Engineers from Microsoft Israel have developed an AI platform to counter cyber threats proactively

Defender customers have been using this feature discreetly for the past 12 months.

A two-year research and development process involving worldwide security teams was led by dozens of engineers, researchers, and machine learning experts from Microsoft Israel R&D's security teams. The goal of the project was to create a new security platform that would automatically block cyberattacks. The Microsoft Defender for Endpoint and Microsoft Defender XDR teams created the automatic attack disruption, which processes signals from every single one of the company's security systems using cutting-edge AI capabilities. In real time, it detects and automatically thwarts threats until they are completely halted or the security staff steps in. With the use of data gathered by Microsoft's security tools, the researchers examined a variety of cyberattacks, discovered attack patterns, and learnt the various techniques employed by attackers. Defender customers have been using this feature discreetly for the past 12 months.

Microsoft claims that by analyzing signals from all of its security products—from email to endpoints to cloud services within the company—the algorithms running the automatic capabilities are able to identify threats with a very high degree of accuracy and take appropriate action to neutralize the attackers and stop the attack from extending to more endpoints. Attack disruption will automatically halt the campaign on the detected device and alert all other devices within the company, preventing the adversary from moving further. This happens if the start of a human-operated attack is detected on a single device.