Hi Cloud Marathoners,
This week a new service – Fusion Detection for Ransomware has been announced. These Fusion detections correlate alerts that are potentially associated with ransomware activities that are observed at defense evasion and execution stages during a specific timeframe.
What is Ransomware?
Ransomware attack is a type of attack that involves using specific types of malicious software or malware to make a network or system inaccessible for the purpose of extortion – ‘ransom’.
There is no doubt that ransomware attacks have taken a massive turn in being the top priority as a threat to many organizations. A recent report released by PurpleSec revealed that the estimated cost of ransomware attacks was $20 billion in 2020 and with downtime increasing by over 200% and the cost being 23x higher than 2019.
Preventing such attacks in the first place would be the ideal solution but with the new trend of ‘ransomware as a service’ and human operated ransomware, the scope and the sophistication of attacks are increasing – attackers are using slow and stealth techniques to compromise network, which makes it harder to detect them in the first place.
AI in action with Azure Sentinel for help!
Good new is that #azuresentinel 🔥 is constantly getting more efficient by introducing #AI in action – Sentinel #fusion!
In order to help your analyst quickly understand the possible attack, Fusion provides you with a complete picture for the suspicious activities happened on the same device/host by correlating signals from Microsoft products as well as signals in network and cloud. Supported data connectors include:
- Azure Defender (Azure Security Center)
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Cloud App Security
- Azure Sentinel scheduled analytics rules.
”With Fusion detection for ransomware that captures malicious activities at the defense evasion and execution stages of an attack, it gives security analysts an opportunity to quickly understand the suspicious activities happened around the same timeframe on the common entities, connect the dots and take immediate actions to disrupt the attack.”
Microsoft is commited to release new multistage attack scenarios detected by Fusion in Azure Sentinel. You could keep an eye on there Azure Sentinel Fusion page and get latest updates there 🙂
Stay tuned for more Azure automation & Security related posts.
Fᴏʟʟᴏᴡ ᴍᴇ 🎯 ᴀɴᴅ become ᴀ #cloudmarathoner ⛅🏃♂️🏃♀️ – 𝐋𝐄𝐓’𝐒 𝐂𝐎𝐍𝐍𝐄𝐂𝐓 👍