Ruofan Wang and Kelly Kang from the Microsoft 365 Defender Research Team argue that human-operated ransomware attacks can be characterized by a specific set of methods and behaviors.
Microsoft researchers have capitalized on this to develop a cloud-based machine learning (ML) system that, when queried by a device, intelligently predicts if it is at risk, and then blocks the attacker’s next steps.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
“By considering indicators that would otherwise be considered low priority for remediation, adaptive protection stopped the attack chain at an early stage such that the overall impact of the attack was significantly reduced,” note the researchers, while explaining how the AI-driven adaptive protection feature helped stop an attack on one of their customers.
Data driven approach
Microsoft explains that the system’s data-driven decisions are based on extensive research and experimentation, and can effectively block attacks without negatively impacting customer experience.
Furthermore, since the adaptive protection is AI-driven, the risk score it assigns to a device isn’t solely based on individual indicators, but on a broad set of patterns and features that helps the system gauge whether it is about to be attacked
“This capability is suited in fighting against human-operated ransomware because even if attackers use an unknown or benign file or even a legitimate file or process, the system can help prevent the file or process from launching,” explains the duo.
The AI-driven protection is automatically available to all Microsoft Defender for Endpoint customers who have enabled cloud protection.