Endpoint security – Page 3 – PossibleThreat Articles

Credit to Author: Todd VanderArk| Date: Wed, 16 Oct 2019 16:00:54 +0000

Paying attention to every link in your supply chain is vital to protect your assets from supply chain attacks.

The post Guarding against supply chain attacks—Part 1: The big picture appeared first on Microsoft Security .

Microsoft’s 4 principals for an effective security operations center

October 15, 2019 0 Comments AI and machine learning, Azure Security, CISO series, Ciso series page, Endpoint security

Credit to Author: Todd VanderArk| Date: Tue, 15 Oct 2019 16:00:50 +0000

Microsoft Chief Cybersecurity Strategist, Jonathan Trull, outlines four principles any organization can use to improve the effectiveness of its SOC.

The post Microsoft’s 4 principals for an effective security operations center appeared first on Microsoft Security .

Microsoft Security

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

October 8, 2019 0 Comments AI and machine learning, amsi paired machine learning, automation, behavior-based machine learning, behavioral blocking and containment, cybersecurity, endpoint protection platform, Endpoint security, Microsoft Defender ATP, Microsoft security intelligence, Security Intelligence, threat and malware prevention

Credit to Author: Eric Avena| Date: Tue, 08 Oct 2019 15:00:11 +0000

Two new machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender ATP specialize in detecting threats by analyzing behavior, adding new layers of protection after an attack has started running.

The post In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks appeared first on Microsoft Security .

Microsoft Security

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

September 26, 2019 0 Comments AI and machine learning, cybersecurity, Endpoint security, fileless, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, nodersok, Security Intelligence

Credit to Author: Eric Avena| Date: Thu, 26 Sep 2019 17:34:41 +0000

A new fileless malware campaign we dubbed Nodersok delivers two very unusual LOLBins to turn infected machines into zombie proxies.

The post Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware appeared first on Microsoft Security .

Microsoft Security

Deep learning rises: New methods for detecting malicious PowerShell

September 3, 2019 0 Comments AI and machine learning, cybersecurity, deep learning, Endpoint security, Machine Learning, Microsoft Defender ATP, Microsoft security intelligence, PowerShell, Security Intelligence, Threat protection

Credit to Author: Eric Avena| Date: Tue, 03 Sep 2019 16:00:03 +0000

We adopted a deep learning technique that was initially developed for natural language processing and applied to expand Microsoft Defender ATP’s coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector.

The post Deep learning rises: New methods for detecting malicious PowerShell appeared first on Microsoft Security .

Microsoft Security

Improve security and simplify operations with Windows Defender Antivirus + Morphisec

August 27, 2019 0 Comments Endpoint security, Microsoft 365, Microsoft Intelligent Security Association (MISA), Threat protection, Windows Security

Credit to Author: Todd VanderArk| Date: Tue, 27 Aug 2019 16:00:04 +0000

Learn how Towne Properties uses Windows Defender Antivirus and Morphisec to protect against advanced memory-based attacks while simplifying operations.

The post Improve security and simplify operations with Windows Defender Antivirus + Morphisec appeared first on Microsoft Security .

Microsoft Security

From unstructured data to actionable intelligence: Using machine learning for threat intelligence

August 8, 2019 0 Comments AI and machine learning, automation, cybersecurity, Endpoint security, indicators of compromise (IoC), Machine Learning, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, Security Intelligence, threat intelligence, TTPs, Windows Security

Credit to Author: Eric Avena| Date: Thu, 08 Aug 2019 16:30:12 +0000

Machine learning and natural language processing can automate the processing of unstructured text for insightful, actionable threat intelligence.

The post From unstructured data to actionable intelligence: Using machine learning for threat intelligence appeared first on Microsoft Security .

Microsoft Security

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

August 7, 2019 0 Comments CVE-2019-0887, cybersecurity, Endpoint security, Event Tracing for Windows (ETW), Exploit, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, Remote Desktop Protocol (RDP), Security Response, vulnerability, Windows Security

Credit to Author: Eric Avena| Date: Wed, 07 Aug 2019 23:50:25 +0000

Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.

The post A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response appeared first on Microsoft Security .

Microsoft Security

Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack

July 30, 2019 0 Comments AI and machine learning, Antimalware Scan Interface (AMSI), Astaroth, behavior monitoring, Command-line scanning, cybersecurity, Endpoint security, Execution stage, fileless, fileless malware, heuristics, Initial access stage, living-off-the-land, Microsoft Defender ATP, Microsoft security intelligence, Security Intelligence, Threat protection, Windows Defender Antivirus, Windows Security, WMIC

Credit to Author: Eric Avena| Date: Mon, 08 Jul 2019 16:00:51 +0000

Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory

The post Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack appeared first on Microsoft Security .

Microsoft Security

New machine learning model sifts through the good to unearth the bad in evasive malware

July 25, 2019 0 Comments AI and machine learning, Antivirus, automation, cybersecurity, detection evasion, Endpoint security, lockergoga, Machine Learning, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP, Microsoft security intelligence, monotonic models, next generation protection, Windows Defender Antivirus

Credit to Author: Eric Avena| Date: Thu, 25 Jul 2019 16:30:55 +0000

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.

The post New machine learning model sifts through the good to unearth the bad in evasive malware appeared first on Microsoft Security .