Microsoft has taken another step towards security which has revolutionized the way security professionals use Microsoft 365 Defender across devices as well as cloud applications.
This time they have pivoted the process of examining a single file across multiple systems and applications.
Microsoft 365 Defenders has been used by organizations worldwide to monitor and analyze files and devices’ activities across their networks.
This includes several executable files and documents like Word, Excel, and others.
New File Analysis Interface
The modified interface provides complete insight into a single file and its potential impact on the organization.
However, this time the file can be tracked from the time of its introduction and its lateral movement across devices inside the organization, along with its related cloud applications, incidents, alerts, and many other statistics, including the Worldwide prevalence of the file.
Enhanced Pivoting
The current update also includes further analysis after finding about the file’s existence on a device. It shows information like file execution status, first and last seen of the file on the device, process time it took to initiate, and other file names associated with the device.
File History
The Cloud Apps page provides insight into the file’s existence on cloud applications along with the Microsoft Cloud Apps policies.
This enables security professionals to anticipate cloud-based threats and take precautionary measures.
In addition to these features, the new update also has options to analyze based on MITRE ATT&CK techniques for understanding a file and its potential capabilities after execution.
For this, the “File Content” page can be utilized, which includes Process Writes, Process creation, Network activities, File Writes, File Deletes, Registry Reads, Registry Writes, Strings, Imports, and Exports.
The new update on the Microsoft 365 Defender will supposedly help security professionals to gather multiple pieces of information and secure their organizations.
Microsoft has released a complete report about their new features, showing their capabilities in detail.