ghost in the shell: Investigating web shell attacks

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.
December 23, 2019

7 min read

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

In this next post in our series, we provide insight into a day in the life of our SOC analysts investigating common front door attacks.
December 17, 2019

1 min read

Norsk Hydro responds to ransomware attack with transparency

Aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware.
December 16, 2019

4 min read

Ransomware response

As part of Microsoft’s Detection and Response Team (DART) Incident Response engagements, we regularly get asked by customers about “paying the ransom” following a ransomware attack.