From 3030074ad6d428dd3a559e9bd575db3bb29c829f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 20 May 2020 14:34:45 -0700 Subject: [PATCH] Update behavioral-blocking-containment.md --- .../microsoft-defender-atp/behavioral-blocking-containment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index 0e37eea1c4..c7c5359ec2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -24,7 +24,7 @@ ms.collection: - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -## Overview of behavioral blocking and containment +## Overview Today’s threat landscape is overrun by [fileless malware](https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats) and that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised machines. Traditional security solutions are not sufficient to stop such attacks; you need artificial intelligence (AI) and machine learning (ML) backed capabilities, such as behavioral blocking and containment, included in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security). @@ -74,7 +74,7 @@ While the attack was detected and stopped, alerts, such as an "initial access al This example shows how behavior-based machine learning models in the cloud add new layers of protection against attacks, even after they have started running. -### Example 2: NTML relay +### Example 2: NTML relay - Juicy Potato malware variant As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Microsoft Defender ATP detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.