In a blog post, Microsoft’s Sylvie Liu said the Azure team collaborated with Microsoft Threat Intelligence Center to create the new feature. By tapping into Microsoft machine learning technology, Fusion can spot attacks in their early stages. Alerts of security teams allows time to prevent threats from escalating. “Preventing such attacks in the first place would be the ideal solution, but with the new trend of ‘ransomware as a service’ and human-operated ransomware, the scope and the sophistication of attacks are increasing — attackers are using slow and stealth techniques to compromise the network, which makes it harder to detect them in the first place,” says Liu. “When it comes to ransomware attacks, time more than anything else is the most important factor in preventing more machines or the entire network from getting compromised. The sooner such alerts are raised to security analysts with the details on various attacker activities, the faster the ransomware attacks can be contained and remediated.”
Detection Tools
When a threat is detected, the Fusion system sends messages such as “Multiple alerts possibly related to Ransomware activity detected” to the Azure Sentinel workspace. All alerts explain clearly what is happening in terms of security risk, which devices actions we located on. Other services the technology taps into include Microsoft Defender for Endpoint, Microsoft Cloud App Security, Azure Sentinel, and Microsoft Defender for Identity. Tip of the day: File History is a Windows 10 back up feature that saves each version of files in the Documents, Pictures, Videos, Desktop, and Offline OneDrive folders. Though its name implies a primary focus on version control, you can actually use it as a fully-fledged backup tool for your important documents.