May 6, 2024 at 01:04PM
Microsoft is adding automated attack disruption capabilities to its extended detection and response (XDR) offering to combat the increasing presence of malicious OAuth apps in cloud-based systems. This feature can automatically deactivate these apps, preventing exploitation and unauthorized access. The company also announces new protection for industrial control systems and emphasizes the use of AI to stay ahead of threat actors.
From the meeting notes, the main takeaways are:
1. Microsoft is addressing the increasing problem of threat actors using malicious OAuth apps to gain unauthorized access to cloud-based systems and applications.
2. Automated attack disruption capabilities are being added to the extended detection and response (XDR) offering to automatically deactivate malicious OAuth apps and disrupt attacks against SaaS-based applications.
3. Microsoft has also expanded Defender XDR capabilities to include native protection for operational technology (OT) and industrial control systems (ICS).
4. The use of AI is crucial in detecting, responding to, and disrupting attacks, as attackers are using AI to accelerate the speed of their attacks, and mean time to detect, respond, eradicate, and recover from an attack is high.
Let me know if you need further details on any of these points.