New File Analysis Add-on with Microsoft 365 Defender


Microsoft has taken another step towards security which has revolutionized the way security professionals use Microsoft 365 Defender across devices as well as cloud applications.

This time they have pivoted the process of examining a single file across multiple systems and applications.

CSN

Microsoft 365 Defenders has been used by organizations worldwide to monitor and analyze files and devices’ activities across their networks.

This includes several executable files and documents like Word, Excel, and others.

New File Analysis Interface

The modified interface provides complete insight into a single file and its potential impact on the organization.

However, this time the file can be tracked from the time of its introduction and its lateral movement across devices inside the organization, along with its related cloud applications, incidents, alerts, and many other statistics, including the Worldwide prevalence of the file.

Microsoft 365 Defender Interface (Source: Microsoft)

Enhanced Pivoting

The current update also includes further analysis after finding about the file’s existence on a device. It shows information like file execution status, first and last seen of the file on the device, process time it took to initiate, and other file names associated with the device.

File History

The Cloud Apps page provides insight into the file’s existence on cloud applications along with the Microsoft Cloud Apps policies.

This enables security professionals to anticipate cloud-based threats and take precautionary measures.

Cloud Apps Page (Source: Microsoft)

In addition to these features, the new update also has options to analyze based on MITRE ATT&CK techniques for understanding a file and its potential capabilities after execution. 

For this, the “File Content” page can be utilized, which includes Process Writes, Process creation, Network activities, File Writes, File Deletes, Registry Reads, Registry Writes, Strings, Imports, and Exports.

File Contents Page (Source: Microsoft)

The new update on the Microsoft 365 Defender will supposedly help security professionals to gather multiple pieces of information and secure their organizations.

Microsoft has released a complete report about their new features, showing their capabilities in detail.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.



Source link