Black Hat USA 2021 is about understanding the needs of security professionals and meeting you where you are. With last year’s pandemic-related firefighting still fresh in our minds, this year’s event will provide a welcome respite to be informed about cutting-edge security answers, build our skillsets, and network with peers.

Microsoft Security is committed to helping you procure your entire digital estate with integrated, comprehensive protection–bridging the gaps to catch what others miss. We offer the leading AI, automation, and expertise that help you see menaces rapidly, respond effectively, and fortify your security posture. As the world countries enters a new normal where seasoned security professionals are more needed than ever, we’re proud to share its own experience and learn lessons from you at the virtual Black Hat USA 2021.

Virtual Microsoft-sponsored sessions

The Emerging Cyber Threat Landscape

Date and hour: Tuesday, August 3, 1:15 PM- 1:45 PM PT

Black Hat CISO summit virtual breakout

Speaker 😛 TAGEND

Ann Johnson, Corporate Vice President, Security, Compliance, and Identity Business Development, Microsoft

The rapid rise of ransomware can be traced to WannaCry and( Not) Petya, which fused large-scale compromise techniques with an encryption payload that demanded a ransom pay in exchange for the decryption key. These successful attempts inspired a new generation of human-operated ransomware, expanding into an enterprise-scale operation blending targeted attacks and extortion. Learn how the rise in ransomware is influencing cyber strategies that can help strengthen your security posture.

Evolving Red Teaming at Microsoft

Date and period: Wednesday, August 4, 8 AM to 8: 15 AM PT

Track: Security Functioning and Incident Response

Speakers 😛 TAGEND

Alexandre Fernandes Costa, Principal Security Engineer Lead Reid Borsuk, Principal Security Engineer

Representatives from one of the six teams dedicated to offensive security at Microsoft share how we’ve evolved from red teaming to broader offensive security practices and techniques. They’ll walk you through our collaborative approach to offensive security procedures, all while demonstrating how red squad activity illustrated in our products designed to stop antagonists in their tracks.

Preventing a “Hostages “: Defusing the Pervasive Threat of Human-Operated Ransomware

Date and day: Wednesday, August 4, 3:10 PM- 3:30 PM PT

Track: Endpoint Security

Speakers 😛 TAGEND

Hadar Feldman, Product Management Lead, Microsoft 365 Defender Itai Kollmann Dekel, Principal Research Manager, Microsoft Defender for Endpoint

Ransomware has evolved. We’ve all insured it progress from automated, indiscriminate nuisance attacks into the targeted, human-operated campaigns that cost businesses millions. Protecting against a ransomware attack is like preventing a hostage situation in real life–you need to understand the nature of security threats, assess your exposure to risk, identify high-value assets, implement protective measurements, and have playbooks ready to respond rapidly.

In this session, we’ll take you through crisis prevention and mitigation strategies that can be a game-changer against human-operated ransomware. You’ll learn about our latest research on the ransomware menace landscape, based on in-depth analysis of dozens of real-world ransom strikes in the past year. We’ll examine how human-operated ransomware attacks have become more like advanced lingering threats, and what that means for your organization. We’ll discuss key mitigations that address common techniques observed in ransomware campaigns( like tamper with security products ). Eventually, we’ll examine approaches to contain aggressive ransomware along with critical ways to improve your ability to see through the noise–before it’s too late.

Inside the Most Impactful Nation-State Attack in History

Date and time: Thursday, August 5, 2:10 PM- 2:30 PM PT

Track: Security Operations and Incident Response

Speakers 😛 TAGEND

Elia Florio, Principal Research Lead, Microsoft Ramin Nafisi, Senior Malware Reverse Engineer, Microsoft Dana Baril, Senior Security Research Lead, Microsoft Michael Grenetz, Senior Product Manager, Microsoft

Get an inside conducted an investigation into one of the most sophisticated strikes in history–the Nobelium incident–from the frontline responders that helped track and defend against it. We’ll discuss the adversary’s tradecraft , novel techniques, and expert recommendations that can help organisations protect themselves from the next wave of advanced threats.

Microsoft Bug Bounty Program

Microsoft awarded $13.6 million in bug bounties to more than 340 security researchers in 58 countries in the past 12 months. Bounties averaged more than $ 10,000 per award across all programs, with the largest ($ 200,000) awarded under the Hyper-V Bounty Program. The more than 1,200 eligible reports we received over the past year reflect the flair of the world security research community, as well as the spirit of partnership Microsoft fosters in addressing the challenges of a rapidly evolving threat landscape.

Glitch reward and research programs–new and updated

Windows Insider Preview Bounty Program( updated July 2020) Researcher Recognition Program( updated February 2021) Microsoft Applications Bounty Program( Teams Desktop ), launched March 2021 — NEW SIKE Cryptographic Challenge, launched June 2021 — NEW

A heartfelt thank you goes out to everyone who shared their research with Microsoft over the past year. We look forward to sharing more Bug Bounty Program improvements with you in the course of the year, as we continue to invest in our partnerships within the security research community.

Machine Learning Evasion Competition

Microsoft is determining an uptick of strikes on commercial AI systems that could compromise the confidentiality, soundnes, and availability guarantees of these systems. To help the AI and security community ramp up on this novel space, and furnish a discover environment, today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition( MLSEC ). Learn more about the competition and how to participate from our announcement blog.

Microsoft Security product news Microsoft Azure Sentinel

In March 2021, Microsoft announced an important step in realizing our eyesight for integrated SIEM and XDR with the release of incidents integrating between Azure Sentinel and Microsoft 365 Defender. Now, we’re aroused to take another key step in this journey–bi-directional incidents syncing between Azure Defender and Azure Sentinel are now in public preview. With this capability, users can now automatically sync alertings, incidents, and incident statuses across the two products. Microsoft now delivers the only integrated SIEM and XDR with incident sharing across all components, streamlining the investigation process and giving your SecOps team more time to focus on what’s really important. Read Microsoft Ignite 2021: What’s New in Azure Sentinel to learn more.

Microsoft Defender for Endpoint

Today’s threat environment is complex, and the endpoint continues to be a top onslaught vector. We recently released improvements and updates to the evaluation lab in Microsoft Defender for Endpoint to include new simulations by SafeBreach for strike campaigns such as Solorigate and Carbanak+ FIN7, enabling security teams to better prepare for these types of advanced threats.

Robust prevention is a necessary first step in securing your organization. For that reason, we’re excited to share new device control abilities for USB printing and removable storage to help organizations add additional layers of protection to their endpoints. We’ve also been extending our preventative abilities across platforms, and the general availability of threat and vulnerability management for Linux adds to our existing support for macOS and Windows.

Finally, with respect to a growing threat, day is of the essence; so, we’ve focused on enabling security squads to scale their capabilities for more rapid investigations and response. Giving security squads the ability to download quarantined files without get the user involved can dramatically speed up an investigation. In addition, our new live response API enables forensic proof to be gathered as soon as suspicious activity is identified on a device.

Microsoft Azure Defender for IoT

Azure Defender for IoT is an agentless, network-layer monitoring solution for identifying unmanaged IoT and operational engineering( OT) assets, prioritizing vulnerability mitigations, and continuously monitoring for threats using IoT/ OT-aware behavioral analytics. Available for either on-premises or cloud-connected environments, Azure Defender for IoT is tightly integrated with Azure Sentinel and subsistences third-party security operation center( SOC) tools such as Splunk, IBM QRadar, and ServiceNow.

We’re happy to announce that IoT/ OT-specific threat intelligence can now is constantly being delivered to cloud-connected sensors–reducing manual efforts and helping to ensure constant security. Coming soon: mapping of threats to tactics and techniques for MITRE ATT& CK for industrial control systems( ICS ). Plus be sure to attend our Black Hat session feature Azure Defender for IoT security researchers describing BadAlloc, the critical RCE vulnerability they uncovered in widely used IoT/ OT real-time operating system( RTOS ), libraries, and SDKs.

App governance add-on to Microsoft Cloud App Security

App governance is a new add-on capability to Microsoft Cloud App Security that can be used to monitor, protect, and govern OAuth-enabled third-party apps on Microsoft 365 platform that use Microsoft Graph API. The new app governance add-on , now in preview, aids security the directors and analysts to quickly identify, alerting, and prevent risky app behaviors from Microsoft 365 conformity middle.

Learn more about the new app governance add-on 😛 TAGEND

Public preview announcement Quick-start guide Materials on Transform

Azure Key Vault Managed hardware security modules( HSM)

Azure Key Vault Managed HSM is a amply overseen, highly available, single-tenant, standards-compliant cloud service that enables customers to safeguard cryptographic keys for their cloud applications utilizing FIPS 140 -2 Level 3 confirmed HSMs.

Always Encrypted

Always Encrypted protects sensitive data( credit card or social security numbers) stored in Azure SQL Database or SQL Server databases, letting our customers to encrypt data inside client applications without uncovering the encryption keys to the database engine. Meaning, Always Encrypted maintains a procure breakup between all the persons who own the data and those who manage it. The general availability of Always Encrypted strengthens our promise that Microsoft Azure offers the broadest support for confidential computing. Along with Azure Confidential Ledger and support for Kubernetes and other confidential containers, Always Encrypted makes our patrons the broadest range of options for making their virtual machines( VMs ), applications, and services confidential.

Learn more about Microsoft Security answers

How Microsoft Security empowers collaborators to build customer trust Microsoft delivers comprehensive solution to battle consent phishing emails 2021 Microsoft Inspire Book of News Build your business by managing danger and procuring customer info Ask the Experts: Build your business by overseeing risk and securing patron datum

We look forward to joining you at Microsoft virtual kiosk 2340 for Black Hat 2021, July 31 to August 5, 2021.

To know more about Microsoft Security answers, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Likewise, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft at Black Hat 2021: Conferences, bug reward updates, product news, and more seemed first on Microsoft Security Blog.

Read more: microsoft.com