Microsoft: Ransomware detection with Microsoft Advanced Threat Analytics and Cloud App Security
The rise of ransomware and its media presence in recent months has highlighted, perhaps now more than ever, the importance of robust security systems to detect and respond to devious and evolving threats. We know extortion via ransomware is an effective scare tactic – after all, victims can be of both consumer and commercial variants – and in all cases, attacks are evolving at a pace and frequency unparalleled by most other cybersecurity threats. Today, many strains of ransomware are searching for innovative and advanced ways to wreak the maximum amount of havoc possible to victims’ assets.
As we are entering this new age of cybersecurity, we want to provide powerful tools that can deliver control back to you through strong detection and remediation capabilities. Today we will show how two products that are a part of the Enterprise Mobility + Security (EMS) suite – Microsoft Cloud App Security (MCAS) and Advanced Threat Analytics (ATA) – can help to protect users both in the cloud and on-premises through robust detection systems. We’ll walk through the malware detection capabilities of each product as part of your comprehensive, defense-in-depth security strategy.
Lessons from UEBA: Detection through abnormal user and file behavior
As a User and Entity Behavior Analytics (UEBA) product, ATA learns the behavior of users and other entities in an organization and builds a behavioral profile around these. When malicious software establishes a foothold in a network, and starts to spread from a compromised machine to other computers in the network, an abnormal behavior detection is raised. Why? A departure from the “norm” of activity for the account indicates a probability of compromise; this detection and alert informs the admin immediately.
via the fine folks at Microsoft.