Detect and disrupt in-progress cyberattacks automatically
Cybersecurity attacks are getting more common and targeted. They’re also accelerating; attacks that used to take months now take days. And even the most advanced security operations teams need to take breaks to keep their organizations protected.
The threats are real
Ransomware attacks
​Commodity and human-operated
<20 minutes
from deployment to
mitigate the attack.
Business Email Compromise (BEC) attacks
Attackers pose as a trusted figure and asks recipients for payment or to share sensitive info
81%
between the first and
second half of 2022
Adversary-in-the
Middle (AitM)
An unauthorized party intercepts communication between two systems or people
$100 or less
the cost of an AitM kit, which lowers the tooling and skills required to launch an attack.
Why is defense so difficult today? ​
Attackers typically get in through a few common ways
A user browses to a website with malware
-
Or they click on a link in a phishing email that takes them to a malicious site or they open a malicious attachment
-
Any of these options can result in malware infecting a user’s device
-
From there, a bad actor can compromise a user account in a variety of ways
-
Another common entry point is using stolen credentials or using a brute force attack to “guess” a password
-
Once the attacker is in, they move laterally to another user with more access and conduct recon to learn more about your network
-
Ultimately, they want to compromise your domain so they can remain in your network for as long as they want
-
And exfiltrate data for financial gain
Protect your business with automatic attack disruption
"What if you could detect and disrupt an in-progress attack automatically and dramatically reduce the overall impact? As a trusted technology partner with experience in security, we can help you get this capability with extended detection and response (XDR) from Microsoft.
Security signals from many different sources
Identify affected assets
Disrupt the attack in real time
Why we recommend Microsoft Defender XDR
Microsoft analyzes 65 trillion signals analyzed daily and correlates them in real time across attack surfaces. This threat intelligence powers automatic attack disruption in Microsoft Defender XDR.
The anatomy of a real-life BEC attack
Microsoft 365 Defender used a combination of signals from identity and email security solutions—such as unfamiliar sign-in, inbox rule creation, and sending and deletion of emails—to identify the BEC attack and detect the fraud attempt. Having established a high level of confidence through the combination of signals and alerts, Microsoft’s XDR-automated actions then disabled the user account and disrupted the attack within three hours. It prevented follow-up conversations and preventing the wire instructions from being acted upon.
The increasingly complex state of cybersecurity
The cybercrime economy continues to democratize tooling and services
Attacks like ransomware are increasingly targeted
Attack surface is expanding, and attackers are adapting quickly
Complex security tooling is costly, inefficient, and lacks integration
Better, more responsive protection
Lower Risk
of Breach
Reduce the risk of a
material breach by
60%
Mean-to-time-
Respond
88%
reduced time to threat mitigation.
Higher SOC productivity
Security analyst time redeployed
75%
Automatic disruption: AitM attacks
The goal of automatic disruption is to contain the attack as early as possible.
Identify with high confidence an AiTM attack based on multiple correlated Microsoft 365 Defender signals.
Automatically disable the compromised
user account.
Automatically revoke the stolen session cookie to prevent additional malicious activity.
Leave the SOC in full control of remediation.