Microsoft has announced a couple of new features for its Global Incident Response and Recovery team. In a blog post, the company introduced Persistent Adversary Detection Services – Cloud Enabled (PADS-CE) and Compromise Recovery (CR). Both standalone services give customers specific security features.
You could be forgiven for not even knowing what the Global Incident Response and Recovery team is. It is a relatively secretive group known as the GIRR team. Berk Veral, Senior Marketing Communication Manager, Enterprise Cybersecurity Group, admits that the team is mostly unknown amongst consumers.
However, GIRR is a vital cog in Microsoft’s enterprise-based security features. Comprised of elite cybersecurity experts, the team handles critical incidents and helps customers navigate them.
“On an ongoing basis,” Microsoft says. “The team works around the clock and around the globe, demonstrating grit, fortitude and steadfast dedication to Microsoft customers in need.”
With the two new services, the GIRR team can offer important new help. Cloud Enabled Persistent Adversary Detection Services (PADS-CE) helps customers understand how exposed to cyber threats they are.
PADS-CE uses Azure workspace to give users access to remote GIRR team members. This provides instant access to experienced cybersecurity responders around the world. Microsoft says this solution is oriented towards customers with Windows endpoints. They can use PADS-CE to see if they have been attacked.
By leveraging Azure, Microsoft can provide this help and protection at a lower price.
Microsoft Compromise Recovery (CR) service is the second new cybersecurity solution from the GIRR team. The service runs parallel to incident response investigations, even if they are run by a third party.
CR is made of four core features:
- Scoping of the compromise
- Installing critical hardening policies
- Deploying and tuning tactical monitoring solutions
- Coordinating an attacker eviction event
“CR will help customers get their business operations back up and running by remediating their exposure to risks after an incident response investigation. CR will remove identified malicious activity from their network, harden against further compromise and monitor for indicators of compromise based on the current attack.”