Microsoft Defender for Endpoint Now Automatically Blocks Human-Operated Attacks


Key Takeaways:

  • Microsoft Defender for Endpoint gets new “contain user disruption” capabilities to automatically counter human-operated attacks.
  • The security feature rapidly identifies and isolates compromised user accounts across all devices, preventing unauthorized access and data breaches.
  • The contain user disruption capabilities are currently in public preview for Microsoft Defender for Endpoint customers.

Microsoft Defender for Endpoint is getting a security feature designed to thwart human-operated attacks automatically. The introduction of new “contain user disruption” capabilities empowers organizations to swiftly isolate compromised user accounts and put a stop to lateral movement during hands-on keyboard attacks.

Microsoft Defender for Endpoint is a security solution that enables customers to detect, investigate, and block advanced security threats. The service uses machine learning to detect suspicious activities and minimize the potential entry points for attackers. Microsoft Defender for Endpoint works seamlessly with other security products and third-party solutions.

The automatic attack disruption capability is designed to block hackers as soon as they break into the system. The feature quickly identifies and isolates compromised users across all devices, which should help to prevent further damage. This means that the threat actors won’t be able to steal passwords, access sensitive data, and encrypt systems in enterprise environments.

“Automatic attack disruption uses signal across the Microsoft 365 Defender workloads (identities, endpoints, email, and software as a service [SaaS] apps) to disrupt advanced attacks with high confidence. Basically, if the beginning of a human-operated attack is detected on a single device, attack disruption will simultaneously stop the campaign on that device and inoculate all other devices in the organization,” said Rob Lefferts, Corporate Vice President for Microsoft 365 Security.

You can see how the automatic attack disruption capabilities work in the video below:

As of today, the user-disruption capabilities are now available in public preview for Microsoft Defender for Endpoint customers. This feature is enabled by default for all enterprise customers, and you can find more details about the prerequisites on this support page.

As cyber threats continue to surge, especially targeting small and medium businesses (SMBs) that often lack access to advanced security solutions, this proactive approach should be a welcome addition. It will assist organizations in enhancing their security posture in an age of escalating digital threats.