Microsoft adds AI-driven ransomware protection to Defender

Microsoft has introduced an AI-driven ransomware attack detection system for Microsoft Defender for Endpoint customers that complements existing cloud protection by evaluating risks and blocking actors at the perimeter.

As human-operated ransomware attacks are characterized by a specific set of methods and behaviors, Microsoft believes that they can use a data-driven AI approach to detect these types of attacks.

Preventing the initial foothold

Attackers typically establish a foothold in the target system by planting a malware binary that provides remote access to the device.

However, not all binaries used in attacks are known to be malicious, and many executables used in attacks are legitimate programs, including built-in Windows commands.

Indicators generated by these binaries may be seen as low priority and ignored by defenders.

Adding an AI-driven adaptive protection system that would detect unusual behavior, even from legitimate binaries, can play a crucial role in preventing further compromise on a device and provide responding teams valuable time to thwart the attacks.

“In a customer environment, the AI-driven adaptive protection feature was especially successful in helping prevent humans from entering the network by stopping the binary that would grant them access,” explained Microsoft about their AI-driven defense system.

“By considering indicators that would otherwise be considered low priority for remediation, adaptive protection stopped the attack chain at an early stage such that the overall impact of the attack was significantly reduced.”

“The threat turned out to be Cridex, a banking trojan commonly used for credential theft and data exfiltration, which are also key components in many cyberattacks including human-operated ransomware.”

Contrary to cloud protection which admins manually adjust, the new system is adaptive, which means that it can automatically ramp the aggressiveness of cloud-delivered blocking verdicts up and down, based on real-time data and machine learning predictions.

Real-time risk assessment system.
Source: Microsoft Blocking subsequent attack steps

Even if the algorithm fails to evaluate the risk at its real magnitude

This article is purposely trimmed, please visit the source to read the full article.

The post Microsoft adds AI-driven ransomware protection to Defender appeared first on Microsoft | The AI Blog.

This post was originally published on this site