Microsoft has added support for Zerologon detection in Microsoft Defender for Identity to enable Operations teams Security to detect attacks within it businesss trying to exploit this critical vulnerability.
Microsoft Defender for Identity (formerly known as Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution designed to utilize indoor Active Directory signals to detect and analyze compromised identities, advanced threats, and malware. confidential information activity targeting a registered organization.
"Microsoft Defender for Identity can detect this vulnerability early on," said the managerletterMicrosoft's Daniel Naim. “It covers both the exploitation and traffic control aspects of Netlogon.”
Notifications that appear whenever exploit Zerologon or related activity is detected will allow SecOps teams to quickly receive information about the device or domain controller behind attack attempts.
Alerts will also provide information that can help identify targeted information if the attacks were successful.
"Finally, customers using Microsoft 365 Defender can take full advantage of the strength of Microsoft Defender for Identity signals and alerts, combined with behavioral events and crawls from Microsoft Defender for Endpoint," Naim added.
“This coordinated protection enables you to not only monitor Netlogon exploit attempts over network protocols, but also to see the procedure device and exploit-related file activity.”
