Introduction
In a groundbreaking development, engineers, researchers, and machine learning experts from Microsoft Israel R&D’s security teams have collaborated for two years to create an advanced security platform. This platform, designed to autonomously counter cyberattacks, marks a significant milestone in the ongoing battle against online threats.
The Automatic Attack Disruption System
Jointly developed by the Microsoft Defender for Endpoint and Microsoft Defender XDR teams, the automatic attack disruption system utilizes advanced AI capabilities. Operating in real-time, it can identify and automatically disrupt attacks until they are fully neutralized or until the security team intervenes.
Research and Analysis
The development process involved an in-depth analysis of various cyberattacks, drawing on information collected by Microsoft’s security products. The research team studied the diverse methods employed by attackers and identified distinct attack patterns. Although these capabilities have been quietly deployed for the past year, the origins of the product trace back to Israel.
Insights from Itai Kollmann
Itai Kollmann, Principal Research Manager at Microsoft Israel R&D, sheds light on the genesis of the product. “The ideation process for the new product started in Israel, as we saw the rate of human-operated ransomware attacks escalate and become increasingly alarming for large organizations worldwide.” Kollmann added, “The new development serves as an innovative and advanced layer of defense for organizations and will help security teams thwart sophisticated attackers before they can compromise the organization.”
Comprehensive Security Approach
Microsoft emphasizes that the platform’s strength lies in its ability to analyze signals from all of the company’s security products, spanning email, endpoints, and cloud services. This comprehensive approach allows the algorithms powering the automatic capabilities to achieve a remarkable level of accuracy in identification and take effective actions to halt attackers and prevent the spread of the attack to additional endpoints.
Ransomware Threat Landscape
In the current landscape, ransomware attacks pose a significant threat to enterprises and large institutions, gaining access to sensitive information to extort organizations. A recent Microsoft study revealed a staggering 195% increase in ransomware group activity over the past year, with a rate of approximately 4,000 password attacks every second. Furthermore, the study highlighted that in 85% of cases, attackers gain initial access to an organization’s network through unmanaged endpoint devices.
