Microsoft security intelligence

Security research, threat intelligence, and Microsoft Threat Protection news.

Featured image for Operational resilience begins with your commitment to and investment in cyber resilience

Operational resilience begins with your commitment to and investment in cyber resilience

Operational resilience cannot be achieved without a true commitment to and investment in cyber resilience.
Read more Operational resilience begins with your commitment to and investment in cyber resilience
Featured image for Deep learning rises: New methods for detecting malicious PowerShell

Deep learning rises: New methods for detecting malicious PowerShell

We adopted a deep learning technique that was initially developed for natural language processing and applied to expand Microsoft Defender ATP's coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector.
Read more Deep learning rises: New methods for detecting malicious PowerShell
Featured image for Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant

Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant

Gartner named Microsoft a Leader in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms, positioned highest in execution.
Read more Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant
Featured image for From unstructured data to actionable intelligence: Using machine learning for threat intelligence

From unstructured data to actionable intelligence: Using machine learning for threat intelligence

Machine learning and natural language processing can automate the processing of unstructured text for insightful, actionable threat intelligence.
Read more From unstructured data to actionable intelligence: Using machine learning for threat intelligence
Featured image for A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.
Read more A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response
Featured image for How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.
Read more How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
Featured image for New machine learning model sifts through the good to unearth the bad in evasive malware

New machine learning model sifts through the good to unearth the bad in evasive malware

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.
Read more New machine learning model sifts through the good to unearth the bad in evasive malware
Featured image for Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

Advanced technologies in Microsoft Defender ATP's Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory
Read more Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Featured image for Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time

Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time

Microsoft’s Threat & Vulnerability Management solution is generally available!
Read more Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
Featured image for Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update

Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update

With the Windows 10 May 2019 Update we delivered several important features for Windows Defender Application Control. Our focus for this release was responding to some longstanding feedback on manageability improvements. We’re excited to introduce new capabilities in Windows Defender Application Control.
Read more Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update
Featured image for Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Multiple next-generation protection engines to detect and stop a wide range of threats and attacker techniques at multiple points, providing industry-best detection and blocking capabilities.
Read more Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
Featured image for New browser extensions for integrating Microsoft’s hardware-based isolation

New browser extensions for integrating Microsoft’s hardware-based isolation

The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox.
Read more New browser extensions for integrating Microsoft’s hardware-based isolation