Microsoft is using ML to help you catch ransomware infections early
Prevention is better than cure
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas taken the covers off of a new ransomware detection functionality for users of itscloud computingplatform,Azure.
The tool, dubbed Fusion Detection for Ransomware, is the result of collaboration between Azure and the Microsoft Threat Intelligence Center (MSTIC), and employs machine learning (ML) to detect actions typically associated with ransomware activities and alert security teams in time to take remedial action.
“Once suchransomwareactivities are detected and correlated by the Fusion machine learning model, a high severity incident titled “Multiple alerts possibly related to Ransomware activity detected” will be triggered in your Azure Sentinel workspace,” shared Sylvie Liu, Security Program Manager at Microsoft in ablog post.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Click here to start the survey in a new window«
Liu says that the intention with Fusion is to provide Azure users with all the relevant information by correlating signals from various Microsoft products along with those available in the network and the cloud.
Complete picture
The rise of ransomware-as-a-service vendors and the prevalence of human operated ransomware has compounded not just the scope, but also the sophistication of ransomware attacks, argues Liu.
Building the case for Fusion, Liu argues that with more attackers adopting stealthier attack vectors to infiltrate and compromise their victims, defenders are finding it increasingly difficult to detect the attacks in time to prevent them.
By flagging malicious activity at the “defense evasion and execution” stages of an attack, Fusion will give security teams the opportunity to analyze the suspicious activity and stem an attack in the nascent stages.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To reduce the number of false positives, Microsoft has designed Fusion to connect with and collate relevant data from Azure Defender (Azure Security Center),Microsoft Defender for Endpoint,Microsoft Defender for Identity, Microsoft Cloud App Security, and Azure Sentinel scheduled analytics rules.
“As you investigate and close the Fusion incidents, we encourage you to provide feedback on whether this incident was a True Positive, Benign Positive, or a False Positive, along with details in the comments. Your feedback is critical to help Microsoft deliver the highest quality detections,” Liu rounds off.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
This dangerous new malware is hitting Windows devices by hiding in games
Windows PCs targeted by new malware hitting a vulnerable driver
Steps to take when your phone number is publicly listed online
