Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


Microsoft: Here's how our technology disrupts ransomware and phishing attacks

Microsoft 365 Defender has AI-based capabilities, which the company says can detect and disable compromised accounts and services attackers are trying to use.
Written by Danny Palmer, Senior Writer
Image: Getty/Luis Alvarez

Microsoft is expanding its cybersecurity suite, Microsoft 365 Defender, with AI-based capabilities that can automatically detect and disrupt cyberattacks such as ransomware attacks and business email compromise (BEC) campaigns by quickly identifying and switching off the accounts or services being exploited by attackers. 

In Depth: These experts are racing to protect AI from hackers. Time is running out

Successfully compromising and exploiting the right accounts can allow cyber criminals to gain access to the tools and privileges they need to encrypt a whole network of machines with ransomware in a short amount of time. 

Meanwhile, BEC attacks -- email attacks where employees are tricked into making financial transfers under false pretexts -- can also occur in a short amount of time. 

Both ransomware and BEC attacks can be very costly for victims. To help protect networks from cyberattacks, Microsoft is expanding the automatic attack disruption in Microsoft 365 Defender, which is powered by artificial intelligence-driven threat hunting and detection capabilities, which were first unveiled last year. 

Also: The best VPN services

This capability uses high-confidence extended detection and response (XDR) signals across endpoints, identities, email, and software-as-a-service apps, to contain cybersecurity attacks quickly and effectively, to stop attacks, and limit the impact to the victim. 

Microsoft is expanding its public preview of Microsoft 365 Defender, to help protect networks against ransomware and BEC attacks, two of the most common -- and most costly -- cybersecurity threats to businesses. 

To prevent BEC attacks, automatic attack disruption detects attacks and removes the attacker's access to the environment by switching off the compromised account, therefore limiting their ability to send fraudulent emails, preventing money transfers and financial losses. 

And to prevent ransomware attacks, the technology isolates suspicious activity from a compromised device to prevent an attacker from using it to gain access to other machines and services that can be abused to spread the malicious payload. 

Also: The ransomware problem isn't going away, and these grim figures prove it

To ensure that the system isn't actively quarantining false positives -- and hindering legitimate users -- Microsoft 365 Defender is trained with endpoint detection and response signals, along with insights from the continuous investigation of thousands of incidents by Microsoft's research teams. 

Action will only be taken if the activity has been properly examined by the AI powering the tool and, if it's concluded that the activity is malicious, the automatic response actions are triggered against entities identified as compromised -- preventing further attacks. 

"This game-changing capability comes built-in with Microsoft 365 Defender and limits a threat actor's progress early on -- reducing the overall impact of an attack, from associated costs to loss of productivity," said Eyal Haik, senior product manager at Microsoft. 

Editorial standards