Security News > 2021 > August > Microsoft adds Fusion ransomware attack detection to Azure Sentinel

Microsoft adds Fusion ransomware attack detection to Azure Sentinel
2021-08-09 21:22

Microsoft says that the Azure Sentinel cloud-native SIEM platform is now able to detect potential ransomware activity using the Fusion machine learning model.

Microsoft announced today that its cloud-based SIEM now supports Fusion detections for possible ransomware attacks and triggers high severity Multiple alerts possibly related to Ransomware activity detected incidents.

Azure Defender: 'GandCrab' ransomware was prevented.

To detect potential ongoing ransomware attacks, Azure Sentinel can use the following data connectors to collect data from the following sources: Azure Defender, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security, and Azure Sentinel scheduled analytics rules.

"Incidents are generated for alerts that are possibly associated with Ransomware activities, when they occur during a specific time-frame, and are associated with the Execution and Defense Evasion stages of an attack," Microsoft explains.

Following a ransomware attack scenario detected by Fusion in Azure Sentinel, admins are advised to consider the systems as "Potentially compromised" and take immediate actions.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-fusion-ransomware-attack-detection-to-azure-sentinel/

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 373 51 1392 2848 168 4459