Security

Sign in

Microsoft security intelligence

Security research, threat intelligence, and Microsoft Threat Protection news.

September 16, 2020

Industry-wide partnership on threat-informed defense improves security for all

MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). Microsoft is proud to be part of this industry-wide collaborative project.

An image of a woman sitting at a PC work station.

September 15, 2020

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

We're excited to release a new tool called OneFuzz, an extensible fuzz testing framework for Azure.

September 1, 2020

Force firmware code to be measured and attested by Secure Launch on Windows 10

For important security features on Windows to properly do their jobs, the platform’s firmware and hardware must be trustworthy and healthy. Learn about Secure Launch, which leverages the principle of Dynamic Root of Trust for Measurement (DRTM), and System Management Mode (SMM) protection.

August 27, 2020

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.

July 29, 2020

Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics

Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains. It connects related existing alerts and generates additional alerts where suspicious events that could otherwise be missed can be detected.

July 23, 2020

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

Learn how we're using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times.

July 9, 2020

Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents

The incidents view in Microsoft Threat Protection empowers SOC analysts by automatically fusing attack evidence and providing a consolidated view of an attack chain and affected assets, as well as a single-click remediation with easy-to-read analyst workflows.

July 8, 2020

Introducing Kernel Data Protection, a new platform security technology for preventing data corruption

Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.

June 24, 2020

Defending Exchange servers under attack

Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.

June 23, 2020

Microsoft continues to extend security for all with mobile protection for Android

Announcing the public preview of Microsoft Defender ATP for Android! In the rapidly evolving world of mobile threats, Microsoft is taking a holistic approach to tackling these challenges and to securing enterprises and their data with our new mobile threat defense capabilities.

June 18, 2020

Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint

In the first blog in the Inside Microsoft Threat Protection series, we will show how MTP provides unparalleled end-to-end visibility into the activities of nation-state level attacks like HOLMIUM.

June 17, 2020

UEFI scanner brings Microsoft Defender ATP protection to a new level

The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment.

1
2
3
…
15
Next