{"id":89193,"date":"2019-03-25T17:12:11","date_gmt":"2019-03-26T00:12:11","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=89193"},"modified":"2023-05-23T21:35:13","modified_gmt":"2023-05-24T04:35:13","slug":"dart-the-microsoft-cybersecurity-team-we-hope-you-never-meet","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/03\/25\/dart-the-microsoft-cybersecurity-team-we-hope-you-never-meet\/","title":{"rendered":"DART: the Microsoft cybersecurity team we hope you never meet"},"content":{"rendered":"

If you spent 270 days away from home, not on vacation, you\u2019d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, it\u2019s because one of our customers is in need. It means there is a security compromise and they may be dealing with a live cyberattack.<\/p>\n

As the Microsoft Detection and Response Team (DART), our job is to respond to compromises and help our customers become cyber-resilient. This is also our team mission. One we take very seriously. And it\u2019s why we are passionate about what we do for our customers.<\/p>\n

Our unique focus within the Microsoft Cybersecurity Solutions Group allows DART to provide onsite reactive incident response and remote proactive investigations. DART leverages Microsoft\u2019s strategic partnerships with security organizations around the world and with internal Microsoft product groups to provide the most complete and thorough investigation possible. Our response expertise has been leveraged by government and commercial entities around the world to help secure their most sensitive, critical environments.<\/p>\n

How DART works with Microsoft customers<\/h3>\n

Our team works with customers globally to identify risks and provide reactive incident response and proactive security investigation services to help our customers manage their cyber-risk, especially in today\u2019s dynamic threat environment.<\/p>\n

In one recent example, our experts were called in to help several financial services organizations deal with attacks launched by an advanced threat actor group that had gained administrative access and executed fraudulent transactions, transferring large sums of cash into foreign bank accounts.<\/p>\n

When the attackers realized they had been detected, they rapidly deployed destructive malware that crippled the customers\u2019 operations for three weeks. Our team was on site within hours, working around the clock, side-by-side with the customers\u2019 security teams to restore normal business operations.<\/p>\n

Incidents like these are a reminder that trust remains one of the most valuable assets in cybersecurity and the role of technology is to empower defenders to stay a step ahead of well-funded and well-organized adversaries.<\/p>\n

Overlooking a single security threat can create a serious event that could severely erode community and consumer confidence, can tarnish reputation and brand, negatively impact corporate valuations, provide competitors with an advantage, and create unwanted scrutiny.<\/p>\n

That\u2019s why our DART team also offers The Security Crisis and Response Exercise. This is a hands-on two-day custom, interactive experience on understanding security crisis situations and how to respond in the event of a cybersecurity incident. We examine our customers’ security posture and implement proactive readiness training with the objective of helping customers prepare for incident response through practice exercises.<\/p>\n

The simulation is based on real-life scenarios from recent cybersecurity incident response engagements. The exercise focuses on topics such as Ransomware, Office 365 compromises, and compromises via industry-specific malware with complex backdoor software. Each scenario focuses on the key areas of cybersecurity: Identify, Protect, Detect, Respond, and Recover and covers a broad eco-system including supply chain vulnerabilities such as software vendors, IT service vendors, and hardware vendors.<\/p>\n

DART basic recommendations<\/h3>\n

To help you become more cyber-resilient, below are a few recommendations from our team based on our experiences of what customers can be doing now to help harden their security posture.<\/p>\n

Standardize<\/strong>\u2014The cost of security increases as the complexity of the environment increases. To reduce the total cost of ownership (TCO), standardization is key. It also reduces the number of secure configurations the organization must maintain.<\/p>\n