Wednesday, May 24, 2017

Simple steps to help prevent data breaches at your company

Every company has cybersecurity risks and needs to be aware of them, but understanding your company’s risk profile is just the beginning.

Watch this Modern Workplace episode “Cyber Intelligence: Help Prevent a Breach” to get advice on how to best approach cybersecurity at your company from two Chief Information Security Officers (CISO) – Vanessa Pegueros, CISO at DocuSign, and Mike Convertino, CISO at F5 Networks. Learn how these seasoned security executives make decisions on security spending and how they justify security investments to skeptical executives who may not have ever experienced a security breach.

Knowing what you need to protect is a key component of your security strategy. As Convertino explains, “The value proposition of the company needs to be the thing that you base your protections and recommendations on.” When you have a clear goal for security, it becomes easier to demonstrate the value of your security investments in tools and talent.

You’ll also see a preview of the protection available from Office 365 Threat Intelligence, which lets you monitor and protect against risks before they hit your organization. Using Microsoft’s global presence to provide insight into real-time security threats, Office 365 Threat Intelligence enables you to quickly and effectively set up alerts, dynamic policies, and security solutions for potential threats.

Watch the Modern Workplace episode to learn more.

 



from Microsoft Secure Blog Staff

Monday, May 22, 2017

7 types of highly effective hackers (and what to do about them)

Would you know what to do if you drew the attention of a hacktivist group? Knowing that damages from a hacktivist attack are typically minor is no relief, as a breach will surely damage your reputation. However, knowing about the different types of hackers, what motivates them, and the tools and techniques they use, can help better prepare your organization to protect against them.

Attacks on organizations around the world are on the rise. Millions of dollars of intellectual property are at risk, as well as the threat of lost productivity. Threats now come from a wide range of sources including:

  • Script Kiddies who exploit existing code to hack for fun
  • Hacking Groups that work together to attack governments and companies
  • Hactivists who use hacking skills to promote an agenda
  • Black Hat Professionals who make a living from hacking
  • Organized Criminal Gangs that steal data to make money
  • Nation States that do political and economic espionage
  • Cyberweapons Dealers who sell to exploit to other hackers

Learn more about the 7 different hackers and get recommendations on how you can better prepare your organization against their potential threats in this free eBook: 7 Types of Highly Effective Hackers.

 



from Microsoft Secure Blog Staff

Launceston will now support cyber security innovation

new innovations are coming to cybersecurity

Launceston is known for innovation and is now overseeing an establishment of a cyber security hub in the city. The lead discussion of the proposal took place on Monday during a council meeting.

Alderman Darren Alexander spoke to the council saying that they should be taking advantage of the cyber security growth network set by the federal government of Australia.

The establishment of a growth center is going to play a key role in the government’s $1.1 billion national innovation and science agenda recently announced.

The government will be allocating $31.9 million to fund the growth center till 2020.

Read more details 

The post Launceston will now support cyber security innovation appeared first on Cyber Security Portal.



from Gilbertine Onfroi

Friday, May 19, 2017

Your Password is Already In the Wild, You Did not Know?

There was a lot of buzz about the leak of two huge databases of passwords a few days ago. This has been reported by Try Hunt on his blog. The two databases are called “Anti-Trust-Combo-List” and “Exploit.In“. If the sources of the leaks are not officially known, there are some ways to discover some of them (see my previous article about the “+” feature offered by Google).

A few days after the first leak, a second version of “Exploit.In” was released with even more passwords:

Name

Size

Credentials

Anti-Trust-Combo-List

16GB

540.701.509

Exploit.In

15GB

499.305.318

Exploit.In (2)

24GB

805.499.579

With the huge of amount of passwords released in the wild, you can assume that your password is also included. But what are those passwords? I used Robbin Wood‘s tool pipal to analyze those passwords.

I decided to analyze the Anti-Trust-Combo-List but I had to restart several times due to a lack of resources (pipal requires a lot of memory to generate the statistics) and it failed always. I decided to use a sample of the passwords. I successfully analyzed 91M passwords. The results generated by pipal are available below.

What can we deduce? Weak passwords remain classic. Most passwords have only 8 characters and are based on lowercase characters. Interesting fact: users like to “increase” the complexity of the password by adding trailing numbers:

  • Just one number (due to the fact that they have to change it regularly and just increase it at every expiration)
  • By adding their birth year
  • By adding the current year
Basic Results

Total entries = 91178452
Total unique entries = 40958257

Top 20 passwords
123456 = 559283 (0.61%)
123456789 = 203554 (0.22%)
passer2009 = 186798 (0.2%)
abc123 = 100158 (0.11%)
password = 96731 (0.11%)
password1 = 84124 (0.09%)
12345678 = 80534 (0.09%)
12345 = 76051 (0.08%)
homelesspa = 74418 (0.08%)
1234567 = 68161 (0.07%)
111111 = 66460 (0.07%)
qwerty = 63957 (0.07%)
1234567890 = 58651 (0.06%)
123123 = 52272 (0.06%)
iloveyou = 51664 (0.06%)
000000 = 49783 (0.05%)
1234 = 35583 (0.04%)
123456a = 34675 (0.04%)
monkey = 32926 (0.04%)
dragon = 29902 (0.03%)

Top 20 base words
password = 273853 (0.3%)
passer = 208434 (0.23%)
qwerty = 163356 (0.18%)
love = 161514 (0.18%)
july = 148833 (0.16%)
march = 144519 (0.16%)
phone = 122229 (0.13%)
shark = 121618 (0.13%)
lunch = 119449 (0.13%)
pole = 119240 (0.13%)
table = 119215 (0.13%)
glass = 119164 (0.13%)
frame = 118830 (0.13%)
iloveyou = 118447 (0.13%)
angel = 101049 (0.11%)
alex = 98135 (0.11%)
monkey = 97850 (0.11%)
myspace = 90841 (0.1%)
michael = 88258 (0.1%)
mike = 82412 (0.09%)

Password length (length ordered)
1 = 54418 (0.06%)
2 = 49550 (0.05%)
3 = 247263 (0.27%)
4 = 1046032 (1.15%)
5 = 1842546 (2.02%)
6 = 15660408 (17.18%)
7 = 14326554 (15.71%)
8 = 25586920 (28.06%)
9 = 12250247 (13.44%)
10 = 11895989 (13.05%)
11 = 2604066 (2.86%)
12 = 1788770 (1.96%)
13 = 1014515 (1.11%)
14 = 709778 (0.78%)
15 = 846485 (0.93%)
16 = 475022 (0.52%)
17 = 157311 (0.17%)
18 = 136428 (0.15%)
19 = 83420 (0.09%)
20 = 93576 (0.1%)
21 = 46885 (0.05%)
22 = 42648 (0.05%)
23 = 31118 (0.03%)
24 = 29999 (0.03%)
25 = 25956 (0.03%)
26 = 14798 (0.02%)
27 = 10285 (0.01%)
28 = 10245 (0.01%)
29 = 7895 (0.01%)
30 = 12573 (0.01%)
31 = 4168 (0.0%)
32 = 66017 (0.07%)
33 = 1887 (0.0%)
34 = 1422 (0.0%)
35 = 1017 (0.0%)
36 = 469 (0.0%)
37 = 250 (0.0%)
38 = 231 (0.0%)
39 = 116 (0.0%)
40 = 435 (0.0%)
41 = 45 (0.0%)
42 = 57 (0.0%)
43 = 14 (0.0%)
44 = 47 (0.0%)
45 = 5 (0.0%)
46 = 13 (0.0%)
47 = 1 (0.0%)
48 = 16 (0.0%)
49 = 14 (0.0%)
50 = 21 (0.0%)
51 = 2 (0.0%)
52 = 1 (0.0%)
53 = 2 (0.0%)
54 = 22 (0.0%)
55 = 1 (0.0%)
56 = 3 (0.0%)
57 = 1 (0.0%)
58 = 2 (0.0%)
60 = 10 (0.0%)
61 = 3 (0.0%)
63 = 3 (0.0%)
64 = 1 (0.0%)
65 = 2 (0.0%)
66 = 9 (0.0%)
67 = 2 (0.0%)
68 = 2 (0.0%)
69 = 1 (0.0%)
70 = 1 (0.0%)
71 = 3 (0.0%)
72 = 1 (0.0%)
73 = 1 (0.0%)
74 = 1 (0.0%)
76 = 2 (0.0%)
77 = 1 (0.0%)
78 = 1 (0.0%)
79 = 3 (0.0%)
81 = 3 (0.0%)
83 = 1 (0.0%)
85 = 1 (0.0%)
86 = 1 (0.0%)
88 = 1 (0.0%)
89 = 1 (0.0%)
90 = 6 (0.0%)
92 = 3 (0.0%)
93 = 1 (0.0%)
95 = 1 (0.0%)
96 = 16 (0.0%)
97 = 1 (0.0%)
98 = 3 (0.0%)
99 = 2 (0.0%)
100 = 1 (0.0%)
104 = 1 (0.0%)
107 = 1 (0.0%)
108 = 1 (0.0%)
109 = 1 (0.0%)
111 = 2 (0.0%)
114 = 1 (0.0%)
119 = 1 (0.0%)
128 = 377 (0.0%)

Password length (count ordered)
8 = 25586920 (28.06%)
6 = 15660408 (17.18%)
7 = 14326554 (15.71%)
9 = 12250247 (13.44%)
10 = 11895989 (13.05%)
11 = 2604066 (2.86%)
5 = 1842546 (2.02%)
12 = 1788770 (1.96%)
4 = 1046032 (1.15%)
13 = 1014515 (1.11%)
15 = 846485 (0.93%)
14 = 709778 (0.78%)
16 = 475022 (0.52%)
3 = 247263 (0.27%)
17 = 157311 (0.17%)
18 = 136428 (0.15%)
20 = 93576 (0.1%)
19 = 83420 (0.09%)
32 = 66017 (0.07%)
1 = 54418 (0.06%)
2 = 49550 (0.05%)
21 = 46885 (0.05%)
22 = 42648 (0.05%)
23 = 31118 (0.03%)
24 = 29999 (0.03%)
25 = 25956 (0.03%)
26 = 14798 (0.02%)
30 = 12573 (0.01%)
27 = 10285 (0.01%)
28 = 10245 (0.01%)
29 = 7895 (0.01%)
31 = 4168 (0.0%)
33 = 1887 (0.0%)
34 = 1422 (0.0%)
35 = 1017 (0.0%)
36 = 469 (0.0%)
40 = 435 (0.0%)
128 = 377 (0.0%)
37 = 250 (0.0%)
38 = 231 (0.0%)
39 = 116 (0.0%)
42 = 57 (0.0%)
44 = 47 (0.0%)
41 = 45 (0.0%)
54 = 22 (0.0%)
50 = 21 (0.0%)
48 = 16 (0.0%)
96 = 16 (0.0%)
49 = 14 (0.0%)
43 = 14 (0.0%)
46 = 13 (0.0%)
60 = 10 (0.0%)
66 = 9 (0.0%)
90 = 6 (0.0%)
45 = 5 (0.0%)
71 = 3 (0.0%)
56 = 3 (0.0%)
92 = 3 (0.0%)
79 = 3 (0.0%)
98 = 3 (0.0%)
63 = 3 (0.0%)
61 = 3 (0.0%)
81 = 3 (0.0%)
51 = 2 (0.0%)
58 = 2 (0.0%)
65 = 2 (0.0%)
53 = 2 (0.0%)
67 = 2 (0.0%)
68 = 2 (0.0%)
76 = 2 (0.0%)
111 = 2 (0.0%)
99 = 2 (0.0%)
73 = 1 (0.0%)
72 = 1 (0.0%)
74 = 1 (0.0%)
70 = 1 (0.0%)
69 = 1 (0.0%)
77 = 1 (0.0%)
78 = 1 (0.0%)
64 = 1 (0.0%)
109 = 1 (0.0%)
114 = 1 (0.0%)
119 = 1 (0.0%)
83 = 1 (0.0%)
107 = 1 (0.0%)
85 = 1 (0.0%)
86 = 1 (0.0%)
104 = 1 (0.0%)
88 = 1 (0.0%)
89 = 1 (0.0%)
57 = 1 (0.0%)
100 = 1 (0.0%)
55 = 1 (0.0%)
93 = 1 (0.0%)
52 = 1 (0.0%)
95 = 1 (0.0%)
47 = 1 (0.0%)
97 = 1 (0.0%)
108 = 1 (0.0%)

| 
 | 
 | 
 | 
 | 
 | 
 | 
 || 
 ||| 
 ||| 
 ||| 
 ||| 
 ||| 
 ||| 
 ||||| 
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
000000000011111111112222222222333333333344444444445555555555666666666677
012345678901234567890123456789012345678901234567890123456789012345678901

One to six characters = 18900217 (20.73%)
One to eight characters = 58813691 (64.5'%)
More than eight characters = 32364762 (35.5%)

Only lowercase alpha = 25300978 (27.75%)
Only uppercase alpha = 468686 (0.51%)
Only alpha = 25769664 (28.26%)
Only numeric = 9526597 (10.45%)

First capital last symbol = 72550 (0.08%)
First capital last number = 2427417 (2.66%)

Single digit on the end = 13167140 (14.44%)
Two digits on the end = 14225600 (15.6%)
Three digits on the end = 6155272 (6.75%)

Last number
0 = 4370023 (4.79%)
1 = 12711477 (13.94%)
2 = 5661520 (6.21%)
3 = 6642438 (7.29%)
4 = 3951994 (4.33%)
5 = 4028739 (4.42%)
6 = 4295485 (4.71%)
7 = 4055751 (4.45%)
8 = 3596305 (3.94%)
9 = 4240044 (4.65%)

| 
 | 
 | 
 | 
 | 
 | 
 | 
 | | 
 ||| 
 ||| 
|||| ||| | 
|||||||||| 
|||||||||| 
|||||||||| 
|||||||||| 
|||||||||| 
0123456789

Last digit
1 = 12711477 (13.94%)
3 = 6642438 (7.29%)
2 = 5661520 (6.21%)
0 = 4370023 (4.79%)
6 = 4295485 (4.71%)
9 = 4240044 (4.65%)
7 = 4055751 (4.45%)
5 = 4028739 (4.42%)
4 = 3951994 (4.33%)
8 = 3596305 (3.94%)

Last 2 digits (Top 20)
23 = 2831841 (3.11%)
12 = 1570044 (1.72%)
11 = 1325293 (1.45%)
01 = 1036629 (1.14%)
56 = 1013453 (1.11%)
10 = 909480 (1.0%)
00 = 897526 (0.98%)
13 = 854165 (0.94%)
09 = 814370 (0.89%)
21 = 812093 (0.89%)
22 = 709996 (0.78%)
89 = 706074 (0.77%)
07 = 675624 (0.74%)
34 = 627901 (0.69%)
08 = 626722 (0.69%)
69 = 572897 (0.63%)
88 = 557667 (0.61%)
77 = 557429 (0.61%)
14 = 539236 (0.59%)
45 = 530671 (0.58%)

Last 3 digits (Top 20)
123 = 2221895 (2.44%)
456 = 807267 (0.89%)
234 = 434714 (0.48%)
009 = 326602 (0.36%)
789 = 318622 (0.35%)
000 = 316149 (0.35%)
345 = 295463 (0.32%)
111 = 263894 (0.29%)
101 = 225151 (0.25%)
007 = 222062 (0.24%)
321 = 221598 (0.24%)
666 = 201995 (0.22%)
010 = 192798 (0.21%)
777 = 164454 (0.18%)
011 = 141015 (0.15%)
001 = 138363 (0.15%)
008 = 137610 (0.15%)
999 = 129483 (0.14%)
987 = 126046 (0.14%)
678 = 123301 (0.14%)

Last 4 digits (Top 20)
3456 = 727407 (0.8%)
1234 = 398622 (0.44%)
2009 = 298108 (0.33%)
2345 = 269935 (0.3%)
6789 = 258059 (0.28%)
1111 = 148964 (0.16%)
2010 = 140684 (0.15%)
2008 = 111014 (0.12%)
2000 = 110456 (0.12%)
0000 = 108767 (0.12%)
2011 = 103328 (0.11%)
5678 = 102873 (0.11%)
4567 = 94964 (0.1%)
2007 = 94172 (0.1%)
4321 = 92849 (0.1%)
3123 = 92104 (0.1%)
1990 = 87828 (0.1%)
1987 = 87142 (0.1%)
2006 = 86640 (0.1%)
1991 = 86574 (0.09%)

Last 5 digits (Top 20)
23456 = 721648 (0.79%)
12345 = 261734 (0.29%)
56789 = 252914 (0.28%)
11111 = 116179 (0.13%)
45678 = 96011 (0.11%)
34567 = 90262 (0.1%)
23123 = 84654 (0.09%)
00000 = 81056 (0.09%)
54321 = 73623 (0.08%)
67890 = 66301 (0.07%)
21212 = 28777 (0.03%)
23321 = 28767 (0.03%)
77777 = 28572 (0.03%)
22222 = 27754 (0.03%)
55555 = 26081 (0.03%)
66666 = 25872 (0.03%)
56123 = 21354 (0.02%)
88888 = 19025 (0.02%)
99999 = 18288 (0.02%)
12233 = 16677 (0.02%)

Character sets
loweralphanum: 47681569 (52.29%)
loweralpha: 25300978 (27.75%)
numeric: 9526597 (10.45%)
mixedalphanum: 3075964 (3.37%)
loweralphaspecial: 1721507 (1.89%)
loweralphaspecialnum: 1167596 (1.28%)
mixedalpha: 981987 (1.08%)
upperalphanum: 652292 (0.72%)
upperalpha: 468686 (0.51%)
mixedalphaspecialnum: 187283 (0.21%)
specialnum: 81096 (0.09%)
mixedalphaspecial: 53882 (0.06%)
upperalphaspecialnum: 39668 (0.04%)
upperalphaspecial: 18674 (0.02%)
special: 14657 (0.02%)

Character set ordering
stringdigit: 41059315 (45.03%)
allstring: 26751651 (29.34%)
alldigit: 9526597 (10.45%)
othermask: 4189226 (4.59%)
digitstring: 4075593 (4.47%)
stringdigitstring: 2802490 (3.07%)
stringspecial: 792852 (0.87%)
digitstringdigit: 716311 (0.79%)
stringspecialstring: 701378 (0.77%)
stringspecialdigit: 474579 (0.52%)
specialstring: 45323 (0.05%)
specialstringspecial: 28480 (0.03%)
allspecial: 14657 (0.02%)

[The post Your Password is Already In the Wild, You Did not Know? has been first published on /dev/random]



from Xavier

Thursday, May 18, 2017

[SANS ISC] My Little CVE Bot

I published the following diary on isc.sans.org: “My Little CVE Bot“.

The massive spread of the WannaCry ransomware last Friday was another good proof that many organisations still fail to patch their systems. Everybody admits that patching is a boring task. They are many constraints that make this process very difficult to implement and… apply! That’s why any help is welcome to know what to patch and when… [Read more]

[The post [SANS ISC] My Little CVE Bot has been first published on /dev/random]



from Xavier

Wednesday, May 17, 2017

More than just an ocean separates American and European approaches to cybersecurity

The recent revision of the National Standards and Technology Institute’s (NIST) Cybersecurity Framework and the publication of European Network and Security Agency’s (ENISA) proposals on implementation of the Network and Information Security (NIS) Directive have made me pause and ponder the progress made (or indeed not) in securing our critical infrastructures since they were both introduced. I was also struck by how much the differences in political culture affect policy outcomes, even when these are largely supported by the broad ecosystems they seek to regulate and/or influence.

The starting point was strikingly similar for both economic powers: the Directive and the Framework seek to improve cybersecurity of critical infrastructures. They came out at around the same time in early 2013, when the European Commission first introduced the Directive and when Obama signed the Executive Order that set out the process that ultimately resulted in the Cybersecurity Framework.

Given the considerable differences in the US and the EU political, legislative and executive “machines” it is no surprise that, even with these common starting points, the two have followed very different paths. The Framework is undergoing its first major revision in 3 years based on changes in threat and experiences of global adopters. The Directive is now only beginning the implementation phase in the  EU member states.

The NIST’s creation of the Framework has been rightly held up as a successful example of public-private partnership. It used an open, collaborative and iterative development process to harness the expertise and experience of cyber and non-cyber stakeholders, hosting numerous open workshops and consulting widely, and not just within the US itself. The result was a Framework that is now being referenced around the world, by businesses and governments and it is being considered as a starting point for ISO 27103.

On the other hand, the processes of aligning 28 different sets of national cybersecurity agendas, and of securing a common view from a European Parliament that has somewhere between four and six major party groups, took considerably longer than the gestation of the Framework. It was a monumental effort and investment on the part of Europe. There were working groups and workshops too, but perhaps because of the efforts to coordinate the necessary agreements at the “top” the resulting Directive lacked some of the obvious “bottom-up” characteristics of the Framework. But the benefit of the Directive, creates durable institutions in EU member states, coordination processes, and security baselines. As a result, the it is likely to result in a very different return on investment than the Framework.

But this should not just be a story of different approaches to cybersecurity policy. The EU approach to building institutions and setting capabilities requirements, if implemented and evolved, will help provide a layer of coordination and security that did not exist. The Framework’s voluntary nature and global adoption is better at preparing enterprises – public and private – for improving risk management measures.

These are substantial differences, from the perspective of both businesses and regulators in these two approaches. However, in the end they may complement each other more than we see today. For example, several EU member states already reference the Framework within their approaches to cybersecurity as they seek to leverage implementing terminology and standards. Looking forward, therefore, it is possible that the two approaches could converge in practical ways. Parts of the Framework might evolve into an international standard, as referenced above, one that can be utilized by a great number of countries. Equally, the implementation of the Directive at EU member state level, and the identification of reference standards, could establish a model that other regions might follow.

Cybercriminals and cyberattacks will inevitably be encouraged and enabled by serious divergence in approaches to cybersecurity, wherever in the world these occur. As such, it seems essential that steps are taken on both sides of the Atlantic to ensure closer harmonization, both to improve the situation of the US and the EU and to set an example to the rest of the world.



from Paul Nicholas

Tuesday, May 16, 2017

Announcing new Adversary Detection and Compromised Recovery services

This post is authored by Berk Veral, Senior Marketing Communication Manager, Enterprise Cybersecurity Group. 

Perhaps one of the best-kept secrets within Microsoft cybersecurity services is the Global Incident Response and Recovery team.  We affectionately call them the “GIRR” team for short. Not many people know about the team but, for those whom they have helped to combat cyber criminals, they are indispensable – a trusted partner when the worst cybercrimes happen.

The GIRR team is comprised of elite cybersecurity professionals who are experts in handling critical incidents and helping our customers during a crisis when a compromise or a breach is suspected. On an ongoing basis, the team works around the clock and around the globe, demonstrating grit, fortitude and steadfast dedication to Microsoft customers in need.

The team is expanding and now offers two new services for our customers: Persistent Adversary Detection Services – Cloud Enabled (PADS-CE) and Compromise Recovery (CR). These are two very different standalone services designed to help customers under specific circumstances.

Cloud-Based Persistent Adversary Detection Service

PADS-CE is a cybersecurity service for customers who want to understand their exposure to the risks posed by today’s targeted attacks from determined human adversaries and sophisticated criminal organizations. However, unlike a traditional PADS engagement where all resources would be deployed onsite at the customer’s location, PADS-CE leverages a secure Azure workspace for collaboration, allowing remote team members to participate in the engagement. PADS-CE provides the ability to leverage the unique skill sets of seasoned Incident Responders worldwide, culminating in a richer engagement experience and output for our customers.

PADS-CE is ideal for enterprise customers primarily running Windows endpoints who would like to validate that they have not been victim to a target attack. It is a proactive, discrete service that is, in effect, an incident response prior to an actual emergency.

Microsoft will provide information regarding the customer’s exposure to targeted attacks via PADS-CE at a lower price point by leveraging Azure and a team of remote resources. PADS-CE leverages telemetry from Microsoft’s vast, global sensor network, and is able to correlate PADS-CE findings against threat intelligence worldwide. The team leverages proprietary scanners (that do not remain on the network), to detect the presence of implants, backdoors, and similar unauthorized malc0de. Through forensic analysis and reverse engineering of any implants found, the team can assess customers’ current exposure to the threats posed by targeted attacks.

Compromised Recovery

Microsoft Compromise Recovery (CR) service is a cybersecurity offering designed to restore a customer’s secure business operations after a compromise. The service runs in parallel with any ongoing incident response investigation or soon after its completion, whether performed by Microsoft or a 3rd party.

It consists of four principal components:

  1. Scoping of the compromise
  2. Installing critical hardening policies
  3. Deploying and tuning tactical monitoring solutions
  4. Coordinating an attacker eviction event

CR is ideal for enterprise customers primarily running Windows endpoints who have confirmed malicious activity in their environment. Most likely, they have already engaged Microsoft or a 3rd party to complete an incident response investigation.

CR will help customers get their business operations back up and running by remediating their exposure to risks after an incident response investigation. CR will remove identified malicious activity from their network, harden against further compromise and monitor for indicators of compromise based on the current attack.

In addition to restoring a customer’s secure business operations and providing information regarding the customer’s remaining risk exposure, CR will offer suggestions for strategic initiatives to improve security posture. Microsoft leverages best in class monitoring solutions – Advanced Threat Analytics (ATA) and Operations Management Suite (OMS) – to monitor systems after a compromise. Compromise Recovery is based on years of industry expertise and best practices with incident response, based on the Microsoft GIRR team successfully leading countless recoveries around the globe.

Trusted Security Partner Every Step of the Way

These two offerings bring Microsoft customers expanded capabilities in cybersecurity, and provide the Microsoft Global Incident Response and Recovery team another tool to ensure Microsoft can be counted on by every enterprise CISO as their trusted security partner when it comes to detecting and responding to incidents, as well as getting business operations back up and running in the wake of an incident.

Please visit Sharing Microsoft learnings from major cybersecurity incidents to learn more about the Microsoft Global Incident Response and Recovery team and how they can help your organization.



from Microsoft Secure Blog Staff