Organizations face increasingly sophisticated attacks, whether that’s supply chain attacks, highly targeted campaigns or hands-on keyboard attacks. To address the issue, Microsoft launched Threat Experts within Microsoft Defender Advanced Threat Protection (ATP) to send targeted attack notifications and experts on demand.
Defender ATP customers can now directly engage with Microsoft security analysts to understand how to prevent and address security issues when they do occur. Meanwhile, targeted attack notifications point to critical threats in customers’ networks, including the timeline scope of breach and the methods of intrusion.
“Together, the two capabilities make Microsoft Threat Experts a comprehensive managed threat hunting solution that provides an additional layer of expertise and optics for security operations teams,” Microsoft wrote in a blog post.
The company went on to demonstrate how Microsoft Threat Experts was used to alert a customer with a targeted attack notification when its endpoint protection capabilities recognized a malicious file within a machine in the organization.
Experts pointed to information about the scope of compromise, relevant indicators of compromise, and a timeline of observed events, which showed that the file executed on the affected machine and proceeded to drop additional files. This led to an experts on demand investigation that eventually found no signs of compromise within the organization, however, they found the weakness that allowed the threat to happen in the first place: unrestricted local administrator privilege.
“With Microsoft Threat Experts, customers can work with Microsoft to augment their security operations capabilities and increase confidence in investigating and responding to security incidents,” Microsoft explained.“Now that experts on demand is generally available, Microsoft Defender ATP customers have an even richer way of tapping into Microsoft’s security experts and get access to skills, experience, and intelligence necessary to face adversaries.”