Select Page
From unstructured data to actionable intelligence: Using machine learning for threat intelligence

From unstructured data to actionable intelligence: Using machine learning for threat intelligence

The security community has become proficient in using indicators of compromise (IoC) feeds for threat intelligence. Automated feeds have simplified the task of extracting and sharing IoCs. However, IoCs like IP addresses, domain names, and file hashes are in the ... continue reading
A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Earlier this year, I reached out to Check Point researcher Eyal Itkin, who had published multiple flaws in several Remote Desktop Protocol (RDP) clients, including a vulnerability in mstsc.exe, the built-in RDP client application in Windows. While there were no ... continue reading
How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

Detecting and stopping attacks that tamper with kernel-mode agents at the hypervisor level is a critical component of the unified endpoint protection platform in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). It’s not without challenges, but the deep integration ... continue reading
The evolution of Microsoft Threat Protection—July update

The evolution of Microsoft Threat Protection—July update

Modern security teams need to proactively, efficiently, and effectively hunt for threats across multiple attack vectors. To address this need, today we’re excited to give you a glimpse of a new threat hunting capability coming soon to Microsoft Threat Protection ... continue reading
New machine learning model sifts through the good to unearth the bad in evasive malware

New machine learning model sifts through the good to unearth the bad in evasive malware

We continuously harden machine learning protections against evasion and adversarial attacks. One of the latest innovations in our protection technology is the addition of a class of hardened malware detection machine learning models called monotonic models to Microsoft Defender ATP‘s ... continue reading
InSpark modernizes cloud security with managed services solution

InSpark modernizes cloud security with managed services solution

Greetings! This is Sue Bohn, director of program management for Identity and Access Management. I’m always excited to share our partners’ experiences with you. Today’s post is really special because we’re talking with InSpark, the 2018 Country of the Year ... continue reading
Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

The prevailing perception about fileless threats, among the security industry’s biggest areas of concern today, is that security solutions are helpless against these supposedly invincible threats. Because fileless attacks run the payload directly in memory or leverage legitimate system tools ... continue reading

Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time

I’m excited to announce that Microsoft’s Threat & Vulnerability Management solution is generally available as of June 30! We have been working closely with customers for more than a year to incorporate their real needs and feedback to better address ... continue reading
Sample file path rules

Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update

With the Windows 10 May 2019 Update we delivered several important features for Windows Defender Application Control (WDAC), which was originally introduced to Windows as part of a scenario called Device Guard. WDAC works in conjunction with features like Windows ... continue reading
Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Windows Defender Antivirus is the next-generation protection component of Microsoft Defender ... continue reading