M365 Defender - Attack Disruption at "Machine Speed"

According to the Ignite Book of News, "Microsoft 365 Defender now automatically disrupts ransomware attacks".

So what does this mean?

Often, once an attack is detected, the human response is too slow. As such, M365 Defender has XDR has included Automated Detection and Response. According to Microsoft, ADR "XDR automatically identifies, assesses, and remediates known threats in real-time, reducing and simplifying an organization’s workload, and catching hard-to-detect threats."

So if XDR already remediates compromised devices in real-time... does Attack Disruption work faster than real-time? In essence - yes.

With Attack Disruption, Microsoft 365 Defender doesn't just detect compromised identities and devices and remediate those things. Instead, M365 Defender will now "think ahead", figuring out which are the most likely next steps for the attack path, and proactively protecting those things too.

This is possible because Microsoft 365 Defender collects and correlates signals across endpoints, identities, emails, documents and cloud apps into unified incidents and uses the breadth of signal to identify attacks early with a high level of confidence.