Microsoft Defender will soon be a lot better at stopping corporate cyberattacks

Ransomware
(Image credit: Pixabay)

A number of advanced Microsoft 365 Defender features first announced last year as a means of stopping ransomware and business email compromise (BEC) attacks, have now reached public preview, the company has announced. 

The features, called “automatic disruption” use “high-confidence Extended Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps”, Microsoft explained, saying they’ll help contain active security attacks “quickly and effectively”. 

They’ll work by automatically disabling, or restricting, devices and user accounts that the threat actors have compromised and are actively using in an attack. 

Limited impact

By shutting off this access, Microsoft hopes the attackers won’t be nearly as effective as they should be, and at the same time, SOC teams get more time to deploy additional countermeasures.

As a result, ransomware and BEC attacks should have a more limited impact on the target organization, the company claims.

Automatic attack disruption operates in three stages. In the first stage, the attack is detected, and “high confidence” is established. In the second stage, different scenarios are classified, as well as assets that the attackers are currently controlling. Finally, in the third stage, automatic response actions are triggered via Microsoft 365 Defender, containing the attack and minimizing its impact.

As the name suggests, the activity of these new features is automatic, which might not sit well with some cybersecurity professionals. Microsoft seems to be aware of this fact, stating that the number of signals used should ease anyone’s anxiety around automation: 

“We understand that taking automatic action can come with hesitation, given the potential impact it can have on an organization,” the company said. “That’s why automatic attack disruption in Microsoft 365 Defender is designed to rely on high-fidelity XDR signals, coupled with insights from the continuous investigation of thousands of incidents by Microsoft’s research teams.”

Ransomware continues to be one of the most disruptive forms of cybercrime out there. Businesses are advised to train their employees on the dangers of phishing and to make sure they set up a robust backup solution. An antivirus, a firewall, and multi-factor authentication are also considered best practices.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Phone scammer
Microsoft thinks it could stop this dangerous scam forever
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Ransomware
Ransomware defenses are being weakened by outdated backup technology, limited backup data encryption, and failed data backups
Hack The Box crisis simulation event
“Everyone will experience a hack” - how incident response can protect your organization
email
A Windows filetype update may have complicated cyber threat detection efforts
Abstract image of cyber security in action.
It’s time to catch up with cyber attackers
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today