Microsoft Israel R&D Center engineers lead development of AI platform that stops cyberattacks
Microsoft Israel R&D Center engineers lead development of AI platform that stops cyberattacks
Dozens of engineers, researchers and machine learning experts across security teams at Microsoft Israel R&D led the 2-year long research and development process, analyzing various cyberattacks using information accumulated by Microsoft's security products
Dozens of engineers, researchers and machine learning experts across security teams at Microsoft Israel R&D led a two-year long research and development process with global security teams to develop a new security platform aimed at automatically stopping cyberattacks.
The automatic attack disruption, developed by the Microsoft Defender for Endpoint and the Microsoft Defender XDR teams, uses advanced AI capabilities to process signals from across the organization's security systems. It identifies and automatically disrupts attacks in real time and until they are fully stopped, or the security team intervenes.
The researchers analyzed various cyberattacks using information accumulated by Microsoft's security products, learned the different methods used by attackers, and identified attack patterns. The capability has been quietly used by Defender customers for the past year.
"The ideation process for the new product started in Israel, as we saw the rate of human-operated ransomware attacks build and become increasingly concerning for large organizations around the world," said Itai Kollmann, Principal Research Manager at Microsoft Israel R&D. "Sometimes the attackers target healthcare organizations or hospitals, where cyberattacks can endanger the lives of patients. The new development serves as an innovative and advanced layer of defense for organizations and will help security teams stop sophisticated attackers before they impair the organization."
According to Microsoft, analyzing signals from all of Microsoft's security products - from email, through endpoints, to cloud services in the organization - enables the algorithms that operate the automatic capabilities to reach a very high level of accuracy in identification and perform effective actions to stop the attackers and prevent the attack from spreading to additional endpoints. If the beginning of a human-operated attack is detected on a single device, attack disruption will simultaneously stop the campaign on that device and inoculate all other devices in the organization, so that the adversary has nowhere to go.
Ransomware attacks, in which attackers gain access to systems and sensitive information held by organizations to extort them, are one of the most concerning problems for enterprises and large institutes. A Microsoft study revealed that the past year alone saw a 195% increase in ransomware groups activity, and a rate of about 4,000 password attacks every second. The study also shows that in 85% of cases, attackers gain initial access to the organization's network through unmanaged end point devices.