Incident response

Incident response is the process of detecting, investigating, and responding to cyberattacks, security breaches, or IT incidents. Explore the latest trends and intelligence-driven strategies that help you prevent future attacks.

Refine Results

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
Explore products
December 4, 2023

3 min read

Protecting credentials against social engineering: Cyberattack Series

Our fourth installation in the Cyberattack Series examines a smishing and social engineering attack and outlines the steps organizations can take to help minimize the risk and prepare for the possibility.
October 26, 2023

4 min read

An integrated incident response solution with Microsoft and PwC

Microsoft Incident Response and PwC have announced a new global alliance to expand their joint Incident Response and Recovery capability.
October 25, 2023

17 min read

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
August 15, 2023

8 min read

How the Microsoft Incident Response team helps customers remediate threats

Microsoft Incident Response is a global team comprised of cybersecurity experts with deep, highly specialized knowledge in breach detection, response, and recovery.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
July 6, 2023

17 min read

The five-day job: A BlackByte ransomware intrusion case study

In a recent investigation by Microsoft Incident Response of a BlackByte 2.
June 29, 2023

3 min read

Patch me if you can: Cyberattack Series

The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
June 6, 2023

6 min read

Why a proactive detection and incident response plan is crucial for your organization

Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response.
April 26, 2023

3 min read

Healthy security habits to fight credential breaches: Cyberattack Series

This is the second in an ongoing series exploring some of the most notable cases of the Microsoft Incident Response Team.
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
Learn more
April 11, 2023

8 min read

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
March 27, 2023

4 min read

Microsoft Incident Response Retainer is generally available

Microsoft Security is expanding its incident response presence and we’re excited to announce the Microsoft Incident Response Retainer is now generally available.
March 24, 2023

20 min read

Guidance for investigating attacks using CVE-2023-23397

This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.
February 8, 2023

2 min read

Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

This is the first in an ongoing series exploring some of the most notable cases of the Microsoft Detection and Response Team (DART), which investigates cyberattacks on behalf of our customers.