Microsoft reveals a ransomware detection system for its Azure customers which uses machine learning to find possible ransomware attacks and alert security teams.
According to Microsoft’s Sylvie Liu, Azure worked with the Microsoft Threat Intelligence Center to develop Fusion detection for ransomware.
The Fusion system sends messages such as “multiple alerts possibly related to Ransomware activity detected” in the Azure Sentinel workspace and that the alarms explain what happened and on which devices and hosts the actions were seen.
The alerts will show what happened and on which devices or hosts the actions were seen. The Fusion system will correlate data from Azure Defender (Azure Security Center), Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security and Azure Sentinel scheduling analysis rules.
Liu explained: “When it comes to ransomware attacks, time more than anything else is the most important factor in preventing more machines or the entire network from getting compromised. The sooner such alerts are raised to security analysts with the details on various attacker activities, the faster the ransomware attacks can be contained and remediated.”
For more information, read the original story in ZDNet.