Microsoft Defender adds command and control traffic detection

Microsoft has added command-and-control traffic detection capabilities to its Microsoft Defender for Endpoint enterprise endpoint security platform.

The C2 connections are detected by the Defender for Endpoint’s Network Protection agent by mapping the outbound connection’s IP address, port, hostname, and other values with data from Microsoft Cloud.

After the malicious connection is detected, a “Network Protection blocked a potential C2 connection” alert will be added to the Microsoft 365 Defender portal, providing SecOps team members with details, including the severity level and the impacted assets, and the activity timespan.

“With the new capabilities in Microsoft Defender for Endpoint, SecOps teams can detect network C2 attacks earlier in the attack chain, minimize the spread by rapidly blocking any further attack propagation, and reduce the time it takes to mitigate by easily removing malicious binaries.”

The prerequisites include Microsoft Defender Antivirus with active real-time protection and cloud-delivered protection, MDE in active mode, network protection in block mode, and engine version 1.1.17300.

Last month, Microsoft also said tamper protection would soon be turned on by default in Microsoft Defender for Endpoint for better defense against ransomware attacks.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

This field is for validation purposes and should be left unchanged.
Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

This site is registered on wpml.org as a development site.