Microsoft Support & Discussions

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Red Canary Director of Intelligence Katie Nickels, a certified instructor with the SANS Institute. In this blog, Katie shares strategies, tools, and frameworks for building an effective threat intelligence team. Natalia: Where should cyber threat intelligence (CTI) teams start? Katie: Threat intelligence is all about helping organizations make decisions…

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the security that needs to be built into these technologies to protect them against adversaries intent on abusing the same technologies for nefarious purposes. At Microsoft, we are committed to harnessing the immense potential of AI to help solve many of our technology concerns today. We believe that working on the “bleeding edge” offers one of the best ways to serve our customers and …

Investments in Azure and Microsoft 365 can streamline your transition to the cloud and make it easier to manage endpoints across your organization. Now let's explore ways to develop and implement effective strategy to make that transition and help you create the “how” and “why” to leverage these solutions in your own environment. Update Updating means staying ahead of adversaries and competition with technology innovations to drive security and business results through: Better managing the risk of change in a fast-moving technology world with deployment rings keeping Windows up to date with the latest quality updates, feature updates, and security features…

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA. The way of working is changing rapidly. Many workloads are moving to the cloud and the pandemic accelerated organizations to provide infrastructure to aid employees working from anywhere (or mostly from home) at any time and, when possible, from any device (corporate or private). The security team needs to keep up with an increased workload on top of their often already stretched budget, resources, and focus. Working through many alerts from ever-changing situations is challenging: how can they prioritize? And how can they handle them with only a fi…

On February 25, 2020, Microsoft Chief Information Security Officer (CISO) Bret Arsenault was attending the RSA Conference in San Francisco when the city declared a state of emergency because of COVID-19. Shortly after flying back to Seattle, Bret learned of the first death from the coronavirus in Washington state. He and other members of Microsoft’s Risk Management Council worked on the company’s crisis response. To kick off National Cybersecurity Awareness Month, I spoke with Bret Arsenault on a recent episode of Afternoon Cyber Tea with Ann Johnson. As CISO, Bret is responsible for disaster recovery at the enterprise level. He is the chair of Microsoft’s Risk Managem…

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions. In this blog, we’ll share our technical analysis and journey of unraveling this BEC operation, from the phishing campaign and compromised mailboxes to the attacker infrastructure. This threat highlights the importance of building a comprehensive defense strategy, which should include strong pre-breach solutions that can prev…

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Matthew Hickey, co-founder, CEO, and writer for Hacker House. In this blog post, Matthew talks about the benefits of a purple team and offers best practices for building a successful one. Natalia: What is a purple team, and how does it bridge red and blue teams? Matthew: The traditional roles involve a blue team that acts as your defenders and a red team that acts as your attackers. The blue team wants to protect t…

What is CRSP? Microsoft Global Compromise Recovery Security Practice. Who is CRSP? We are a worldwide team of cybersecurity experts operating in most countries, across all organizations (public and private), with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place. As a specialist team within the wider Microsoft cybersecurity functions, we predominantly focus on reactive security projects for our customers. The main types of projects we undertake are: Compromise recovery: Giving customers back control of their environment after a compromise. Rapid ransomware recovery: Restore business-critic…

Security is a constant balance between proactive and reactive defenses. They are both equally important, and neither can be neglected. Effectively protecting your organization means constantly optimizing both prevention and detection. That’s why we’re excited to announce a seamless integration between Azure Firewall and Azure Sentinel. Now, you can get both detection and prevention in the form of an easy-to-deploy Azure Firewall solution for Azure Sentinel. Combining prevention and detection allows you to ensure that you both prevent sophisticated threats when you can, while also maintaining an “assume breach mentality” to detect and quickly respond to cyberattacks.…

On Thursday, June 3, 2021, via a joint press release on Microsoft Stories, Hart InterCivic and Microsoft have announced a partnership to incorporate ElectionGuard software developed by Microsoft into Hart’s Verity voting systems. The partnership makes Hart the first major voting machine manufacturer in the United States to provide end-to-end verifiability to voters, giving individual voters the ability to confirm their ballots were counted in an election and not altered. End-to-end verifiability also enables independent election security experts to build verifier programs that can independently confirm the accuracy of the overall vote count for elections that incorporate …

Smart meters and smart grid infrastructure have been deployed in many of the world’s electric distribution grids. They promise energy conservation, better grid management for utilities, electricity theft reduction, and a host of value-added services for consumers. To deliver on this promise, they need to collect granular electric usage data and make this available to the stakeholders who need it. This has created consumer privacy concerns which are being addressed with security and governance programs, like Microsoft Information Protection and Azure Purview, and with regulation by the government. The ability to protect and govern smart meter data is critical to addressing…

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in Mandiant’s ICS/OT Consulting practice and former engineer at Entergy, where he was a subject matter expert on transmission and distribution of supervisory control and data acquisition (SCADA) systems. In this blog, Chris introduces operational technology (OT) security and shares the unique challenges and security risks to OT. Natalia: What’s the difference between OT, industrial co…

As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as they become available. In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. These tools have been observed being used in the wild as early as February 2021 attempting to gain a foothold on a variety of sensitive diplomatic and government entities. As part of this blog, Microsoft Threat Intelligence Center (MSTIC) is releasing an append…

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation. On May 25, 2021, the campaign escalated as NOBELIUM leveraged the legitimate mass-mailing service, Constant Contact, to masquerade as a US-based development organization to distribute malicious URLs to a wide variety of organizations and industry verticals. Micr…

Since 2017, Microsoft has been working with the identity community on two groundbreaking technologies designed from the ground up to make digital privacy convenient and practical: . We believe verifiable credentials will revolutionize the way we exchange personal information, shifting ownership and control of identity and personal data back to individuals. To develop our implementation, Frank Chiachiere and other members of our team conducted pilots with industry leaders in healthcare, the public sector, financial services, retail, professional sports, and education. As Frank explains in the below interview with Alex Simons, the team started with optimistic ideas that…

In part three of this blog series on aligning security with business objectives and risk, we explored what it takes for security leaders to shift from looking at their mission as purely defending against technical attacks, to one that focuses on protecting valuable business assets, data, and applications. As businesses begin reimagining their future in a post-pandemic world, most are pivoting to a digital-first approach to take full advantage of technological innovation (much of which was adopted in haste). The pandemic has accelerated three existing trends and the tension between them: how to remain relevant against a backdrop of consumer and market demands, how to re…

We are excited to share that Microsoft has been named a Leader in The Forrester Wave: Endpoint Security Software as a Service, Q2 20211, receiving one of the highest scores in the strategy category and among the top three scores in the current offering category. Forrester notes that “the focus on endpoint security has increased as cyber risks shift from the network to the endpoints, prompted by increasing amounts of homeworkers and the bulk movement of data from enterprise network-connected data centers to edge devices.” Microsoft Defender for Endpoint received the highest possible scores in the control, data security, and mobile security criteria, as well as in the Ze…

For many organizations, 2020 was the year that finally saw remote work become a reality on a global scale. As many people begin transitioning back to the office, many organizations are thinking about how they can transition from a remote workforce to a more permanent hybrid workplace. We recently conducted a study with over 900 chief information security officers (CISOs) on the state of Zero Trust and found that 81 percent say their organization has started or currently has a hybrid work environment in place and that 91 percent plan for their organization to be fully transitioned to hybrid work within the next five years. The era of hybrid work is here to stay. Learn more…

In this new world of hybrid work, organizations face an increasing volume of data, ever-evolving regulations around how that data is protected, and an evolving complexity and frequency of data security breaches. To help our customers navigate this complex data landscape, we are focused on delivering secure, intelligent, and user-centric solutions that provide visibility, reduce complexity, and mitigate risk. Over the past few years, we significantly increased our investment in building risk management and compliance solutions, inclusive of information protection and data loss prevention (DLP). We delivered new solutions, such as Microsoft Information Protection, Endpoi…