>
A number of advanced Microsoft 365 Defender features first announced last year as a means to stop ransomware and Business Email Compromise (BEC) attacks are now publicly available, the company announced.
The features, called “automatic disruption,” use “highly reliable Extended Detection and Response (XDR) signals for endpoints, identities, email, and SaaS apps,” Microsoft explained, saying they can prevent active security attacks “quickly and effectively.” will help control. .
They work by automatically disabling or restricting devices and user accounts that the threat actors have compromised and are actively using in an attack.
Limited impact
By closing this access, Microsoft hopes the attackers won’t be nearly as effective as they should be, while also giving SOC teams more time to implement additional countermeasures.
As a result, ransomware and BEC attacks should have a more limited impact on the target organization, the company says.
Automatic Attack Interruption works in three stages. In the first phase, the attack is detected and “high confidence” is established. The second stage classifies various scenarios, as well as assets that the attackers currently control. Finally, in the third phase, automatic response actions are triggered through Microsoft 365 Defender, stopping the attack and minimizing its impact.
As the name suggests, the activity of these new features is automatic, which some cybersecurity professionals may not like. Microsoft seems to be aware of this, stating that the number of signals used should reduce automation fears:
“We understand that taking automatic action can come with hesitation given the potential impact it can have on an organization,” the company said. “That’s why automatic attack interruption in Microsoft 365 Defender is designed to rely on high-fidelity XDR signals coupled with insights from the ongoing investigation of thousands of incidents by Microsoft’s research teams.”
Ransomware remains one of the most disruptive forms of cybercrime out there. Companies are advised to train their employees on the dangers of phishing and to ensure they have a robust backup solution in place. An antivirus, a firewall (opens in new tab)and multi-factor authentication are also considered best practices.