Microsoft has added a new layer of adaptive protection to Microsoft Defender for devices that use artificial intelligence (AI) to thwart human operations ransomware attacks.
Ruofan Wang and Kelly Kang from Microsoft 365 The Defender research team argues that human-made ransomware attacks can be characterized by a specific set of methods and behaviors.
Microsoft researchers took the opportunity to develop cloud-based machine learning (ML) system which, when questioned by a device, intelligently predicts whether it is at risk, and then blocks the attacker’s next steps.
“By taking into account indicators that would otherwise be considered low priority for remediation, adaptive protection stopped the chain of attack at an early stage, so that the overall impact of the attack was significantly reduced.” Remark researchers, while explaining how the AI-based Adaptive Protection feature helped stop an attack on one of their clients.
Data driven approach
Microsoft explains that data-driven system decisions are based on extensive research and experimentation and can effectively block attacks without negatively affecting the customer experience.
Additionally, since Adaptive Protection is AI-driven, the risk score it assigns to a device is not just based on individual metrics, but on a broad set of models and features that help the system to assess if it is about to be attacked.
“This capability is suitable for combating human-exploited ransomware, because even if the attackers use an unknown or benign file or even a legitimate file or process, the system can help prevent the file or process from being launched. “, explains the duo.
AI-based protection is automatically available to all Microsoft Defender for Endpoint customers who have cloud protection enabled.
You can also protect your network by using these best firewall apps and services, and protect individual computers against all kinds of attacks with these best endpoint protection tools