Key Takeaways:
Microsoft is introducing a new Threat classification feature in Defender for Office 365 to improve email security. This tool leverages AI and machine learning to help security teams identify and understand the intent behind email threats.
The latest update allows administrators to incorporate Threat classification information into key features of the Defender portal, improving detection, analysis, and response within their organizations. It uses advanced techniques like large language models (LLMs) and machine learning (ML) to better understand the intent behind threats.
The new Threat classification feature offers several improvements for security analysts, such as granular threat identification, enhanced incident analysis, faster response, and inclusion in advanced hunting. It categorizes phishing threats into types like Invoice Scams, Corporate Data Theft, Payroll Fraud, Lure-Based Attacks, and Gift Card Fraud.
On the Threat Explorer page, administrators can filter emails by Threat classification, view classifications in the results, analyze trends using charts, and export data with classification details. On the Advanced Hunting page, the ThreatClassification column in the EmailEvents table enables the creation of custom detection rules based on classification information.
The Email Summary panel will integrate Threat classification across various areas, such as Alerts, Incidents, Reports, AIR, Submission, Explorer, and Advanced Hunting. Additionally, the Email Entity page will feature a new Threat classification field in the threat detection details. It should help IT administrators understand the context and intent behind detected threats.
The new Threat Classification feature is expected to become available to all Microsoft Defender for Office 365 customers later this month. Microsoft advises administrators to update their custom detection rules and automated workflows to include Threat classification.