Developing connected security solutions
Learn about the Microsoft APIs, services, and communities you can develop to build connected security products and services.
Building the security operations center of tomorrow—better insights with compound detection
Learn how compound detection can help you apply the law of data gravity and correlate insights across your security platforms.
Helping security professionals do more, better
Learn how Microsoft’s latest security product releases and solutions showcased at RSA are helping security professionals do more, better.
Windows Defender ATP has protections for USB and removable devices
We recommend a layered approach for device control security, which incorporates multiple avenues of protection, including each of the above.
Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks
Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia.
Making it real—harnessing data gravity to build the next gen SOC
In this post we address the question: “How do we make data gravity a reality in the security operations center (SOC) while we are under increased and constant pressure from motivated threat actors?
Practical application of artificial intelligence that can transform cybersecurity
There is tremendous opportunity to use AI—particularly machine learning—to improve the efficacy of cybersecurity, the detection of hackers, and even prevent attacks before they occur.
Introducing Windows Defender System Guard runtime attestation
At Microsoft, we want users to be in control of their devices, including knowing the security health of these devices. If important security features should fail, users should be aware.
Detecting reflective DLL loading with Windows Defender ATP
Today’s attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk.