Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Threat intelligence

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
Learn more
July 23, 2020

11 min read

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

Learn how we’re using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times.
July 8, 2020

13 min read

Introducing Kernel Data Protection, a new platform security technology for preventing data corruption

Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
June 30, 2020

6 min read

The psychology of social engineering—the “soft” side of cybercrime

Build a phishing resistant culture with Cialdini’s 6 Principles of Persuasion .
June 24, 2020

12 min read

Defending Exchange servers under attack

Exchange servers are high-value targets.
Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
June 18, 2020

7 min read

Inside Microsoft 365 Defender: Mapping attack chains from cloud to endpoint

In the first blog in the Inside Microsoft Threat Protection series, we will show how MTP provides unparalleled end-to-end visibility into the activities of nation-state level attacks like HOLMIUM.
June 17, 2020

4 min read

UEFI scanner brings Microsoft Defender ATP protection to a new level

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment.
June 16, 2020

7 min read

Exploiting a crisis: How cybercriminals behaved during the outbreak

Cybercriminals adapted their tactics to match what was going on in the world, and what we saw in the threat environment was parallel to the uptick in COVID-19 headlines and the desire for more information.
June 11, 2020

7 min read

Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
Get started
June 10, 2020

8 min read

Inside Microsoft 365 Defender: Attack modeling for finding and stopping lateral movement

Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today.
May 8, 2020

4 min read

Microsoft researchers work with Intel Labs to explore new deep learning approaches for malware classification

Researchers from Microsoft Threat Protection Intelligence Team and Intel Labs collaborated to study the application of deep transfer learning technique from computer vision to static malware classification.
April 28, 2020

13 min read

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

Multiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020.
April 22, 2020

5 min read

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

By working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.