Microsoft has introduced a new cybersecurity feature in Microsoft Defender for Endpoint that can automatically isolate compromised devices during an active cyberattack. The feature is currently available in preview mode and is designed to help organizations stop attacks before they spread across the network. It works as part of Microsoft’s growing focus on automated cyber defense technologies. The goal is to reduce the damage caused by modern and fast-moving cyber threats.
The new feature works through Microsoft’s Automatic Attack Disruption system. When Defender detects suspicious activity or believes a device has been compromised, it can immediately isolate that machine from the network without waiting for manual action from security teams. This allows organizations to respond to attacks much faster than traditional methods. The system is mainly focused on stopping attackers before they move deeper into the network.
Microsoft says the isolation process blocks communication between the infected device and other systems inside the organization. This helps stop attackers from spreading malware, stealing data, or compromising more devices. At the same time, the isolated machine still stays connected to Microsoft Defender security services. This allows security teams to continue monitoring the device and collecting important investigation data.
The company explained that many cyberattacks, especially ransomware attacks, spread very quickly after hackers gain access to one system. In several cases, attackers try to move across the network before security teams can react manually. Automatic isolation helps slow down or completely stop that movement almost instantly. This gives defenders more time to investigate the incident and remove the threat safely.
According to Microsoft, the feature is especially useful against ransomware groups that target businesses and enterprise networks. These attackers often attempt lateral movement, where they jump from one device to another to reach important servers and sensitive systems. By isolating a compromised endpoint early, organizations can reduce the chances of a large-scale ransomware outbreak. This can help prevent major operational and financial damage.
Microsoft also confirmed that administrators can manually release isolated devices after the threat has been removed and the investigation is completed. The company has included safeguards to avoid unnecessary disruption during the isolation process. Certain Microsoft Defender services can still communicate with the affected device for monitoring and recovery purposes. This ensures security operations can continue without fully shutting down the machine.
The new capability is part of Microsoft’s larger strategy to improve automated cybersecurity protection. Modern cyberattacks are becoming more advanced and much faster than traditional security response times. Because of this, many companies are now relying more on AI-driven and automated security systems. Microsoft believes automated containment features can play a major role in reducing cyberattack impact in real time.
Cybersecurity experts have increasingly supported automated response technologies because attackers now use highly organized and automated attack methods. Features like automatic endpoint isolation can reduce human response delays and help organizations contain threats much earlier. Microsoft Defender for Endpoint already provides threat detection, endpoint monitoring, and incident response capabilities. The new isolation feature adds another strong layer of defense against modern cyber threats.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
