Advanced Search
News
Microsoft is previewing early detection capabilities for spotting ransomware campaigns using its Azure Sentinel security information event management (SIEM) solution.
This "Fusion detection for ransomware" capability in Azure Sentinel was described in a Monday announcement as now being "publicly available." It’s further described in this document as being at the preview stage. Fusion is a machine learning component of Azure Sentinel that’s been around for a few years, although its early ransomware campaign detection capability is apparently new.
Microsoft added the Fusion detection for ransomware capability to Azure Sentinel to aid the detection and response capabilities of organizations. The solution checks for "malicious activities at the defense evasion and execution stages" of a ransomware attack. These early detections give organizations more time to investigate machines in a network that may be under attack. Machines deemed to be under attack can then be isolated to halt the movement of attackers.
Microsoft developed the Fusion detection for ransomware capability in collaboration with the Microsoft Threat Intelligence Center. It uses signals from other Microsoft security products, such as Azure Security Center, Azure Sentinel’s scheduled analytics rules, Microsoft Cloud App Security, Microsoft Defender for Endpoint and Microsoft Defender for Identity.
When certain activities happen in a certain time frame, Azure Sentinel indicates a possible ransomware attack and sends an alert. It even tracks "low severity signals" if they are known to be associated with ransomware attacks.
These early alerts are needed, Microsoft contended, because so-called "ransomware-as-a-service" groups are emerging that conduct "human-operated ransomware." These "attackers are using slow and stealth techniques" to compromise networks, Microsoft explained, "which makes it harder to detect them in the first place."
The ability of Fusion to detect multistage attack scenarios was highlighted by Microsoft back in May. Azure Sentinel can track 90 multistage attack scenarios, with 35 of them deemed to be at the "general availability" commercial-release stage, Microsoft said back in May.
About the Author
Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.

Microsoft announced on Tuesday the acquisition of Peer5 with the aim of improving «large-scale live video streaming» in Microsoft Teams.
Microsoft released August security updates to address 44 common vulnerabilities and exposures (CVEs) in various Microsoft software products.
Microsoft is previewing early detection capabilities for spotting ransomware campaigns using its Azure Sentinel security information event management (SIEM) solution.
Microsoft this week unveiled survey results regarding IT new hires and their prospects at companies.
Microsoft Cloud for Healthcare’s Azure API for Fast Healthcare Interoperability Resource (FHIR) is getting support for additional data types, and is now renamed as «Azure Healthcare APIs,» Microsoft announced this week.
More Tech Library
More Webcasts
Problems? Questions? Feedback? E-mail us.

source

Por redditxxx