1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft Defender just got a major security upgrade aimed at qua

    From TechnologyDaily@1337:1/100 to All on Thu Oct 12 17:45:05 2023
    Microsoft Defender just got a major security upgrade aimed at quarantining hackers

    Date:
    Thu, 12 Oct 2023 17:29:49 +0000

    Description:
    Compromised accounts will have nowhere to go once Defender for Endpoint spots them.

    FULL STORY ======================================================================

    One of the biggest challenges IT teams face today is identifying when a legitimate users account is compromised and stopping it from being used to deploy malware or steal data. With the latest update to Defender for
    Endpoint, Microsoft wants to help solve that problem.

    Currently in public preview, Microsoft Defender for Endpoint features a new tool called contain user which does just what it says it does - contains a potentially problematic user.

    If the tool spots a user account behaving in a suspicious manner, DoE will move in to lock all the doors around it, cutting it off from other endpoints and resources. That way, Microsoft hopes, DoE will stop the threat actor in its tracks, before it can wreak any more damage (for example, deploy ransomware). Blocking all traffic

    "Attack disruption achieves this outcome by containing compromised users across all devices to outmaneuver attackers before they have the chance to
    act maliciously, such as using accounts to move laterally, performing credential theft, data exfiltration, and encrypting remotely," said Rob Lefferts, Corporate Vice President for Microsoft 365 Security in a blog post
    .

    "This on-by-default capability will identify if the compromised user has any associated activity with any other endpoint and immediately cut off all inbound and outbound communication, essentially containing them."

    While the suspicious account gets locked down, all other endpoints will be inoculated, with all incoming malicious traffic being blocked. The threat actor will basically have no one to talk to.

    "When an identity is contained, any supported Microsoft Defender for Endpoint onboarded device will block incoming traffic in specific protocols related to attacks (network logons, RPC, SMB, RDP) while enabling legitimate traffic," Microsoft further said.

    "This action can significantly help to reduce the impact of an attack. When
    an identity is contained, security operations analysts have extra time to locate, identify and remediate the threat to the compromised identity."

    Via BleepingComputer More from TechRadar Pro Thousands of corporate logins have been taken by info-stealing malware Here's a list of the best firewalls today These are the best malware removal tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-defender-just-got-a-major-sec urity-upgrade-aimed-at-quarantining-hackers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)