Incident response

Incident response is the process of detecting, investigating, and responding to cyberattacks, security breaches, or IT incidents. Explore the latest trends and intelligence-driven strategies that help you prevent future attacks.

Refine Results

Filtered by

Clear All

Oldest to Newest

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
July 30, 2019

2 min read

Council of EU Law Enforcement Protocol improves cross-border cooperation

The new EU Law Enforcement Emergency Response Protocol addresses the growing problem of planning and coordinating between governments, agencies, and companies when cyberattacks occur across international boundaries.
August 8, 2019

2 min read

Protect against BlueKeep

DART offers steps you can take to protect your network from BlueKeep, the “wormable” vulnerability that can create a large-scale outbreak due to its ability to replicate and propagate.
September 18, 2019

5 min read

Overview of the Marsh-Microsoft 2019 Global Cyber Risk Perception survey results

Results from the 2019 Marsh-Microsoft Global Cyber Risk Perception survey reveal several encouraging signs of improvement in the way organizations view and manage cyber risk.
December 16, 2019

4 min read

Ransomware response

As part of Microsoft’s Detection and Response Team (DART) Incident Response engagements, we regularly get asked by customers about “paying the ransom” following a ransomware attack.
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
Learn more
December 17, 2019

1 min read

Norsk Hydro responds to ransomware attack with transparency

Aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware.
December 23, 2019

7 min read

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

In this next post in our series, we provide insight into a day in the life of our SOC analysts investigating common front door attacks.
February 4, 2020

5 min read

Ghost in the shell: Investigating web shell attacks

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.
April 8, 2020

7 min read

Microsoft shares new threat intelligence, security guidance during global crisis

Our threat intelligence shows that COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to the pandemic.
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
Learn more
April 21, 2020

4 min read

MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats

During the MITRE ATT&CK evaluation, Microsoft Threat Protection delivered on providing the deepest optics, near real time detection, and a complete view of the attack story.
April 22, 2020

5 min read

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

By working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.
May 4, 2020

7 min read

CISO Series: Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC.
May 6, 2020

6 min read

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

Security incidents don’t happen exclusively during business hours: attackers often wait until the late hours of the night to breach an environment.