Category: Microsoft Security

Read the original article: 5 identity priorities for 2021—strengthening security for the hybrid work era and beyond When I outlined the five identity priorities for 2020, the world was a very different place. Since then, the COVID-19 pandemic has forever…

Read more →

Read the original article: The state of apps by Microsoft identity: Azure AD app gallery apps that made the most impact in 2020 See what applications in the Azure AD app gallery powered the way we work, learn, and collaborate…

Read more →

Read the original article: Microsoft surpasses $10 billion in security business revenue, more than 40 percent year-over-year growth Company empowers the defenders who secure across platforms and clouds to make the world a safer place. The post Microsoft surpasses $10…

Read more →

Read the original article: Protecting multi-cloud environments with Azure Security Center When we started developing Azure Security Center, our mission was clear: be the best solution to protect Azure Resources. The post Protecting multi-cloud environments with Azure Security Center appeared…

Read more →

Read the original article: Announcing the general availability of Azure Defender for IoT As businesses increasingly rely on connected devices to optimize their operations, the number of IoT and Operational Technology (OT) endpoints is growing dramatically—industry analysts have estimated that…

Read more →

Read the original article: How companies are securing devices with Zero Trust practices Organizations are seeing a substantial increase in the diversity of devices accessing their networks. With employees using personal devices and accessing corporate resources from new locations in…

Read more →

Read the original article: Identity governance: The power of “Why not?” Innovation requires the courage to take risks and the leadership skills to show others that risks are worth taking. That’s why I love working with people like Joe Dadzie, a partner group…

Read more →

Read the original article: Blue Cedar partners with Microsoft to combat BYOD issues IT and security teams have been searching for a solution to accommodate BYOD that won’t compromise network security. The post Blue Cedar partners with Microsoft to combat…

Read more →

Read the original article: The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2 In this blog Jake Williams, Founder of Rendition InfoSec shares his insights on the 2020 threat landscape—who to watch…

Read more →

Read the original article: Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How…

Read more →

Read the original article: Using Zero Trust principles to protect against sophisticated attacks like Solorigate The Solorigate supply chain attack has captured the focus of the world over the last month. This attack was simultaneously sophisticated and ordinary. The actor…

Read more →

Read the original article: How IT leaders are securing identities with Zero Trust The past twelve months have been a remarkable time of digital transformation as organizations, and especially digital security teams, adapt to working remotely and shifting business operations. IT leaders everywhere turned to…

Read more →

Read the original article: Simplify compliance and manage risk with Microsoft Compliance Manager The cost of non-compliance is more than twice that of compliance costs. Non-compliance with the ever-increasing and changing regulatory requirements can have a significant impact on your…

Read more →

Read the original article: Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender This blog is a guide for security administrators using Microsoft 365 Defender and Azure Defender to identify and implement security configuration and posture improvements that…

Read more →

Read the original article: Azure Active Directory empowers frontline workers with simplified and secure access Learn how frontline workers can access the productivity tools they need with simplified sign-in authentication and built-in security—directly from the shop floor. The post Azure…

Read more →

Read the original article: New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely The new Surface Pro 7+ for Business will ship with virtualization-based security (VBS) and Hypervisor-protected code integrity (HVCI, also commonly…

Read more →

Read the original article: Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact GDPR, HIPPA, GLBA, all 50 U.S. States, and many countries have privacy breach reporting requirements. If an organization experiences a breach of relevant…

Read more →

Read the original article: The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 1 In this blog Jake Williams, Founder of Rendition InfoSec shares his insights on the 2020 threat landscape—who to watch…

Read more →

Read the original article: Forcepoint and Microsoft: Risk-based access control for the remote workforce Forcepoint integrates with Azure Active Directory conditional access policies based on an individual’s dynamically calculated risk level. The post Forcepoint and Microsoft: Risk-based access control for…

Read more →

Read the original article: Using Microsoft 365 Defender to protect against Solorigate This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s…

Read more →

Read the original article: Advice for incident responders on recovery from systemic identity compromises Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate. DART walks you through remediation steps as well as…

Read more →

Read the original article: Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack.…

Read more →

Read the original article: A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture This blog post will explain simple Microsoft security defaults and Secure Score—two features you should take advantage of that…

Read more →

Read the original article: Collaborative innovation on display in Microsoft’s insider risk management strategy Partnering with organizations like Carnegie Mellon University allows us to bring their rich research and insights to our products and services, so customers can fully benefit…

Read more →

Read the original article: A breakthrough year for passwordless technology Learn how Microsoft and its partners are advancing IAM through secure passwordless access. The post A breakthrough year for passwordless technology appeared first on Microsoft Security.   Become a supporter…

Read more →

Read the original article: Becoming resilient by understanding cybersecurity risks: Part 2 Whilst this may be uncomfortable reading, the ability to pre-empt and respond quickly to these attacks is now an organizational imperative that requires a level of close collaboration…

Read more →

Read the original article: Terranova Security Gone Phishing Tournament reveals continued weak spot in cybersecurity See which industries had the highest click rates, as well as results sorted by organization size, previous training, and more. The post Terranova Security Gone…

Read more →

Read the original article: Ensuring customers are protected from Solorigate Microsoft is monitoring a dynamic threat environment surrounding the discovery of a sophisticated attack that included compromised binaries from a legitimate software. These binaries, which are related to the SolarWinds…

Read more →

Read the original article: Siemens USA CISO: 3 essentials to look for in a cloud provider Learn why Kurt John of Siemens USA sees continued migration to the cloud as inevitable across industries. The post Siemens USA CISO: 3 essentials…

Read more →

Read the original article: New cloud-native breadth threat protection capabilities in Azure Defender As the world adapts to working remotely, the threat landscape is constantly evolving, and security teams struggle to protect workloads with multiple solutions that are often not…

Read more →

Read the original article: Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020. At…

Read more →

Read the original article: Building a Zero Trust business plan These past six months have been a remarkable time of transformation for many IT organizations. With the forced shift to remote work, IT professionals have had to act quickly to…

Read more →

Read the original article: EDR in block mode stops IcedID cold Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats. Learn how it stopped an IcedID attack. The…

Read more →

Read the original article: Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security Cybercriminals have ramped up their initial compromises through phishing and pharming attacks using a variety of tools and tactics that, while numerous, are…

Read more →

Read the original article: Deliver productive and seamless user experiences with Azure Active Directory Learn how identity has become the new security perimeter and how an identity-based framework reduces risk and improves productivity. The post Deliver productive and seamless user…

Read more →

Read the original article: Deliver productive and seamless users experiences with Azure Active Directory Learn how identity has become the new security perimeter and how an identity-based framework reduces risk and improves productivity. The post Deliver productive and seamless users…

Read more →

Read the original article: Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet The accelerated rate of digital transformation we have seen this past year presents both challenges and endless opportunities for individuals, organizations,…

Read more →

Read the original article: Manage, govern, and get more value out of your data with Azure Purview Data is the currency of today’s economy. Data is being created faster than ever in more locations than organizations can track. In fact,…

Read more →

Read the original article: Protect your SQL Server on-premises, in Azure, and in multicloud Azure Defender for SQL is now generally available for use with SQL Server on premises, in multicloud deployments on Amazon Web Services (AWS), and Google Cloud…

Read more →

Read the original article: Protect your SQL server on premises, in Azure and in multi-cloud Azure Defender for SQL is now generally available for use with SQL Server on premises, in multi-cloud deployments on Amazon Web Services (AWS), and Google…

Read more →

Read the original article: Azure Sentinel achieves a Leader placement in Forrester Wave, with top ranking in Strategy I’m thrilled to announce Forrester Research has named Microsoft Azure Sentinel as a “Leader” in The Forrester Wave™: Security Analytics Platform Providers,…

Read more →

Read the original article: Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns…

Read more →

Read the original article: Zerologon is now detected by Microsoft Defender for Identity There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy…

Read more →

Read the original article: Go inside the new Azure Defender for IoT including CyberX In 2020, the move toward digital transformation and Industry 4.0 took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational…

Read more →

Read the original article: Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory (Azure AD) has been…

Read more →

Read the original article: IoT security: how Microsoft protects Azure Datacenters Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices.…

Read more →

Read the original article: Gartner names Microsoft a Leader in the 2020 Magic Quadrant for Cloud Access Security Brokers The past few months have changed the way we work in many ways, working from home, social distancing, and remote operations…

Read more →

Read the original article: Cyberattacks targeting health care must stop In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19. The targets include leading pharmaceutical companies and…

Read more →

Read the original article: Modernize secure access for your on-premises resources with Zero Trust Change came quickly in 2020. More likely than not, a big chunk of your workforce has been forced into remote access. And with remote work came…

Read more →

Read the original article: Key layers for developing a Smarter SOC with CyberProof-managed Microsoft Azure security services This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA here.   Security teams are…

Read more →

Read the original article: Key layers for developing a smarter SOC with CyberProof-managed Microsoft Azure security services This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA here.   Security teams are…

Read more →

Read the original article: Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs In collaboration with leading silicon partners AMD, Intel, and Qualcomm Technologies, Inc., we are announcing the Microsoft Pluton security processor.…

Read more →

Read the original article: Forrester TEI study: Azure Sentinel delivers 201 percent ROI over 3 years and a payback of less than 6 months 2020 has been a transitional year, ushering in broad changes in how, and where, we work.…

Read more →

Read the original article: System Management Mode deep dive: How SMM isolation hardens the platform Key to defending the hypervisor, and by extension the rest of the OS, from low-level threats is protecting System Management Mode (SMM), an execution mode…

Read more →

Read the original article: Empowering employees to securely work from anywhere with an internet-first model and Zero Trust Like many this year, our Microsoft workforce had to quickly transition to a work from the home model in response to COVID-19.…

Read more →

Read the original article: Extend data loss prevention to your devices with Microsoft Endpoint Data Loss Prevention, now generally available Managing and protecting data is critical to any organization. Data is growing exponentially, and remote work is making it even…

Read more →

Read the original article: Microsoft recognized as a Leader in the 2020 Gartner Magic Quadrant for Enterprise Information Archiving Organizations face an increasing volume of data generated daily and ever-evolving regulations around how that data is managed. To help navigate…

Read more →

Read the original article: It’s Cybersecurity Awareness Month and there is still a lot to do October is National Cyber Security Awareness Month (NCSAM). And there is still a lot to do! For the last 17 years, the National Cybersecurity Awareness Month…

Read more →

Read the original article: Unilever CISO on balancing business risks with cybersecurity Imagine showing up to work every day knowing that your job requires protecting 160,000 employees creating more than 450 products around the world—tea, ice cream, personal care, laundry…

Read more →

Read the original article: Back to the future: What the Jericho Forum taught us about modern security Learn about the roots of Zero Trust concept in the Jericho Forum and how they apply to today’s world of remote work more…

Read more →

Read the original article: Cyberattacks against machine learning systems are more common than you think Machine learning (ML) is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses,…

Read more →

Read the original article: Addressing cybersecurity risk in industrial IoT and OT As the industrial Internet of Things (IIoT) and operational technology (OT) continue to evolve and grow, so too, do the responsibilities of the Chief Information Security Officer (CISO).…

Read more →

Read the original article: CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats This year, we have seen five significant security paradigm shifts in our industry. This includes the acknowledgment that the greater the diversity of our…

Read more →

Read the original article: Announcing the Zero Trust Deployment Center Organizations have been digitally transforming at warp speed in response to the way businesses operate and how people work. As a result, digital security teams have been under immense pressure…

Read more →

Read the original article: CISO Stressbusters: 7 tips for weathering the cybersecurity storms An essential requirement of being a Chief Information Security Officer (CISO) is stakeholder management. In many organizations, security is still seen as a support function; meaning, any…

Read more →

Read the original article: Security Unlocked—A new podcast exploring the people and AI that power Microsoft Security solutions It’s hard to keep pace with all the changes happening in the world of cybersecurity. Security experts and leaders must continue learning…

Read more →

Read the original article: Becoming resilient by understanding cybersecurity risks: Part 1 All risks have to be viewed through the lens of the business or organization. While information on cybersecurity risks is plentiful, you can’t prioritize or manage any risk…

Read more →

Read the original article: Advanced protection for web applications in Azure with Radware’s Microsoft Security integration This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA here. The state of application security Companies face…

Read more →

Read the original article: Trickbot disrupted Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to take down key Trickbot infrastructure. The post Trickbot disrupted…

Read more →

Read the original article: Sophisticated new Android malware marks the latest evolution of mobile ransomware We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have…

Read more →

Read the original article: Best practices for defending Azure Virtual Machines One of the things that our Detection and Response Team (DART) and Customer Service and Support (CSS) security teams see frequently during investigation of customer incidents are attacks on…

Read more →

Read the original article: Why we invite security researchers to hack Azure Sphere Fighting the security battle so our customers don’t have to IoT devices are becoming more prevalent in almost every aspect of our lives—we will rely on them…

Read more →

Read the original article: 3 ways Microsoft helps build cyber safety awareness for all Learn how Microsoft is helping secure your online life through user education, cybersecurity workshops, and continued diversity in hiring. The post 3 ways Microsoft helps build…

Read more →

Read the original article: Why integrated phishing-attack training is reshaping cybersecurity—Microsoft Security Phishing is still one of the most significant risk vectors facing enterprises today. Innovative email security technology like Microsoft Defender for Office 365 stops a majority of phishing…

Read more →

Read the original article: Microsoft Advanced Compliance Solutions in Zero Trust Architecture Zero Trust architecture starts with Identity and Access Management but it doesn’t end there. Microsoft Advanced Compliance solutions complement Azure Active Directory and Conditional Access with important protections…

Read more →

Read the original article: Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise A new report from Microsoft shows it is clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make…

Read more →

Read the original article: Microsoft Security—detecting empires in the cloud Microsoft threat analysts have detected another evolution in GADOLINIUM’s tooling that the security community should understand when establishing defenses. The post Microsoft Security—detecting empires in the cloud appeared first on…

Read more →

Read the original article: Microsoft announces cloud innovation to simplify security, compliance, and identity Simplifying security, compliance, and identity: Announcing Microsoft Defender, enhancements to Data Loss Prevention, and decentralized identity pilots The post Microsoft announces cloud innovation to simplify security,…

Read more →

Read the original article: Microsoft delivers unified SIEM and XDR to modernize security operations The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT,…

Read more →

Read the original article: Microsoft Security: 6 tips for enabling people-centric cybersecurity with security training Get actionable insights for empowering frontline workers as part a robust cybersecurity solution. The post Microsoft Security: 6 tips for enabling people-centric cybersecurity with security…

Read more →

Read the original article: Enable secure remote work, address regulations and uncover new risks with Microsoft Compliance A recent Microsoft poll of Chief Information Security Officers (CISOs) revealed that providing secure remote access to resources, apps, and data is their…

Read more →

Read the original article: Identity at Microsoft Ignite: Rising to the challenges of secure remote access and employee productivity Keeping your users secure, wherever they are, has been our collective priority. Identity remains the heartbeat of all the services your…

Read more →

Read the original article: Microsoft announces cloud innovation to simplify security, compliance, and identity Simplifying security, compliance, and identity: Announcing Microsoft Defender, enhancements to Data Loss Prevention, and decentralized identity pilots The post Microsoft announces cloud innovation to simplify security,…

Read more →

Read the original article: Microsoft delivers unified SIEM and XDR to modernize security operations The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT,…

Read more →

Read the original article: Vectra and Microsoft join forces to step up detection and response SOCs combine NDR visibility with EDR insight, couples them with analytics from sources in the SIEM to detect and stop attacks evading perimeter defenses. The…

Read more →

Read the original article: Industry-wide partnership on threat-informed defense improves security for all MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). Microsoft is proud…

Read more →

Read the original article: Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale We’re excited to release a new tool called OneFuzz, an extensible fuzz testing framework for Azure. The post…

Read more →

Read the original article: Microsoft Security: Use baseline default tools to accelerate your security career As you build your cybersecurity career, take advantage of important new and proactive security configuration and management capabilities that will help your organization ‘move left’…

Read more →

Read the original article: STRONTIUM: Detecting new patterns in credential harvesting Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections. The post STRONTIUM: Detecting…

Read more →

Read the original article: Accelerate your adoption of SIEM using Azure Sentinel and a new offer from Microsoft Security operations teams need the cost savings and efficiency benefits of the cloud now more than ever. Accelerate your adoption of Azure…

Read more →

Read the original article: 3 ways Microsoft 365 can help you reduce helpdesk costs Microsoft 365 Security is an integrated solution that helps you strengthen security, enhance productivity, and reduce costs. The post 3 ways Microsoft 365 can help you…

Read more →

Read the original article: Force firmware code to be measured and attested by Secure Launch on Windows 10 For important security features on Windows to properly do their jobs, the platform’s firmware and hardware must be trustworthy and healthy. Learn…

Read more →

Read the original article: Microsoft Security: How to cultivate a diverse cybersecurity team A diverse cybersecurity team will help you generate the innovative ideas you need to confront today and tomorrow’s cyber threats. The post Microsoft Security: How to cultivate…

Read more →

Read the original article: Microsoft Security: What cybersecurity skills do I need to become a CISO? Technical skills aren’t enough. To be a strategic cybersecurity advisor at the executive level, CISOs need strong risk management and communication skills. The post…

Read more →

Read the original article: Microsoft Zero Trust deployment guide for your applications Leverage Microsoft Cloud App Security to secure your digital transformation, by protecting all your apps and resources with the principles of Zero Trust. The post Microsoft Zero Trust…

Read more →

Read the original article: Zero Trust deployment guide for Microsoft applications Leverage Microsoft Cloud App Security to secure your digital transformation, by protecting all your apps and resources with the principles of Zero Trust. The post Zero Trust deployment guide…

Read more →

Read the original article: Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely…

Read more →

Read the original article: Rethinking IoT/OT Security to Mitigate Cyberthreats As IoT is revolutionizing industries, CISOs need to rethink how they approach data protection in order to effectively employ risk mitigation. The post Rethinking IoT/OT Security to Mitigate Cyberthreats appeared…

Read more →

Read the original article: How can Microsoft Threat Protection help reduce the risk from phishing? The true costs from phishing may be higher than you think. Microsoft Threat Protection can help you mitigate your risk. The post How can Microsoft…

Read more →

Read the original article: How to detect and mitigate phishing risks with Microsoft and Terranova Security Mitigate your phishing risk with comprehensive training and security threat intelligence. The post How to detect and mitigate phishing risks with Microsoft and Terranova…

Read more →