In the constantly evolving landscape of cybersecurity, staying one step ahead of potential threats is an ongoing challenge for organisations. To address this, Microsoft has taken a significant step forward with its recent update to Microsoft Defender for Endpoint, focusing on Remote Desktop Protocol (RDP) sessions—a common entry point for attackers
A New Layer of Detail
The update introduces a detailed layer of session information, adding eight new fields to expand the schema across various tables. This enhancement provides a more nuanced view of RDP sessions, offering critical context that can help identify potentially compromised devices within an organisation.
New Fields Include:
- Session IDs
- Device Names
- IP Addresses
These new fields relate to the initiating and created processes of an RDP session, providing a comprehensive overview of each connection.
Screenshots from Microsoft Tech Community
Detecting Indicators of Compromise (IOCs)
The level of detail provided by these new fields is crucial for detecting Indicators of Compromise (IOCs). With this information, security teams can swiftly identify anomalies and act effectively to prevent breaches. By simplifying the correlation process and increasing the accuracy of threat detection, organisations can proactively hunt for suspicious activities and mitigate risks
Adapting to Sophisticated Attacks
The importance of such features cannot be overstated, especially as cyber-attacks become increasingly sophisticated. Human operators are continuously adapting their strategies, making tools like RDP both a vulnerability and an opportunity for defence.
Microsoft’s update to Defender for Endpoint empowers analysts with the visibility needed to disrupt these threats and protect their networks. With the ability to visualise and analyse complex data more effectively, security professionals can make informed decisions and respond more quickly to potential threats.
Conclusion
In conclusion, the enhanced RDP data layer in Microsoft Defender for Endpoint is a powerful tool in the fight against cybercrime. By providing deeper insights into RDP sessions, Microsoft is helping organisations better understand their security posture and respond proactively to emerging threats.
With the new RDP data layer, security teams can confidently defend against attacks, ensuring their networks remain secure and resilient in the face of ever-evolving challenges.