Automatic attack disruption with Microsoft Defender for Endpoint

In the ongoing battle against ransomware, our IT teams need every advantage.

Microsoft has been listening to our prayers with their recent announcement introducing automatic attack disruption to Microsoft Defender for Endpoint. This brings extended detection and response (XDR) AI-powered capabilities within reach of even more customers.

This game-changing addition means that Microsoft Defender for Endpoint customers can now automatically disrupt human-operated attacks like ransomware early in the kill chain without deploying any other capabilities.

How does automatic attack disruption work?

This automated attack disruption works by issuing a signal across the Microsoft 365 Defender workloads (identities, endpoints, email, and software as a service [SaaS] apps) to disrupt advanced attacks. Put simply, if the beginning of a human-operated attack is detected on a single device, attack disruption will simultaneously stop the attack on that device and inoculate all other devices across your organisation, stopping the attack in its tracks.

Protection against complex attacks

Along with ransomware, automatic attack disruption helps you protect against the most prevalent, complex attacks, including business email compromise and adversary-in-the-middle. These scenarios each involve a combination of attack vectors like endpoints, email, identities, and apps, posing a significant challenge for security teams to pinpoint where the attack is coming from. Automatic attack disruption detects and disrupts the attack at source, giving defenders time to respond before the adversary can inflict damage.

Increase security with greater coverage

As the security adage goes, it’s not a matter of whether you’ll be breached, but when.

Endpoint security requires a depth of defence through multiple protective layers and mechanisms such as patching vulnerabilities, using next-generation antivirus to neutralise threats at the perimeter, harnessing auto investigation and response to remediate at the individual device level and automatic attack disruption at the organisation level to further limit the spread of an attack.

Attack disruption’s effectiveness and coverage increases with every product integrated into Microsoft 365 Defender. While most ransomware attacks happen on the endpoint, it’s essential to deploy the entirety of the security stack across apps, identities, email, and collaboration to protect against prevalent scenarios like business email compromise, adversary-in-the-middle, and future scenarios. This enables organisations to benefit from disruption capabilities and rich features across the most critical security workloads.

Join our upcoming webinar

If you’re interested in finding out more about how Microsoft Defender for Endpoint can help your business, Nviron is hosting a webinar, “Harnessing the full capabilities of Microsoft 365 Business Premium – Part 1”, on the 21st November, during which we will conduct a deeper dive into Microsoft Defender for Endpoint and explore automatic attack disruption in more detail.

Key details:

• Date – 21st November 2023

• Time – 11:00 – 12:30 (Online live event)

Register now and view our full agenda HERE:

Alternatively, you can always Click Here to discuss your requirements with one of our team.