New Update Prevent Compromised Unmanaged Devices from Moving Laterally

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,452
71% of human operated ransomware cases are initiated by an unmanaged device, usually internet facing, that is compromised and is then used to move laterally and compromise more devices. Starting today, when a device that is not enrolled in Microsoft Defender for Endpoint is suspected of being compromised, as a SOC analyst, you will be able to “Contain” it. As a result, any device enrolled in Microsoft Defender for Endpoint will now block any incoming/outgoing communication with the suspected device.

While devices enrolled in Microsoft Defender for Endpoint can be isolated to prevent bad actors from compromising other devices, responding to a compromised device not enrolled in Microsoft Defender for Endpoint can be a challenge for organizations today, especially where:
  • No Network Access Control enforcement means isolation of an IoT device requires physical access.
  • Locating the device and its owner may take time.
  • It takes time to close the loop between the SOC analyst identifying the threat and the network team/IT remediating the threat, meaning that in many cases the device may have already compromised others.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top