
Recommendations for deploying the latest Attack surface reduction rules for maximum impact
The keystone to good security hygiene is limiting your attack surface. Attack surface reduction is a technique to remove or constrain exploitable behaviors in your systems. In this blog, we discuss the two attack surface reduction rules introduced in the ... continue reading

Windows Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices
Digital transformation and the transition to a modern workplace encourage employee engagement, productivity, and collaboration. This transition poses major challenges in protecting sensitive information. In the modern workplace, the perimeter between the corporate network and the cloud are fading. Sensitive ... continue reading

Windows Defender ATP has protections for USB and removable devices
Meet Jimmy. Jimmy is an employee in your company. He Does Things With Computers (official title). Last Wednesday, as Jimmy got out of his car after parking in the company-owned parking lot, he saw something on the ground. That something ... continue reading

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP
In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior ... continue reading

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted ... continue reading

Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks
Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia. Given the target region and verticals, the attack ... continue reading

Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word ... continue reading

Small businesses targeted by highly localized Ursnif campaign
Cyber thieves are continuously looking for new ways to get people to click on a bad link, open a malicious file, or install a poisoned update in order to steal valuable data. In the past, they cast as wide a ... continue reading

Partnering with the industry to minimize false positives
Every day, antivirus capabilities in Windows Defender Advanced Threat Protection (Windows Defender ATP) protect millions of customers from threats. To effectively scale protection, Windows Defender ATP uses intelligent systems that combine multiple layers of machine learning models, behavior-based detection algorithms, ... continue reading

Protecting the protector: Hardening machine learning defenses against adversarial attacks
Harnessing the power of machine learning and artificial intelligence has enabled Windows Defender Advanced Threat Protection (Windows Defender ATP) next-generation protection to stop new malware attacks before they can get started often within milliseconds. These predictive technologies are central to ... continue reading