Sign in / up

back to article Microsoft grows automated assault disruption to cover BEC, ransomware campaigns

At last year's Ignite show, Microsoft talked up a capability in its 365 Defender that automatically detects and disrupts a cyberattack while still in progress, hopefully stopping or reducing any resulting damage. Now it's extending that to include additional criminal areas. The automatic attack disruption functionality aimed …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Richard 12 Silver badge

    And when Defender is the attacker?

    We still haven't recovered from when Microsoft deleted all our shortcuts.

    I mean, I know SAP is a pain, but it's business critical so permanently removing it from everyone's desktop and Start menu was most unhelpful.

    7 0 Reply

    1. This post has been deleted by its author

  2. Pascal Monett Silver badge

    A nod ?

    How about a nod to the fact that the pervasiveness of Borkzilla's network management is a free ride for most hackers, who only have to understand one platform in order to potentially get their claws into 90+% of businesses the world over ?

    8 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: A nod ?

      The pervasiveness isn't the problem, the abysmal quality of what Microsoft laughingly refers to as "security" is.

      If they would spend 1/10h of what they blow on bribes dinners and golf courses on improving security there would be far less of a problem, but them now considering it acceptable to use their customers as beta testers suggests that things are rather moving the other way.

      After all, once entangled, victims customers have little choice but to continue suffering..

      5 1 Reply
      1. druck Silver badge
        Reply Icon
        FAIL

        Re: A nod ?

        Why fix the problem at source, when you can sell another product to mitigate some of the deficiencies.

        1 0 Reply
  3. Black Label1
    Black Helicopters

    Automated Assault Disruption - things may go wrong

    Isn't this "automated assault disruption" the cyber equivalent to let computers automatically "identify and kill" the offensive bit?

    If there are no man-in-the-loop processes anymore, attackers do not even need DDoS to disrupt a service. Just identify the signals and trigger them... kaboom, system down with little effort.

    3 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    to late to be usefull

    'Microsoft has found that by once a miscreant deploys ransomware in a network, a SOC analyst has less than 20 minutes to mitigate the attack."

    meanwhile all changes in the Defender and 365Defender portal take 4 to 24 hours to push changes to systems. meaning fast and immediate response actions by staff are NOT an option when time sensitive. I have brought this to MS many times. When seconds count MS is hours late - is a fact due to their Queuing of system changes preventing immediate response/policy updates.

    They offer a workaround to run a PowerShell script unique to each change - basically Defender's inability to be managed in real time requires people to write insane 1980's batch files to manage security, is not security- it is anti-security. Get your head out of your rear MS.

    2 1 Reply
    1. Black Label1
      Reply Icon
      Black Helicopters

      Re: to late to be usefull

      "They offer a workaround to run a PowerShell script unique to each change"

      So, basically, the same TTP Ransomware operators are using to deploy their malware all over the network once they takeover the AD?

      1 1 Reply
  5. Dronius

    Next year's headline anyone?;

    Hackers "also can customize how automatic attack disruption is configured and change an action via the Microsoft 365 Defender Portal. ®"

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like