Archive

Author Archive

The evolution of Microsoft Threat Protection, February update

February 13th, 2019 No comments

February is an exciting month of enhancements for Microsoft Threat Protection. For those who have followed our monthly updates (November, December, and January), youre aware that Microsoft Threat Protection helps provide users optimal security from the moment they sign in, use email, work on documents, or utilize cloud applications. IT administrators benefit from minimal complexity while staying ahead of threats to their organization. Microsoft Threat Protection is one of the few available services helping provide comprehensive security across multiple attack vectors. This month, we share enhancements to identity protection, the launch of the Microsoft 365 security center, and another example of Microsoft Threat Protection mitigating a real-world attack.

Enhancing identity protection

Currently, 81 percent of all cyberattacks are due to weak or compromised credentials. Weak identity protection exposes all other attack surfaces to cyberthreats. With this in mind, Microsoft has invested heavily in identity protectionensuring it continues as one of our fundamental strengths and differentiators. Microsoft Threat Protection leverages Azure Active Directory (Azure AD) Identity Protection, to provide comprehensive, industry leading identity protection for hundreds of millions of users. This month, were excited to announce enhancements to our identity protection capabilities with the following updates to Azure AD Identity Protection:

  • An intuitive and integrated UX for Azure AD Identity Protectionincluding security insights, recommendations, sign-ins report integration, and the ability to filter, sort, and perform bulk operations (Figure 1).
  • Powerful APIs that allow you to integrate all levels of risk data with ticketing or SIEM systems.
  • Improved risk assessment based on continuously tuning our heuristic and machine learning systems to bring you even more accurate risk analysis to drive your prevention and remediation strategy.
  • Service-wide alignmentacross risky users and risky sign-ins.

Screenshot of the new Azure AD Identity Protection Security Overview dashboard.

Figure 1. The new Azure AD Identity Protection Security – Overview dashboard.

Each of these updates is based on customer feedback and our deep domain expertise. With these updates, we continue to improve and build on securing identities for thousands of customers. In fact, several customers such as The Walsh Group, Abtis, Identity Experts, and BDO Netherlands have already experienced the benefits of these new enhancements. We hope you try the refreshed Azure AD Identity Protection. Get the full details of these updates in our blog postand please share your thoughts via the in-product prompts.

Reducing complexity with the Microsoft 365 security center

Microsoft Threat Protection is built on the Microsoft Intelligent Security Graph, which provides a deep and broad threat signal and leverages machine learning for intelligent signal correlation. Many of our customers have often asked us to provide a “single pane of glass” that provides a centralized experience across their Microsoft security services and helps correlate signals from disparate sources, to provide richer insights that lead to intelligent security decisions.

To address this critical customer ask, we recently launched the Microsoft 365 security center (Figure 2), which helps surface much of these correlated signals in a detailed and elegant user interface, helping reduce the complexity of an organizations security environment. The new Microsoft 365 security center (which can be accessed at security.microsoft.com) provides security administrators (SecAdmins) a centralized hub and specialized workspace to manage and take full advantage of most Microsoft Threat Protection services. Admins will gain the visibility, control, and guidance necessary to understand and act on the threats currently impacting their organization, as well as information on past and future threats.

Screenshot of the new Microsoft 365 security center.

Figure 2. The new Microsoft 365 security center (security.microsoft.com).

The Microsoft 365 security center also provides experiences for security operators (SecOps) through the integration of incident response capabilities such as a centralized alert view and powerful hunting capabilities enabling ad-hoc investigations. Well be making continuous enhancements to the Microsoft 365 security center and providing updates on its progress.

Microsoft Threat Protection secures think tanks, non-profits, and the public sector from unidentified attackers

While our updates on new features and enhancements hopefully convey our focus and investment in providing best-in-class security, Microsoft Threat Protections ability to stop real-world threats is ultimately the truest test. Recently, Microsoft Threat Protection helped secure several public sector institutions and non-governmental organizations like think tanks, research centers, educational institutions, private-sector corporations in the oil and gas, chemical, and hospitality industries from a very aggressive cyberattack. Some third-party security researchers have attributed the attack to CozyBear, though Microsoft does not believe there is yet enough evidence to attribute the attack to CozyBear. Figure 3 shows the full attack chain.

Graph of the attack chain of a recent threat to public sector and other non-government agencies by unidentified attacker.

Figure 3. Attack chain of recent threat to public sector and other non-government agencies by unidentified attacker.

Customers using the completeMicrosoft Threat Protectionsolution were secured from the attack. Behavior-based protections in multiple Microsoft Threat Protection components blocked malicious activities and exposed the attack at its early stages.Office 365 Advanced Threat Protection detected emails with malicious URLs, blocking them, including samples which had never been seen before. Meanwhile, numerous alerts inWindows Defender Advanced Threat Protection (ATP)exposed the attacker techniques across the attack chain.

Due to the nature of the victims, and because the campaign features characteristics of previously observed nation-state attacks, Microsoft took the added step of notifying thousands of individual recipients in hundreds of targeted organizations. As part of theDefending Democracy Program, Microsoft encourages eligible organizations to participate inMicrosoft AccountGuard, a service designed to help these highly targeted customers protect themselves from cybersecurity threats. Learn about the full analysis in our recent blog.

Experience the evolution of Microsoft Threat Protection

Take a moment to learn more about Microsoft Threat Protection, read our previous monthly updates, and visit Integrated and automated security. Organizations have already transitioned to Microsoft Threat Protection and partners are leveraging its powerful capabilities.

Begin trials of the Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.

The post The evolution of Microsoft Threat Protection, February update appeared first on Microsoft Secure.

Categories: cybersecurity Tags:

The evolution of Microsoft Threat Protection, February update

February 13th, 2019 No comments

February is an exciting month of enhancements for Microsoft Threat Protection. For those who have followed our monthly updates (November, December, and January), youre aware that Microsoft Threat Protection helps provide users optimal security from the moment they sign in, use email, work on documents, or utilize cloud applications. IT administrators benefit from minimal complexity while staying ahead of threats to their organization. Microsoft Threat Protection is one of the few available services helping provide comprehensive security across multiple attack vectors. This month, we share enhancements to identity protection, the launch of the Microsoft 365 security center, and another example of Microsoft Threat Protection mitigating a real-world attack.

Enhancing identity protection

Currently, 81 percent of all cyberattacks are due to weak or compromised credentials. Weak identity protection exposes all other attack surfaces to cyberthreats. With this in mind, Microsoft has invested heavily in identity protectionensuring it continues as one of our fundamental strengths and differentiators. Microsoft Threat Protection leverages Azure Active Directory (Azure AD) Identity Protection, to provide comprehensive, industry leading identity protection for hundreds of millions of users. This month, were excited to announce enhancements to our identity protection capabilities with the following updates to Azure AD Identity Protection:

  • An intuitive and integrated UX for Azure AD Identity Protectionincluding security insights, recommendations, sign-ins report integration, and the ability to filter, sort, and perform bulk operations (Figure 1).
  • Powerful APIs that allow you to integrate all levels of risk data with ticketing or SIEM systems.
  • Improved risk assessment based on continuously tuning our heuristic and machine learning systems to bring you even more accurate risk analysis to drive your prevention and remediation strategy.
  • Service-wide alignmentacross risky users and risky sign-ins.

Screenshot of the new Azure AD Identity Protection Security Overview dashboard.

Figure 1. The new Azure AD Identity Protection Security – Overview dashboard.

Each of these updates is based on customer feedback and our deep domain expertise. With these updates, we continue to improve and build on securing identities for thousands of customers. In fact, several customers such as The Walsh Group, Abtis, Identity Experts, and BDO Netherlands have already experienced the benefits of these new enhancements. We hope you try the refreshed Azure AD Identity Protection. Get the full details of these updates in our blog postand please share your thoughts via the in-product prompts.

Reducing complexity with the Microsoft 365 security center

Microsoft Threat Protection is built on the Microsoft Intelligent Security Graph, which provides a deep and broad threat signal and leverages machine learning for intelligent signal correlation. Many of our customers have often asked us to provide a “single pane of glass” that provides a centralized experience across their Microsoft security services and helps correlate signals from disparate sources, to provide richer insights that lead to intelligent security decisions.

To address this critical customer ask, we recently launched the Microsoft 365 security center (Figure 2), which helps surface much of these correlated signals in a detailed and elegant user interface, helping reduce the complexity of an organizations security environment. The new Microsoft 365 security center (which can be accessed at security.microsoft.com) provides security administrators (SecAdmins) a centralized hub and specialized workspace to manage and take full advantage of most Microsoft Threat Protection services. Admins will gain the visibility, control, and guidance necessary to understand and act on the threats currently impacting their organization, as well as information on past and future threats.

Screenshot of the new Microsoft 365 security center.

Figure 2. The new Microsoft 365 security center (security.microsoft.com).

The Microsoft 365 security center also provides experiences for security operators (SecOps) through the integration of incident response capabilities such as a centralized alert view and powerful hunting capabilities enabling ad-hoc investigations. Well be making continuous enhancements to the Microsoft 365 security center and providing updates on its progress.

Microsoft Threat Protection secures think tanks, non-profits, and the public sector from unidentified attackers

While our updates on new features and enhancements hopefully convey our focus and investment in providing best-in-class security, Microsoft Threat Protections ability to stop real-world threats is ultimately the truest test. Recently, Microsoft Threat Protection helped secure several public sector institutions and non-governmental organizations like think tanks, research centers, educational institutions, private-sector corporations in the oil and gas, chemical, and hospitality industries from a very aggressive cyberattack. Some third-party security researchers have attributed the attack to CozyBear, though Microsoft does not believe there is yet enough evidence to attribute the attack to CozyBear. Figure 3 shows the full attack chain.

Graph of the attack chain of a recent threat to public sector and other non-government agencies by unidentified attacker.

Figure 3. Attack chain of recent threat to public sector and other non-government agencies by unidentified attacker.

Customers using the completeMicrosoft Threat Protectionsolution were secured from the attack. Behavior-based protections in multiple Microsoft Threat Protection components blocked malicious activities and exposed the attack at its early stages.Office 365 Advanced Threat Protection detected emails with malicious URLs, blocking them, including samples which had never been seen before. Meanwhile, numerous alerts inWindows Defender Advanced Threat Protection (ATP)exposed the attacker techniques across the attack chain.

Due to the nature of the victims, and because the campaign features characteristics of previously observed nation-state attacks, Microsoft took the added step of notifying thousands of individual recipients in hundreds of targeted organizations. As part of theDefending Democracy Program, Microsoft encourages eligible organizations to participate inMicrosoft AccountGuard, a service designed to help these highly targeted customers protect themselves from cybersecurity threats. Learn about the full analysis in our recent blog.

Experience the evolution of Microsoft Threat Protection

Take a moment to learn more about Microsoft Threat Protection, read our previous monthly updates, and visit Integrated and automated security. Organizations have already transitioned to Microsoft Threat Protection and partners are leveraging its powerful capabilities.

Begin trials of the Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.

The post The evolution of Microsoft Threat Protection, February update appeared first on Microsoft Secure.

Categories: cybersecurity Tags:

The evolution of Microsoft Threat Protection, January update

January 16th, 2019 No comments

As the new year begins, progress with Microsoft Threat Protection continues. It remains one of the only solutions available in market, providing comprehensive, end-to-end security for the modern workplace. Microsoft Threat Protection helps users gain optimal security from the moment they sign in to their laptops or mobile devices, check their email or begin work on their documents, or utilize the many cloud applications common in the modern workplace. IT administrators benefit from minimal complexity in staying ahead of the threat landscape, gaining visibility and control over the expanding attack surface, and reducing the time, cost, and effort needed to understand and take action on the trillions of threat signals observed from their IT environment.

In previous posts, we provided examples of how Microsoft Threat Protection helps secure across identities, endpoints, email and data, apps, and infrastructure. We also highlighted how Microsoft Threat Protection quickly and efficiently handled the Tropic Trooper attack campaign. Today, we highlight examples of automation and seamless integration which are core differentiators for Microsoft Threat Protection. We first discuss new automation capabilities that improve security for your apps ecosystem. Next, we share results from the MITRE evaluation that exemplifies how signal sharing across integrated security services helps provide impressive threat detection capabilities for endpoints.

Simplifying the life of SecOps with automated security workflows

Automation is a key attribute of Microsoft Threat Protection. While it comes in many forms, the intent is always to help reduce the burden on security teams tasked with handling the myriad and frequent threats modern organizations deal with. Automation can address basic security needs, enabling security teams to focus on the more challenging security problems. This ultimately helps make organizations less susceptible to threats.

The following example demonstrates how our automation capabilities can simplify the oversight for cloud apps and services. Microsoft Threat Protection helps secure cloud apps and services with Microsoft Cloud App Security, a premier Cloud Access Security Broker (CASB) service. It gives visibility into cloud apps and services, provides sophisticated analytics to identify and combat cyberthreats, and enables control over data travel. Leading organizations such as Accenture leverage the monitoring capabilities of Cloud App Security to detect anomalous behavior in their SaaS and cloud apps. Now imagine adding the benefit of automated workflows to this already powerful service. We have heard feedback in countless discussions with Security Operations (SecOps) professionals that solutions enabling automated processes would help significantly by reducing the number of incidents requiring direct oversight.

To serve this customer need, were excited to announce the integration of Microsoft Flow with Cloud App Security (Figure 1). This new integration supports a series of powerful use cases to enable centralized alert automation and orchestration by leveraging out-of-the-box and custom workflow playbooks that work with the systems of your choice. Microsoft Flow leverages an ecosystem of connectors from over 100 third-party services including ServiceNow, Jira, and SAP. The combination of Cloud App Security and Microsoft Flow will enable security specialists to create playbooks that work with systems of their choice, existing in-house processes, and automating the triage of alerts. Learn more about the detailed use cases and exciting capabilities this integration facilitates.

Figure 1. Microsoft Cloud App Security + Microsoft Flow integration schematic.

Demonstrating industry leading optics and detection for endpoint security

The Microsoft Intelligent Security Graph is the foundational element of Microsoft Threat Protection powering every service in the solution, providing a blend of deep and broad threat signals, and leveraging machine learning for intelligent signal correlation. The Intelligent Security Graph seamlessly integrates all Microsoft Threat Protection services, enabling each to share signal.

For example, Windows Defender Advanced Threat Protection (ATP) correlates signals across endpoints and identities by leveraging signal from Azure ATP (identity security). MITRE recently evaluated Windows Defender ATPs ability to detect techniques used by the attack group APT3 (also known as Boron or UPS). Windows Defender ATPs exceptional capabilities registered the best optics and top detection coverage across the attacker kill chain. Seamless integration is a tenet of Microsoft Threat Protection and the results from the MITRE evaluation provide another example of how seamless integration across different security services leads to exceptional security gains.

It is important to note that MITRE evaluates detection capabilities only. Windows Defender ATP also provides protection and response to threats. In a customer environment, Windows Defender ATP would have blocked many of the attack techniques at onset by leveraging attack surface reduction and next-gen protection capabilities. In addition, investigation and hunting features enable security operations personnel to correlate alerts and incidents, enabling holistic response actions.

To learn more about Microsofts MITRE results, read Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP and visit the MITRE website. Please reach out to your Microsoft rep to walk through the full details of the results.

Experience the evolution of Microsoft Threat Protection

Take a moment to learn more about Microsoft Threat Protection and read our previous monthly updates. Organizations have already transitioned to Microsoft Threat Protection and partners are leveraging its powerful capabilities.

Begin trials of the Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.

The post The evolution of Microsoft Threat Protection, January update appeared first on Microsoft Secure.

Categories: cybersecurity Tags:

The evolution of Microsoft Threat Protection, January update

January 16th, 2019 No comments

As the new year begins, progress with Microsoft Threat Protection continues. It remains one of the only solutions available in market, providing comprehensive, end-to-end security for the modern workplace. Microsoft Threat Protection helps users gain optimal security from the moment they sign in to their laptops or mobile devices, check their email or begin work on their documents, or utilize the many cloud applications common in the modern workplace. IT administrators benefit from minimal complexity in staying ahead of the threat landscape, gaining visibility and control over the expanding attack surface, and reducing the time, cost, and effort needed to understand and take action on the trillions of threat signals observed from their IT environment.

In previous posts, we provided examples of how Microsoft Threat Protection helps secure across identities, endpoints, email and data, apps, and infrastructure. We also highlighted how Microsoft Threat Protection quickly and efficiently handled the Tropic Trooper attack campaign. Today, we highlight examples of automation and seamless integration which are core differentiators for Microsoft Threat Protection. We first discuss new automation capabilities that improve security for your apps ecosystem. Next, we share results from the MITRE evaluation that exemplifies how signal sharing across integrated security services helps provide impressive threat detection capabilities for endpoints.

Simplifying the life of SecOps with automated security workflows

Automation is a key attribute of Microsoft Threat Protection. While it comes in many forms, the intent is always to help reduce the burden on security teams tasked with handling the myriad and frequent threats modern organizations deal with. Automation can address basic security needs, enabling security teams to focus on the more challenging security problems. This ultimately helps make organizations less susceptible to threats.

The following example demonstrates how our automation capabilities can simplify the oversight for cloud apps and services. Microsoft Threat Protection helps secure cloud apps and services with Microsoft Cloud App Security, a premier Cloud Access Security Broker (CASB) service. It gives visibility into cloud apps and services, provides sophisticated analytics to identify and combat cyberthreats, and enables control over data travel. Leading organizations such as Accenture leverage the monitoring capabilities of Cloud App Security to detect anomalous behavior in their SaaS and cloud apps. Now imagine adding the benefit of automated workflows to this already powerful service. We have heard feedback in countless discussions with Security Operations (SecOps) professionals that solutions enabling automated processes would help significantly by reducing the number of incidents requiring direct oversight.

To serve this customer need, were excited to announce the integration of Microsoft Flow with Cloud App Security (Figure 1). This new integration supports a series of powerful use cases to enable centralized alert automation and orchestration by leveraging out-of-the-box and custom workflow playbooks that work with the systems of your choice. Microsoft Flow leverages an ecosystem of connectors from over 100 third-party services including ServiceNow, Jira, and SAP. The combination of Cloud App Security and Microsoft Flow will enable security specialists to create playbooks that work with systems of their choice, existing in-house processes, and automating the triage of alerts. Learn more about the detailed use cases and exciting capabilities this integration facilitates.

Figure 1. Microsoft Cloud App Security + Microsoft Flow integration schematic.

Demonstrating industry leading optics and detection for endpoint security

The Microsoft Intelligent Security Graph is the foundational element of Microsoft Threat Protection powering every service in the solution, providing a blend of deep and broad threat signals, and leveraging machine learning for intelligent signal correlation. The Intelligent Security Graph seamlessly integrates all Microsoft Threat Protection services, enabling each to share signal.

For example, Windows Defender Advanced Threat Protection (ATP) correlates signals across endpoints and identities by leveraging signal from Azure ATP (identity security). MITRE recently evaluated Windows Defender ATPs ability to detect techniques used by the attack group APT3 (also known as Boron or UPS). Windows Defender ATPs exceptional capabilities registered the best optics and top detection coverage across the attacker kill chain. Seamless integration is a tenet of Microsoft Threat Protection and the results from the MITRE evaluation provide another example of how seamless integration across different security services leads to exceptional security gains.

It is important to note that MITRE evaluates detection capabilities only. Windows Defender ATP also provides protection and response to threats. In a customer environment, Windows Defender ATP would have blocked many of the attack techniques at onset by leveraging attack surface reduction and next-gen protection capabilities. In addition, investigation and hunting features enable security operations personnel to correlate alerts and incidents, enabling holistic response actions.

To learn more about Microsofts MITRE results, read Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP and visit the MITRE website. Please reach out to your Microsoft rep to walk through the full details of the results.

Experience the evolution of Microsoft Threat Protection

Take a moment to learn more about Microsoft Threat Protection and read our previous monthly updates. Organizations have already transitioned to Microsoft Threat Protection and partners are leveraging its powerful capabilities.

Begin trials of the Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.

The post The evolution of Microsoft Threat Protection, January update appeared first on Microsoft Secure.

Categories: cybersecurity Tags: