Tackling phishing with signal-sharing and machine learning - Microsoft Security

Across services in Microsoft Threat Protection, the correlation of security signals enhances the comprehensive and integrated security for identities, endpoints, user data, cloud apps, and infrastructure. Phishing is another area where this protection has proven effective. While phishing attacks have been part of the daily hum of cybercriminal activity for years, they remain some of the most prevalent threats to this day. Specialized machine learning-based detection algorithms in Windows Defender ATP zero in on non-executable file types like scripts and document files typically used for phishing and other social engineering attacks. These file type-specific classifiers are part of the metadata-based ML models that can make a verdict on suspicious files within a fraction of a second.