Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack
The prevailing perception about fileless threats, among the security industry’s biggest areas of concern today, is that security solutions are helpless against these supposedly invincible threats. Because fileless attacks run the payload directly in memory or leverage legitimate system tools ... continue reading
Step 9. Protect your OS: top 10 actions to secure your environment
In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) to defend your Windows, macOS, Linux, iOS, and ... continue reading
Executing on the vision of Microsoft Threat Protection
Over the last several months, we’ve provided regular updates on the rapid progress we’re making with Microsoft Threat Protection, which enables your organization to: Protect your assets with identity-driven security and powerful conditional access policies which ensure your assets are ... continue reading
Lessons learned from the Microsoft SOC—Part 2: Organizing people
In the second post in our series, we focus on the most valuable resource in the security operations center (SOC)—our people. This series is designed to share our approach and experience with operations, so you can use what we learned ... continue reading
Defend your digital landscape with Microsoft 365
What is it about the middle of the night that brings our fears to the surface? For me, it’s the unknown dangers that may confront my young daughter and how I will protect her. Fear of the unknown can also ... continue reading
Building the security operations center of tomorrow—better insights with compound detection
In the physical world, humans are fantastic at connecting low quality signals into high quality analysis. Consider speaking with someone in a crowded place. You may not hear every word they say, but because you are fluent in the language ... continue reading
Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability
In early March, we discovered a cyberattack that used an exploit for CVE-2018-20250, an old WinRar vulnerability disclosed just several weeks prior, and targeted organizations in the satellite and communications industry. A complex attack chain incorporating multiple code execution techniques ... continue reading
Step 8. Protect your documents and email: top 10 actions to secure your environment
The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 8. Protect your documents and email,” you’ll learn how to deploy Azure Information Protection and ... continue reading
Steer clear of tax scams
In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two ... continue reading
Reduce the number of admins on your servers with Just Enough Administration
First published on TECHNET on Aug 29, 2016 Least Privilege As part of your information security strategy, you are probably familiar with the principle of least privilege . The concept itself is simple -- give your IT staff and end-users ... continue reading
