2021/11/10 Microsoft Cloud Solutions 512 visit(s)
We all know that cyber threats are getting increasingly more complex and more dangerous, especially with ransomware continuing to affect millions of devices and systems around the world and causing major data loss and crashes.
Earlier in August, the Azure Sentinel and Microsoft Threat Intelligence Center teams announced the new Fusion Detection Feature for ransomware, and made it publicly available in efforts to stop ransomware attacks and detect threats earlier.
Fusion Ransomware Detection is a newly added feature to Azure that uses machine learning to spot potential attacks. This feature sends alerts to customers whenever it observes actions that are potentially associated with ransomware activities.
These alerts will inform users of what has been detected and on which device, with the system correlating data from other Azure services like Azure Defender, Microsoft Defender for Endpoints, Microsoft Defender for Identity, and Azure Sentinel scheduled analytics rules.
Once the ransomware activities are detected and correlated by Fusion’s machine learning model, a high severity incident with the label “Multiple alerts possible related to ransomware activity detected” will be triggered in the customer’s Azure Sentinel workspace. Afterwards, Microsoft will send a recommendation to the user to check the affected device or host to make sure that the behavior detected was indeed “unsuspected”.
If so, then the user must treat the device as “Potentially compromised” and take immediate and necessary actions:
When it comes to ensuring security and spontaneous ransomware detection, no tool is ever too much because privacy and keeping devices, data, and transactions safe together are a priority for any enterprise.
However, it’s normal to ask why opt particularly for this tool? Here are the reasons:
Machine learning and its set of tools and algorithms help majorly identify potential risks, but actions taken by individuals help in improving the way algorithms process events.
Therefore, If Fusion found a multi-stage event in Azure Sentinel, then the analysts must ask the user if the behavior or action taken was intentional. if not, then the device is assumed to be compromised and must be isolated from the network.
So, providing feedback to Microsoft after such attacks or suspensions work a great deal to improve the whole operation and the more information Microsoft can collect about incidents, the better it can train the Fusion machine learning model.
Every Cyberattack goes through stages, and ransomware attacks are no different. That’s why Fusion was designed to detect malicious activities at the defense evasion and execution stages.
Fusion ransomware detection allows analysts to access the information they must understand as quickly as possible and act to stop the attack in their tracks.
Furthermore, it stops ransomware from spreading to multiple devices in a single network.
In a report published by PurpleSec, recent ransomware attacks have cost organizations and enterprises around the world about 23 times more in 2020 compared to 2019, with a total of 20$ billion.
Those numbers raised the concerns of enterprise owners and security teams, since all the data where critical or private were totally encrypted and locked away.
Therefore, and we can’t stress this enough, when it comes to security actions must be taken and tools must be used to keep the enterprise data safe and sound.
Here at Ctelecoms, we are proud to be partners with Microsoft, working to provide the best-in-class services for our clients. Let us support you with more information by getting in touch with our expert team.