Select Page
Image of a table which show Traditional correlation engines and Fusion technology solutions. Solutions consist of Iterative attack simulation, Probabilistic cloud kill chain, and Advances in graphical menthods.

Building the security operations center of tomorrow—better insights with compound detection

In the physical world, humans are fantastic at connecting low quality signals into high quality analysis. Consider speaking with someone in a crowded place. You may not hear every word they say, but because you are fluent in the language ... continue reading

DART: the Microsoft cybersecurity team we hope you never meet

If you spent 270 days away from home, not on vacation, you’d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, I know ... continue reading

Helping security professionals do more, better

I’m on my way to the RSA Conference in San Francisco, California, and am looking forward to connecting with our customers and partners there. We have a lot to talk about. Last week, Ann Johnson announced two new services that ... continue reading
Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior ... continue reading

Phishing with the Sharks Using the Attack Simulator

Hello, Paul Bergson back again. It is late fall and once again playoff time for High School and Collegiate volleyball. Women’s volleyball in Minnesota is a big deal and I have played and coached for over 30 years and I ... continue reading
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted ... continue reading
Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks

Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia. Given the target region and verticals, the attack ... continue reading
What’s new in Windows Defender ATP

What’s new in Windows Defender ATP

Across Windows Defender Advanced Threat Protection (Windows Defender ATP) engineering and research teams, innovation drives our mission to protect devices in the modern workplace. Our goal is to equip security teams with the tools and insights to protect, detect, investigate, ... continue reading
The evolution of Microsoft Threat Protection, November update

The evolution of Microsoft Threat Protection, November update

At Ignite 2018, we announced Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure (Figure 1). The foundation of the solution is the Microsoft Intelligent Security Graph, which correlates ... continue reading
Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word ... continue reading