A playbook for modernizing security operations
What’s the future of security operations? Dave Kennedy, Founder of Binary Defense, shares his insights on threat hunting, incident response, and more with Microsoft.
Industry-wide partnership on threat-informed defense improves security for all
MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). Microsoft is proud to be part of this industry-wide collaborative project.
Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation
Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams.
Inside Microsoft 365 Defender: Attack modeling for finding and stopping lateral movement
Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today.
Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation
The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of such an advanced attack as APT29.
MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats
During the MITRE ATT&CK evaluation, Microsoft Threat Protection delivered on providing the deepest optics, near real time detection, and a complete view of the attack story.
Threat hunting: Part 1—Why your SOC needs a proactive hunting team
A threat hunting team can help you defend against stealth attackers.
Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation
Threat protection that changes our approach to attacks requires built-in intelligence that can understand how an attack got in, prevent its spread across domains, and automatically heal compromised assets.
Microsoft’s 4 principles for an effective security operations center
Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.
Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP
In MITRE’s evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring delivered comprehensive coverage of attacker techniques across the entire attack chain.
Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.