Microsoft has come up with a new ransomware detection feature for Azure that will send alerts to security teams when the system observes actions potentially associated with ransomware activities.
Azure worked with the Microsoft Threat Intelligence Center to create Fusion detection for ransomware. Microsoft’s Fusion technology uses machine learning to find potential attacks in progress and alert security teams.The system will send alerts when it sees ransomware activities at defense evasion and execution stages during a specific timeframe.
The alerts will explain what happened and on which devices or hosts the actions were seen. The Fusion system will correlate data from Azure Defender, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security and Azure Sentinel scheduled analytics rules.
Preventing attacks at first would be the ideal solution but with the new trend of ‘ransomware as a service’ and human operated ransomware, the scope and the sophistication of attacks are increasing attackers are using slow and stealth techniques to compromise network, which makes it harder to detect them in the first place.
When it comes to ransomware attacks, time is the most important factor in preventing more machines or the entire network from getting compromised. The sooner such alerts are raised to security analysts with the details on various attacker activities, the faster the ransomware attacks can be contained and remediated.