Microsoft adds AI-driven ransomware protection to Defender for Endpoint customers

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,976
Microsoft has introduced an AI-driven ransomware attack detection system for Microsoft Defender for Endpoint customers that complements existing cloud protection by evaluating risks and blocking actors at the perimeter.

As human-operated ransomware attacks are characterized by a specific set of methods and behaviors, Microsoft believes that they can use a data-driven AI approach to detect these types of attacks.
"In a customer environment, the AI-driven adaptive protection feature was especially successful in helping prevent humans from entering the network by stopping the binary that would grant them access," explained Microsoft about their AI-driven defense system.

"By considering indicators that would otherwise be considered low priority for remediation, adaptive protection stopped the attack chain at an early stage such that the overall impact of the attack was significantly reduced."

"The threat turned out to be Cridex, a banking trojan commonly used for credential theft and data exfiltration, which are also key components in many cyberattacks including human-operated ransomware."

Contrary to cloud protection which admins manually adjust, the new system is adaptive, which means that it can automatically ramp the aggressiveness of cloud-delivered blocking verdicts up and down, based on real-time data and machine learning predictions.

Real-time risk assessment system

Real-time risk assessment system.
Source: Microsoft


Full report by Microsoft: AI-driven adaptive protection against human-operated ransomware - Microsoft Security Blog
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
7,900
Here is the most important note:
The adaptive protection feature works on top of the existing robust cloud protection, which defends against threats through different next-generation technologies. Compared to the existing cloud protection level feature, which relies on admins to manually adjust the cloud protection level, the adaptive protection is smarter and faster. It can, when queried by a device, automatically ramp the aggressiveness of cloud-delivered blocking verdicts up or down based on real-time machine learning predictions, thus proactively protecting the device.
So, the user can set the default cloud protection level and this feature will use higher levels if something suspicious is lurking around.
 

EASTER

Level 4
Verified
Well-known
May 9, 2017
145
Here is the most important note:

So, the user can set the default cloud protection level and this feature will use higher levels if something suspicious is lurking around.
I was thinking the same thing. I wonder what is taken so long for them to go up another notch because machine AI after all is been around and implemented into some other AV's if not mistaken. The rub might be how efficient that their brand of that security AI is, once it kicks it to the Higher Level recognition & capture. Maybe an interesting development. We'll have to see what shakes out with it once in use.
 
F

ForgottenSeer 95367

I was thinking the same thing. I wonder what is taken so long for them to go up another notch because machine AI after all is been around and implemented into some other AV's if not mistaken. The rub might be how efficient that their brand of that security AI is, once it kicks it to the Higher Level recognition & capture. Maybe an interesting development. We'll have to see what shakes out with it once in use.
Microsoft is just adding AI automation option that administrators can select instead of configuring manually. It would be better if Microsoft properly described what they are adding - which is adaptive configuration - the same that Bitdefender did many years ago. They can call it AI or Next Gen whatever gimmicky terminology they wish. It's nothing revolutionary.

Microsoft is almost always the last one to the party when it comes to security. It's security stack is developed and refined very slowly as compared to other vendors.
 
  • Like
Reactions: EASTER

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top