Microsoft is announcing new features for its cybersecurity suite, Microsoft 365 Defender, with AI-powered capabilities that can automatically detect and stop cyberattacks such as ransomware attacks and business email compromise campaigns (BEC – business email compromised or phishing) by quickly identifying and disabling accounts or services exploited by attackers.
By successfully compromising and exploiting the correct accounts, cybercriminals can gain access to the tools and privileges they need to encrypt an entire network of machines with ransomware in no time.
Ransomware and BEC attacks can also be very costly for victims. To help protect networks from cyberattacks, Microsoft is enhancing the automatic attack disruption feature in Microsoft 365 Defender, which is powered by artificial intelligence-based threat hunting and detection capabilities.
Automatic attack termination detects attacks and removes attacker access
This capability uses extended detection and response (XDR) signals across endpoints, identities, messaging, and Software as a Service (SaaS) applications to contain cybersecurity attacks.
To prevent BEC attacks, automatic attack termination detects attacks and removes the attacker’s access to the environment by disabling the compromised account, limiting their ability to send fraudulent emails, preventing data transfers. money and financial losses.
At the same time, to prevent ransomware attacks, the tool will isolate suspicious activity from a compromised device to prevent an attacker from using it to access other machines and services that can be used to deliver the payload malicious.
Objective: limit the assailant’s progress as soon as possible
To ensure the system isn’t actively quarantining false positives — and getting in the way of legitimate users — Microsoft 365 Defender is trained using endpoint detection and response signals, as well as information from ongoing investigation of thousands of incidents by Microsoft research teams.
Action will only be taken if the activity has been properly reviewed by the AI that powers the tool and, if the activity is concluded to be malicious, automatic response actions are triggered against entities identified as compromised – thereby preventing further attacks.
“This game-changing capability is built into Microsoft 365 Defender and limits a threat actor’s progress early on – reducing the overall impact of an attack, costs associated with lost productivity,” said Eyal Haik, senior product manager at Microsoft.
Source: “ZDNet.com”