HomeWinBuzzer NewsMicrosoft Defender Enhances Security with Auto-Isolation Feature for Compromised Accounts

Microsoft Defender Enhances Security with Auto-Isolation Feature for Compromised Accounts

Microsoft's new security update counters rising ransomware attacks by preventing hackers from exploiting enterprise IT systems and using stolen accounts.

-

Microsoft has augmented its security measures to fend off potential culprits by implementing automatic isolation of compromised user accounts. This decision is targeted at obstructing hackers from maneuvering within an enterprise’s IT infrastructure, prompted by rising incidents of ransomware attacks where malicious entities infiltrate networks, escalate privileges via stolen accounts, and deploy harmful payloads.

Defender for Endpoint to Outmaneuver Attackers

The upgraded security feature has been incorporated into Microsoft Defender for Endpoint in public preview. Rob Lefferts, Corporate Vice President for Microsoft 365 Security, stated, “This on-by-default capability will identify if the compromised user has any associated activity with any other endpoint and immediately cut off all inbound and outbound communication, essentially containing them.”

With Microsoft Defender for Endpoint, attackers are restricted to infiltrate into victims’ on-premises or cloud IT architecture. The isolation is achieved by briefly containing suspiciously compromised accounts. The attack disruption feature achieves containment on accounts across all devices and prevents malicious activities like lateral movement using compromised accounts, credential theft, data exfiltration, and encryption.

Attacks and Isolations: Microsoft’s Response

Additional support is provided by an automated attack disruption feature, which combats the preliminary stages of a human-operated attack detected on an endpoint. Concurrently, the tool extends protection to all devices in the organization by halting incoming damaging traffic.

Microsoft’s initiative to introduce automatic attack disruption to Microsoft 365 Defender XDR (Extended Detection and Response) solution has shown commendable progress. As per Microsoft’s internal data, since its inception in August 2023, over 6,500 devices have duly been saved from ransomware campaigns instigated by hacker groups such as BlackByte and Akira.

Furthermore, Defender for Endpoint, since June 2022, has been successful in isolating hacked and unmanaged Windows devices, subsequent to restricting the lateral movement of malicious entities by blocking all communication to and from the compromised devices. The steps taken by Microsoft have facilitated security operations analysts to efficiently identify, locate, and mitigate the threats posed to compromised identities.

Last Updated on November 8, 2024 10:39 am CET

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon