Industry-wide partnership on threat-informed defense improves security for all

MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). Microsoft is proud to be part of this industry-wide collaborative project.
The post Industry-wide partnership on threat-informed defense improves security for all appeared first on Microsoft Security. READ MORE HERE…

Read more

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

We’re excited to release a new tool called OneFuzz, an extensible fuzz testing framework for Azure.
The post Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale appeared first on Microsoft Security. READ MORE HERE…

Read more

Force firmware code to be measured and attested by Secure Launch on Windows 10

For important security features on Windows to properly do their jobs, the platform’s firmware and hardware must be trustworthy and healthy. Learn about Secure Launch, which leverages the principle of Dynamic Root of Trust for Measurement (DRTM), and System Management Mode (SMM) protection.
The post Force firmware code to be measured and attested by Secure Launch on Windows 10 appeared first on Microsoft Security. READ MORE HERE…

Read more

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.
The post Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning appeared first on Microsoft Security. READ MORE HERE…

Read more

Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics

Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains. It connects related existing alerts and generates additional alerts where suspicious events that could otherwise be missed can be detected.
The post Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics appeared first on Microsoft Security. READ MORE HERE…

Read more

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

Learn how we’re using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times.
The post Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection appeared first on Microsoft Security. READ MORE HERE…

Read more

Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents

The incidents view in Microsoft Threat Protection empowers SOC analysts by automatically fusing attack evidence and providing a consolidated view of an attack chain and affected assets, as well as a single-click remediation with easy-to-read analyst workflows.
The post Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents appeared first on Microsoft Security. READ MORE HERE…

Read more

Introducing Kernel Data Protection, a new platform security technology for preventing data corruption

Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
The post Introducing Kernel Data Protection, a new platform security technology for preventing data corruption appeared first on Microsoft Security. READ MORE HERE…

Read more

Defending Exchange servers under attack

Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.
The post Defending Exchange servers under attack appeared first on Microsoft Security. READ MORE HERE…

Read more

Microsoft continues to extend security for all with mobile protection for Android

Announcing the public preview of Microsoft Defender ATP for Android! In the rapidly evolving world of mobile threats, Microsoft is taking a holistic approach to tackling these challenges and to securing enterprises and their data with our new mobile threat defense capabilities.
The post Microsoft continues to extend security for all with mobile protection for Android appeared first on Microsoft Security. READ MORE HERE…

Read more