Select Page

Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team

Recently, we published our first case report (001: …And Then There Were Six) by the Microsoft Detection and Response Team (DART). We received significant positive response from our customers and colleagues and our team has been getting inquiries asking for ... continue reading

Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do

True to form, human-operated ransomware campaigns are always on prowl for any path of least resistance to gain initial access to target organizations. During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found ... continue reading

Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios

With the bulk of end users now working remotely, legacy network architectures that route all remote traffic through a central corporate network are suddenly under enormous strain. The result can be poorer performance, productivity, and user experience. Many organizations are ... continue reading
Behavioral blocking and containment: Transforming optics into protection

Behavioral blocking and containment: Transforming optics into protection

In today’s threat landscape—overrun by fileless malware that live off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, human-operated attacks that adapt to what adversaries find on compromised machines, and other sophisticated threats—behavioral ... continue reading

MISA expands with new members and new product additions

Another RSA Conference (RSAC) and another big year for the Microsoft Intelligent Security Association (MISA). MISA was launched at RSAC 2018 with 26 members and a year later we had doubled in size to 53 members. Today, I am excited ... continue reading
Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation

Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation

Attackers will cross multiple domains like email, identity, endpoints, and applications to find the point of least resistance. Today’s defense solutions have been designed to protect, detect, and block threats for each domain separately, allowing attackers to exploit the seams ... continue reading

Afternoon Cyber Tea—From threat intelligence to chatbots: A look at AI in cybersecurity

I’ve often said our teams should be as diverse as the problems we are trying to solve. Hiring a diverse security team isn’t just the right thing to do, it’s also good business. This is a topic I’m very passionate ... continue reading
Ghost in the shell: Investigating web shell attacks

Ghost in the shell: Investigating web shell attacks

Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. The organization enlisted the services of ... continue reading
Zero Hype

Zero Hype

At Ignite, I had the privilege of presenting “Zero Hype” with my colleagues Nupur Goyal (@nupur_11) who leads our Product Marketing, and Yinon Costica (@c0stica) who directs program management for Azure Security Center, Microsoft Cloud App Security, and Azure ATP ... continue reading
Image of security workers in an office.

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center (SOC) operations. We share strategies and learnings from our SOC, which protects Microsoft, and our Detection and Response Team ... continue reading