Despite the amazing and futuristic progression of technologies in cybersecurity, it’s still incredibly hard to answer the most basic of questions like: how many assets do I have, and do they adhere to my security policy? Somewhere along the line, ... continue reading

The security community has become proficient in using indicators of compromise (IoC) feeds for threat intelligence. Automated feeds have simplified the task of extracting and sharing IoCs. However, IoCs like IP addresses, domain names, and file hashes are in the ... continue reading

Worms are the cause of many cyber headaches. They can easily replicate themselves to spread malicious malware to other computers in your network. As the field responders providing Microsoft enterprise customers with onsite assistance to serious cybersecurity threats, our Detection ... continue reading

Earlier this year, I reached out to Check Point researcher Eyal Itkin, who had published multiple flaws in several Remote Desktop Protocol (RDP) clients, including a vulnerability in mstsc.exe, the built-in RDP client application in Windows. While there were no ... continue reading

Hi folks – this morning, I’m taking a little side-trip away from my series about the modern Microsoft productivity platform for a brief review of a handful of new or lesser-known gems. I’m going to touch on four capabilities, all ... continue reading

Detecting and stopping attacks that tamper with kernel-mode agents at the hypervisor level is a critical component of the unified endpoint protection platform in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). It’s not without challenges, but the deep integration ... continue reading

Artificial Intelligence (AI) and machine learning have created lots of buzz with vendors. Being cast as the superheroes of technology is great for getting attention. But even Superman and Supergirl had their kryptonite.* Could the lack of diversity and inclusiveness ... continue reading

Last March, the Council of the European Union announced the new EU Law Enforcement Emergency Response Protocol to address the growing problem of planning and coordinating between governments, agencies, and companies when cyberattacks occur across international boundaries. Remember well-known incidents ... continue reading

Modern security teams need to proactively, efficiently, and effectively hunt for threats across multiple attack vectors. To address this need, today we’re excited to give you a glimpse of a new threat hunting capability coming soon to Microsoft Threat Protection ... continue reading

We continuously harden machine learning protections against evasion and adversarial attacks. One of the latest innovations in our protection technology is the addition of a class of hardened malware detection machine learning models called monotonic models to Microsoft Defender ATP‘s ... continue reading