Microsoft Introduces Ransomware Detection To AI-Powered Azure Sentinel Management Tool
Ransomware infections have been on the rise lately, affecting companies like Gigabyte or, more famously, Kaseya. Subsequently, the fight against the ransomware plague needs to meet and exceed threat actors’ efforts, and Microsoft is looking to help. In collaboration with the Microsoft Threat Intelligence Center, ransomware detection is being built into the Azure Sentinel security information and event management (SIEM) tool.
Azure Sentinel is an AI-assisted tool that analyzes copious amounts of data to detect and investigate threats on-premises and in the cloud. It is also helped by something called Fusion, a machine learning system used to “correlate different alerts and contextual signals together,” and assess patterns “that reveal attack progression or signals with shared contextual information.”
Now, Fusion has been trained on ransomware, allowing the tech to “correlate alerts that are potentially associated with ransomware activities.” This will assist administrators in getting ahead of an attack before it spreads over an entire network. You can see what the warning for a potential ransomware incident would look like above.
Though preventing a ransomware attack entirely would be ideal, that can be an incredibly difficult task with large networks. Thus, settling for acceptable casualties in an environment is the way to go, and Azure Sentinel will now help keep damage to a minimum with ransomware detection.