Microsoft’s 4 principals for an effective security operations center

Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.
The post Microsoft’s 4 principals for an effective security operations center appeared first on Microsoft Security. READ MORE HERE…

Read more

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Two new machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender ATP specialize in detecting threats by analyzing behavior, adding new layers of protection after an attack has started running.
The post In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks appeared first on Microsoft Security. READ MORE HERE…

Read more

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

A new fileless malware campaign we dubbed Nodersok delivers two very unusual LOLBins to turn infected machines into zombie proxies.
The post Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware appeared first on Microsoft Security. READ MORE HERE…

Read more

Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available

Our goal has remained the same since we first launched Microsoft Azure Sentinel in February: empower security operations teams to help enhance the security posture of our customers. Today, we take the next step in that journey by making Azure Sentinel generally available.
The post Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available appeared first on Microsoft Security. READ MORE HERE…

Read more

Overview of the Marsh-Microsoft 2019 Global Cyber Risk Perception survey results

Results from the 2019 Marsh-Microsoft Global Cyber Risk Perception survey reveal several encouraging signs of improvement in the way organizations view and manage cyber risk.
The post Overview of the Marsh-Microsoft 2019 Global Cyber Risk Perception survey results appeared first on Microsoft Security. READ MORE HERE…

Read more

Deep learning rises: New methods for detecting malicious PowerShell

We adopted a deep learning technique that was initially developed for natural language processing and applied to expand Microsoft Defender ATP’s coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector.
The post Deep learning rises: New methods for detecting malicious PowerShell appeared first on Microsoft Security. READ MORE HERE…

Read more

From unstructured data to actionable intelligence: Using machine learning for threat intelligence

Machine learning and natural language processing can automate the processing of unstructured text for insightful, actionable threat intelligence.
The post From unstructured data to actionable intelligence: Using machine learning for threat intelligence appeared first on Microsoft Security. READ MORE HERE…

Read more

New machine learning model sifts through the good to unearth the bad in evasive malware

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.
The post New machine learning model sifts through the good to unearth the bad in evasive malware appeared first on Microsoft Security. READ MORE HERE…

Read more