Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Stop Attacks with AI and Automation from Microsoft

703 Aufrufe

Veröffentlicht am

When your assets are on the line, your defenders need tools that enable them to remediate effectively. Here's how Microsoft is helping to empower your security posture:

Microsoft’s AI processes the thousands of low-fidelity signals we collect across the environment to find the smaller number of high-fidelity signals that require critical action immediately. In our Security Information and Event Management (SIEM) product alone, we have seen a noise reduction of 90 percent, because we escalate only the most critical issues—the top 10 percent—to security professionals to address.1

AI also plays a critical role in finding threats that might not have been immediately obvious to your security team. Our AI models are trained on attack patterns at global scale, based on the extensive work our security operations team has undertaken to protect our customers. You can see the full scale of the attack by using AI to link into a clear chain what historically would have been individual signals. This approach rapidly accelerates your ability to understand an attack and address the issue across multiple assets before the risk grows.

We can also help defenders work more efficiently by moving beyond repetitive tasks. With automation you can remediate in-flight issues far faster and integrate with your standard ticketing systems, such as ServiceNow.

If we discover a threat in an email and watch the threat move laterally into organizations, we can protect users by leveraging integration with identity services as well as protect endpoints by taking action automatically. These actions prevent ransomware from moving laterally to infect other endpoints, for example, or providing conditional access to endpoints and users to restrict access to anything and anyone determined to have been compromised. AI-powered playbooks dynamically harden the environment through automated workflows.

Threat and Vulnerability Management, a component of our endpoint protection solution, monitors, prioritizes, and automatically remediates OS vulnerabilities and misconfigurations, as well as Microsoft, third-party, and corporate internal applications. By leveraging management tools such as Intune and SCCM, this solution can also bridge the gap between Security and IT ops teams. It automatically deploys patches for the most recent vulnerabilities or upgrades affected applications to a non-vulnerable version. 

Finally, we know that you sometimes need to supplement your team with additional resources. We recently introduced the Microsoft Threat Experts program, a managed hunting service that provides Security Operation Centers (SOCs) with expert-level monitoring and analysis to help ensure they don’t miss critical threats in their unique environments.

Microsoft’s technology and expertise empowers security professionals to do what they do best and automates the rest for the greatest impact.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Stop Attacks with AI and Automation from Microsoft

  1. 1. Stop attacks with AI and automation Focus on what matters
  2. 2. 1 https://go.forrester.com/blogs/tech-titans-google-and-microsoft-are-transforming-cybersecurity/
  3. 3. Stop attacks with AI and automation
  4. 4. Attacks are relentless, creative, and constantly changing Threats Our environment is growing and is harder to protect Growth We’re understaffed, overwhelmed, and barely holding on… Overload
  5. 5. Automate response Gain insights Protect your assets
  6. 6. ?
  7. 7. Shared insights across the security ecosystem, so every customer could benefit. July 19, 2019: Astaroth attack is stopped by Microsoft Security AI Microsoft AI automatically uncovered, blocked and reported the attack at first sight before Astaroth could do any damage.
  8. 8. Microsoft Threat Protection
  9. 9. Azure Security Center Azure Sentinel
  10. 10. Microsoft Threat Protection Azure Security Center Azure Sentinel
  11. 11. Brute force account or use stolen account credentials Attacker collects reconnaissance & configuration data Command & Control Exploitation & Installation Click a URL Phishing mail Open attachment Exfiltrate data Attacker accesses sensitive data Privileged account compromised Attacker attempts lateral movement Domain compromised User account is compromised
  12. 12. Click a URL Phishing mail Open attachment Automated investigation playbook Automated and integrated containment Automated and integrated remediation URL detonated Attachment removed
  13. 13. Automated Investigation Weaponized URL in email Threats Found Compromised user Remediated URL blocked Emails deleted User Password Reset MFA enabled Weaponized URL in email remediated by Microsoft Threat Protection
  14. 14. Brute force account or use stolen account credentials Attacker collects reconnaissance & configuration data Command & Control Exploitation & Installation Click a URL Phishing mail Open attachment Exfiltrate data Attacker accesses sensitive data Privileged account compromised Attacker attempts lateral movement Domain compromised User account is compromised Azure AD Identity Protection Identity protection & conditional access Microsoft Cloud App Security Extends protection & conditional access to other cloud apps Office 365 ATP Malware detection, safe links, and safe attachments Microsoft Defender ATP Endpoint Detection and Response (EDR) & End-point Protection (EPP) Azure ATP Identity protection
  15. 15. Microsoft security workshop Security discovery Security immersion experience Threat check
  16. 16. © 2020 Razor Technology www.razor-tech.com @DavidJRosenthal SlideShare www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Office: 866.RZR.DATA LETS KEEP IN TOUCH 23

×