Security is becoming an increasing focus for small and medium sized businesses (SMBs). Cyberthreats get more advanced, but security solutions are often too complex to understand. SMBs need an easier and faster way to stay protected, this is where automatic attack disruption within Microsoft Defender for Business comes in.
Automatic attack disruption is an industry-first capability within the Endpoint Detection and Response (EDR) feature in Defender for Business. This helps you rapidly respond to active human-operated ransomware attacks by automatically disrupting them in real-time and containing users and devices before attackers have the chance to act maliciously or move laterally. For SMBs, this “on-by-default” capability helps them stay protected from the latest sophisticated threats while they focus on running their business.
- 82% of ransomware attacks target small businesses
- $2.4bn cost of cyber crime to SMBs
How it works
Automatic attack disruption is designed to contain attacks in progress, limit the impact on an organisation’s assets, and provide more time for security teams to remediate the attack fully. Attack disruption uses the full breadth of our extended detection and response (XDR) signals, taking the entire attack into account to act at the incident level. This capability is unlike known protection methods such as prevention and blocking based on a single indicator of compromise.
While many XDR and security orchestration, automation and response (SOAR) platforms allow you to create your automatic response actions, automatic attack disruption is built in and uses insights from Microsoft security researchers and advanced AI models to counteract the complexities of advanced attacks. Automatic attack disruption considers the entire context of signals from different sources to determine compromised assets.
Automatic attack disruption operates in three key stages:
- It uses Defender XDR’s ability to correlate signals from many different sources into a single, high-confidence incident through insights from endpoints, identities, email and collaboration tools and SaaS apps.
- It identifies assets controlled by the attacker and used to spread the attack.
- It automatically takes response actions across relevant Microsoft Defender products to contain the attack in real-time by isolating affected assets.
Benefits of automatic attack disruption:
- AI models deliver high-confidence signals to identify sophisticated attacks early
- Automatically disrupts in-progress attacks and contains compromised users and devices
- Limits impact of an attack and reduces loss of productivity and associated costs
With automatic attack disruption, Defender for Business is a great security solution for SMBs, offering a wide range of features and a better ability to secure your business. To get a quote for Defender for Business or understand how you can get protected, contact us today or discover our full range of cyber security services here.
