Microsoft is testing a brand new Defender for Endpoint functionality that can block visitors to and from undiscovered endpoints to thwart attackers’ lateral community motion makes an attempt.
As the corporate revealed earlier this week, that is achieved by containing the IP addresses of gadgets which have but to be found or onboarded to Defender for Endpoint.
Redmond says the brand new characteristic will forestall risk actors from spreading to different non-compromised gadgets by blocking incoming and outgoing communication with gadgets utilizing contained IP addresses.
“Containing an IP tackle related to undiscovered gadgets or gadgets not onboarded to Defender for Endpoint is completed mechanically by means of computerized assault disruption. The Include IP coverage mechanically blocks a malicious IP tackle when Defender for Endpoint detects the IP tackle to be related to an undiscovered gadget or a tool not onboarded,” Microsoft explains.
“By way of computerized assault disruption, Defender for Endpoint incriminates a malicious gadget, identifies the function of the gadget to use an identical coverage to mechanically comprise a crucial asset. The granular containment is completed by blocking solely particular ports and communication instructions.”
This new characteristic will likely be accessible on Defender for Endpoint-onboarded gadgets working Home windows 10, Home windows 2012 R2, Home windows 2016, and Home windows Server 2019+.
Admins may also cease an IP tackle’s containment by restoring its connection to the community at any time by choosing the “Include IP“ motion within the “Motion Middle” and choosing “Undo” within the flyout.
Since June 2022, Defender for Endpoint has additionally been in a position to isolate hacked and unmanaged Home windows gadgets, blocking all communication to and from the compromised gadgets to cease attackers from spreading by means of victims’ networks.
Microsoft additionally began testing gadget isolation assist for Defender for Endpoint on onboarded Linux gadgets, with the aptitude reaching common availability on macOS and Linux in October 2023.
The identical month, the corporate revealed that Defender for Endpoint may additionally isolate compromised person accounts to dam lateral motion in hands-on-keyboard ransomware assaults utilizing computerized assault disruption.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and methods to defend in opposition to them.
