Do not waste time, Download free 500-710 bootcamp and braindumps
Move through our 500-710 Queries answers and feel Certified the 500-710 examination. You will move your 500-710 test on high marks or even your cashback. We all have aggregated the database of 500-710 Dumps through the actual test in order to be able in order to provide you along with prep in order to get equipped plus pass 500-710 test on the first attempt. Merely install our VCE Exam Simulator plus obtain ready. A person will pass the particular Cisco Video Infrastructure Implementation exam.
500-710 Cisco Video Infrastructure Implementation learner | http://babelouedstory.com/
500-710 learner - Cisco Video Infrastructure Implementation Updated: 2023
Here is the bests place to get help pass 500-710 exam?
Thousands of test takers search for updated 500-710 dumps online but there are few companies that really have updated 500-710 dumps. We oftely recommend people to view our 500-710 demo pdf before you buy so that you can be confident that you have found updated and valid 500-710 dumps that have real test questions and answers. Othewise, you will waste your money and time. Just be careful.
Cisco
500-710
Cisco Video Infrastructure Implementation
https://killexams.com/pass4sure/exam-detail/500-710 Question: 84
Which three hybrid connectors allow Cisco Spark to be integrated with an on-premises
solution? (Choose three.)
A. Calendar Connector
B. Call Connector
C. Calendar Aware
D. Directory Connect
E. Directory Service
F. Calendar Service Answer: A, B, D Question: 85
Which two options are call-control devices in a Cisco Collaboration environment?
(Choose two)
A. Cisco Unified Communications Manager
B. Cisco Telepresence Endpoint
C. Cisco Meeting Server
D. Cisco Expressway
E. Cisco Content Server Answer: A, D Question: 86
Which Cisco WebEx products can support calls from end points and WebEx clients?
A. Cisco WebEx Meeting Center
B. Cisco WebEx Training Center
C. Cisco WebEx Support Center
D. Cisco WebEx Event Center Answer: A Question: 87
Which two primary protocols does TMS use to communicate with endpoints and
infrastructure? (Choose two.)
A. BFCD
B. SIP
C. HTTPS
D. H.323
E. SNMP Answer: C, E Question: 88
Which two methods can be used in TMSto schedule conferences? (Choose two.)
A. Administrative Tools > Configuration > Conference Settings
B. Booking > New Conference
C. Scheduling > New Conference
D. Reporting > Conferences
E. Monitoring > Conference Control Center Answer: A, B Question: 89
Which two statements about the assignment of endpoints to a subzone are true? (Choose
two.)
A. A registration restriction rule must be configured that matches the endpoint's alias or
IP subnet.
B. Endpoints making a traversal call must be registered to the traversal subzone.
C. By default, all endpoints are registered to the default subzone.
D. By default, all endpoints are registered to the neighbor subzone.
E. A subzone membership rule must be configured that matches the endpoint's alias or
IP subnet. Answer: C, E Question: 90
Cisco Meeting Server has several components that can be enabled to expand the
functionality of the server. Which component is used for interworking between different
communication protocols?
A. web bridge
B. load balancer
C. TURN server
D. H.323 gateway
E. SIP edge
F. call bridge
G. XMPP Answer: D Question: 91
Which configuration on the Expressway is needed for a SIP end point to register?
A. active neighbor zone between the end point and the Expressway
B. SIP authentication enabled
C. Registration restriction policy in Allow mode
D. SIPdomain Answer: D
For More exams visit https://killexams.com/vendors-exam-list
Kill your test at First Attempt....Guaranteed!
Cisco Infrastructure learner - BingNews
https://killexams.com/pass4sure/exam-detail/500-710
Search resultsCisco Infrastructure learner - BingNews
https://killexams.com/pass4sure/exam-detail/500-710
https://killexams.com/exam_list/CiscoCisco: How World Possible Is Using Technology To Inclusively Bridge the Digital Divide To Help Teachers and Students
Published 15 hours ago
Submitted by Cisco Systems, Inc.
TheTransformational Tech series highlights Cisco’s grant recipients that use technology to help transform the lives of individuals and communities.
An estimated 37% of the world’s population – or 2.9 billion people – have still never used the internet and are missing out on the wealth of learning opportunities available online.
In addition, when reflecting on the past three years, the effects from pandemic school closures remain and have had a lasting impact on teacher wellbeing, and student learning proficiency levels globally. This situation was particularly true in communities without reliable access to the internet or technologies to aid teachers and families with remote instruction. More is needed to help this population of learners accelerate learning to meet minimum learning proficiency levels country by country. And more needs to be done to inclusively connect these communities and their students to trained teachers and quality classroom resources.
World Possible is a Cisco nonprofit partner who bridges these gaps and connects offline learners to the world’s knowledge with an educational server called RACHEL (Remote Area Community Hotspot for Education and Learning). RACHEL is an innovative learning tool for teachers to engage their students and bridge the digital divide and help scale teacher productivity while working with diverse classrooms.
In appreciation of educators everywhere, we want to shine a light on World Possible technology being used by teachers and students in Oceania, Asia and Latin America. In these examples, RACHEL is used to build teacher capacity, increase student engagement, and Strengthen overall classroom performance while helping students living in remote and disconnected communities build digital skills.
Oceania – Kiribati:
Kiribati is an island country composed of over 30 atolls with over 17,500 students attending 110 schools. These students and their teachers are spread over 3.5 million square kilometers in the central Pacific Ocean. With such a dispersed and distributed population, education officials address the challenge of providing access to trained teachers with current curriculum in programs like the Kiribati Education Improvement Program.
Kiribati Education officials use RACHEL server devices to store digital media within key training schools. These servers have the flexibility to be solar powered with battery backup support to reach even the most remote areas of this island country. With the high cost of internet, which is primarily only available through mobile phone data plans, access to these resources at scale isn’t sustainable for these communities. But a RACHEL content device changes this dynamic, making professional training and receiving updated content easier.
Asia – Cambodia:
The International Telecommunication Union (ITU) is the United Nations specialized agency for information and communication technologies and is committed to connecting all the world’s people. Through their work, ITU Data Hub reports indicate that 60% of individuals in Cambodia are using the internet compared with the world average of 66%. This gap in access to the internet within Cambodia increases in rural and remote populations. World Possible serves as a bridge for this digital divide for teachers and students in rural Cambodia.
At Doris Dillon School, the World Possible RACHEL server is used directly by students in classrooms to learn English, Strengthen numeracy skills and build digital skills using computers. The RACHEL device also acts as a community digital library, used by families for gardening, health education and computer classes.
Latin America – Guatemala
Within Latin America, access to the internet and technology for use in schools can be challenging. In Guatemala, the same ITU Data Hub reports indicate that 51% of individuals in the country are using the internet compared with the world average of 66%. With a beautiful and rugged landscape, Guatemala has high mountain ranges dotted with volcanos, jungle regions and large urban cities such as Guatemala City or Quetzaltenango in the northern highlands. Within this diverse geography is a school using RACHEL located in Sacsiguán Monte Mercedes, a small village from Sololá, in the western highlands of Guatemala. In this remote and rural area, Elvia Patricia Julajuj Cuxulic, who is an accountant by profession, teaches in the Monte Mercedes Secondary School leads seven classes of students every week in the afternoons serving 87 students from grades 7 to 9.
Earlier this year her school received a RACHEL server that is now being used by students who previously had little access to the internet. As a teacher, Elvia has been actively using the device with her students and reports to the Ministry of Education show over 130,000 logged events, and 66,900 pages visited. As one of four teachers in Monte Mercedes Secondary School, she hopes that her students and her community will all have the chance of having a better life through education.
More to come
Cisco inclusively invests using a portfolio approach in nonprofits to further STEM Education student outcomes, inspire youth to regenerate our climate and develop trained teacher capacity globally. Through investment partners like World Possible we aim to strengthen human capital, inclusively connect people to resources and services with quality platforms informed by education proven practice.
This fall, World Possible will release an upgraded RACHEL server with increased capacity for concurrent device connections, improved device storage, and will leverage a new processor. Through a new server, coupled with the cloud update service called DataPost, education officials can use Android devices to update RACHEL servers in remote locations around the world. To learn more about RACHEL visit WorldPossible.org.
Mon, 05 Jun 2023 04:13:00 -0500entext/htmlhttps://www.csrwire.com/press_releases/775971-cisco-how-world-possible-using-technology-inclusively-bridge-digital-divideCisco Live’s coming next week. Here’s a preview
Cisco Systems Inc. will hold its annual Cisco Live user event next week in Las Vegas as the networking giant is coming off an impressive quarter in which Chief Executive Chuck Robbins (pictured) set a more than positive outlook for the company.
Given that the secular trends of cloud, mobility and hybrid work act as long-term tailwinds, I’m expecting the company to load up this year’s Cisco Live with announcements that sets itself up for many years. Here are some of the key themes I’m expecting from Cisco Live 2023:
Security evolution
Of all the product areas, I’m most interested to see what Cisco announces in security. In my security platform post, I mentioned that security provides the biggest needle-moving opportunity, since the company currently has single-digit share in a massive market. For Cisco, security innovation is less about new products and more about integration across its broad range of existing products.
The company announced XDR at the RSA Conference recently, and now it needs to build on that to make using Cisco security operationally simpler. Also, the prevailing trend is now toward a security platform, so any coupling that Cisco can do to tie security to its massive network installed base will only help it gain on the likes of Palo Alto Networks Inc. and Fortinet Inc.
The new security leadership at Cisco, which includes Jeetu Patel and Tom Gillis, seems well aware of what’s at stake. I’m hopeful that when Cisco Live is over, security will dominate the product news.
Artificial intelligence
One can’t go to an event this year without hearing about AI. Although I’m not expecting Cisco to hit the audience over the head with AI, I do expect it will be a major theme of how it will use it to evolve its products.
In reality, Cisco has been using machine learning and AI for years to modernize its products. Its encrypted traffic analytics uses AI, as does its XDR offering. Cisco Webex uses AI for many core features, including noise block, transcription and translation. Also, its network automation and intent-based capabilities require AI to translate network telemetry into actionable tasks.
I’m sure most of the products announced at Cisco Live will include AI in some manner. The only question is how overt Cisco will be about it, given the current market hype.
The other aspect of AI that could be introduced is generative AI and how Cisco will use it to Strengthen its products. The tie-in to Webex is obvious, as a worker can use it to find information or create content. With networking and security, Cisco’s operational dashboards could feature a ChatGPT-like interface to identify and solve problems. Given the R&D time required with infrastructure, I’m not expecting a big dose of generative AI.
Continued simplification of networking
If there were a market tracker for “single panes of glass,” Cisco would be the runaway leader, as it seems to have a dashboard for everything. At Cisco Live 2022, the company took its first step in addressing this by integrating Catalyst and Meraki, where administrators could see Catalyst devices in the Meraki dashboard.
We are a year removed from that, and we should see product areas addressed, including Cisco Spaces (formerly DNA), Viptela SD-WAN and Wi-Fi. Like with security, product breadth isn’t Cisco’s problem because it has a broader portfolio than any other network vendor, but it has made it operationally very difficult for customers to use multiple Cisco products. The pace of change in information technology is faster than ever, and improved cross-platform operations will help Cisco network engineers align operations with business demands.
More ThousandEyes and AppDynamics
ThousandEyes and “AppD” enable Cisco customers to “see” where no network engineer has seen before. ThousandEyes provides visibility across the internet, which wasn’t necessary a decade ago, but the cloud and software-defined wide-area network changed that. IT pros are responsible for user and customer experience, and the internet is widely used for business traffic, making it critical for network professionals to have granular visibility.
AppD is an application performance product, and one might wonder why a network vendor would care about apps. An understanding of application behavior can help network and security pros prioritize tasks. For example, its business risk observability offering announced at Cisco Live EMEA earlier this year can map vulnerabilities and threat intelligence to business context, helping security engineers understand where to prioritize activities. AppD information should be the lens through which almost all Cisco information is viewed, as it can translate between telemetry and business performance.
Environmental, social and governance update
Cisco has had a strong focus on ESG long before it was in vogue. Its mission of making the world a better place dates back decades to when then-CEO John Chambers used to talk about how the internet could be used to democratize education, creating opportunities where none existed before. Under Robbins, Cisco has stepped up its ESG game with aggressive goals of the number of people it could positively affect.
There hasn’t been a Cisco Live under Robbins where ESG hasn’t been a key subject area, and I have no reason to assume that will change. Of all the areas that fall under ESG, sustainability is the one many businesses struggle with today. At IBM Think, CEO Arvind Krishna highlighted that its data showed that there was a massive gap between their customer’s goals and their ability to execute on those goals.
Cisco has been designing its product with sustainability in mind, including power-saving and efficiency features. The exhibit hall at Cisco Live EMEA featured a sustainability zone, and I would expect the same in Las Vegas to help customers understand what’s possible today.
I’m sure there will be some new products announced at Cisco Live, but the theme of this year’s event should be cross-product innovation. At $60 billion in revenue, Cisco has a massive portfolio of products that address everything from data centers to telco networks to cloud to campus networks. Cisco leadership has continually touted the importance of making the products easier to use, which is not a trivial thing to do, but it is what I’m expecting at Cisco Live 2023 in Las Vegas.
Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for SiliconANGLE.
Photo: Cisco/livestream
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy
THANK YOU
Thu, 01 Jun 2023 11:01:00 -0500en-UStext/htmlhttps://siliconangle.com/2023/06/01/cisco-lives-coming-next-week-heres-preview/Cisco aims for AI-first security with Armorblox buy
Cisco plans to buy Armorblox, a six-year-old AI vendor, to help create “an AI-first Security Cloud.”
“Leveraging Armorblox’s use of predictive and Generative AI across our portfolio, we will change the way our customers understand and interact with their security control points,” wrote Raj Chopra senior vice president and chief product officer for Cisco Security in a blog announcing the pending acquistion.
While securing email was Armorblox’s first application of its AI techniques, they might also be applied to attack prediction, rapid threat detection, and efficient policy enforcement, Chopra wrote. “Through this acquisition though, we see many exciting broad security use cases and possibilities to unlock.”
The Armorblox team will join Cisco’s Security Business Group, to help bring generative AI capabilities to Cisco’s security portfolio, Chopra stated.
Founded in 2017, Armorblox employs 126 people and has raised a little over $46 million in funding. The deal is expected to close by the end of Cisco’s FY23. No price was announced.
According to Chopra’s blog, the purchase is “an exciting step forward in executing our plans for an AI-first Security Cloud.” Further details will be forthcoming at the vendor’s Cisco Live! event next week.
Chopra didn’t define AI-first Security Cloud, but for about a year Cisco has been developing Cisco Security Cloud, which includes network-as-a-service (NaaS), Cisco firewalls, Cisco Umbrella cloud security, Cisco Duo zero-trust security, and threat intelligence from Cisco Talos.
Cisco describes Security Cloud as cloud-native and cloud-delivered, featuring a unified dashboard, flexible trust policies, and open APIs to encourage third-party integrators, and says that it will “be a fast learner.”
The design goal of the Security Cloud is to sit horizontally as a layer on top of the infrastructure across a customer’s cloud services—the major ones being Azure, AWS and GCP and then they probably have some level of private data center—to protect all of the core applications, Cisco said.
According to Armorblox’s website, it can protect “against data loss and targeted email attacks like Business Email Compromise, vendor fraud, and account takeovers.”
According to a recent report by researchers at Maximize Market Research, AI technologies are expected to play a crucial role in combating business email compromise (BEC) attacks by enabling advanced threat detection, analysis, and prevention mechanisms. “Machine-learning algorithms can analyze large volumes of data and identify patterns, anomalies, and indicators of BEC attempts, helping organizations detect and respond to potential threats more effectively,” the report said.
AI-powered solutions also enhance email security by implementing robust authentication and verification. Advanced email-filtering systems use AI algorithms to detect and block suspicious emails, phishing attempts, and forged sender addresses, reducing the risk of successful BEC attacks, according to the researchers.
Armorblox says it also integrates with existing security stacks via APIs and leverages large language models, such as GPT, deep-learning algorithms to detect targeted threats, “protect key business workflows, and reduce manual work for security teams through automated processes.” Large language models are computer algorithms that process natural-language inputs and predict the next word based on what they’ve already seen.
Wed, 31 May 2023 11:34:00 -0500entext/htmlhttps://www.networkworld.com/article/3698288/cisco-aims-for-ai-first-security-with-armorblox-buy.htmlCisco launches cybersecurity skills programmes in Greater Manchester
Launch to mark Cisco joining Greater Manchester Digital Security Hub
Cisco today announced that it is joining the Greater Manchester Digital Security Hub (DiSH) to support the centre’s ambitions to be at the forefront of cybersecurity and innovation, support economic growth and resilience, and to help make the region a trusted and secure place to live, study, and work.
As part of this collaboration, through Cisco’s Country Digital Acceleration (CDA) programme, Cisco is launching a series of targeted initiatives to tackle the widening cybersecurity skills gap. Dedicated programmes will focus on three key areas: the most vulnerable organisations, the widest gap in the industry, and the future generation who will live and work in the region as it realises its digital ambitions.
The Most Vulnerable Organisations
According to Cisco research, half of small businesses (50%) are underprepared when it comes to cybersecurity, leaving them vulnerable to breaches. A core ambition of DiSH is to future-proof Greater Manchester and bring together industry, start-ups, and small and medium-sized enterprises to develop solutions with real-world application that will enhance public and private cyber resilience and digital security.
As part of its role with DiSH, the centre will become a Cisco Networking Academy specifically to support small businesses with their cybersecurity skills. The programme will include a range of learning opportunities starting with a free, self-paced, mobile-friendly ‘Introduction to Cybersecurity’ course. The aim of the course is to equip learners with a basic awareness of cyber vulnerabilities and an understanding of the core principles of cyber resilience. Once users have completed the course, they will have access to additional learning pathways facilitated by Cisco’s partnership with UCEN Manchester.
Jon Lomas, Cybersecurity Partnership Development Manager, DiSH commented: “We greatly value the opportunity to partner with Cisco, a global leader in cybersecurity, to help deliver the critical skills needed to protect businesses of all sizes from potential attacks in an increasingly complicated threat landscape. Becoming a Cisco Networking Academy will help us to deliver free and easily accessible training for our local business population to help them address the security risks they face.”
The Widest Gap in the Industry
As cybersecurity threats continue to rise, the need for a skilled, diverse cyber workforce is more important than ever. Yet, the global cybersecurity workforce was reportedly short of 3.5 million workers in 2021 and constituted less than 25% women.
Cisco’s latest programme, launched today in partnership with the Open University, ‘Cisco Cyber Camps’, will provide free, remote, self-paced training for students in the UK, aged 13-19, who identify as female or non-binary. The courses will allow young women to learn industry-ready cybersecurity skills, while also engaging in forums hosted by Cisco Networking Academy expert women instructors, attending online webinars, and embarking on soft skills training. Upon successful completion of the course, students will receive a certification that will then allow them to go on to complete advanced cybersecurity qualifications and courses.
There will be four enrolment dates each year in January, April, July, and October. To find out more, or sign up for the next cohort, visit here.
Andrew Smith, Senior Lecturer in Networking, Open University Cisco Academy Support Centre, said: “The rapid expansion of the digital economy has created many more cybersecurity challenges that need to be tackled by organisations daily. We urgently need to close the security skills gap, as job vacancies continue to outweigh available expert talent. We look forward to our continued collaboration with Cisco to support the training of talented women to fulfil these critical roles and boost innovation through gender diversity.”
The Future Generation who Will Live and Work in the Digital City-region
Cisco’s partnerships with the Open University and UCEN Manchester have been designed to equip young people with the cybersecurity skills needed to help Greater Manchester succeed in its ambitions to become an internationally recognised digital city-region, attracting industry investment, connecting communities, and driving the local economy. The partnerships focus on providing:
Free, self-paced, and online instructor training programmes, led by a consortium of Cisco Networking Academy partners including the Open University and UCEN Manchester, which work around teachers’ busy schedules, as an exciting opportunity to upskill and support their continuing professional development.
Industry-accredited materials and resources designed for those delivering cybersecurity training to their students, closely mapped to the T-Level curriculum. Aligning the courses with classroom teaching offers students in Greater Manchester vendor-led training that will enhance their future job applications.
Teacher training and skills-to-jobs learning for pupils in the Dean Trust schools and academies across the Greater Manchester region, as well as further schools supported by UCEN Manchester.
David Meads, Chief Executive, Cisco UK & Ireland, commented: “As Greater Manchester realises its digital ambition, it’s crucial that we equip everyone who lives and works in the region with the awareness, tools, and skills to help Strengthen their security resilience. We’re delighted to be working with DiSH, and its founding partners to do just that.”
This announcement builds on Cisco’s role in delivering the Greater Manchester One Network initiative, designed to provide continued trusted access to everything and everyone in the public sector. As part of this initiative, Cisco will deploy a secure, self-monitoring, region-wide digital infrastructure to help underpin public services in the region.
Want to learn more about the digital transformation of Greater Manchester and the North of the UK? Join the telecoms industry in discussion at next year’s Connected North conference
Thu, 25 May 2023 03:39:00 -0500Total Telecom Staffen-GBtext/htmlhttps://totaltele.com/cisco-launches-cybersecurity-skills-programmes-in-greater-manchester/Bandwidth Announces Maestro Integration With Webex Calling To Simplify Cloud MigrationJust a moment...
Mon, 05 Jun 2023 00:22:00 -0500en-UStext/htmlhttps://technews.tmcnet.com/news/2023/06/05/9826210.htmMicrosoft Build 2023 Brings AI Tools To Where Work Is Done With Copilots And Plugins
Microsoft chairman and CEO Satya Nadella speaks to attendees at Microsoft Build 2023.
Dan DeLong
Microsoft Build 2023, Microsoft's annual flagship event for developers, showcased AI-centric announcements across the Microsoft portfolio. The company provided a wealth of information over two days, much of which focused on what the company has done with its OpenAI investment.
Microsoft got the jump on its generative AI (GAI) initiatives at a much smaller February event it hosted in Redmond, with just a handful of analysts and media in attendance. Although the company's integration of AI into Bing was exciting, I was somewhat skeptical about how GAI would meaningfully take hold, especially in the enterprise.
In the months since then, Microsoft has expanded its use of AI across its apps and services, including Microsoft 365 (which I wrote about here), Windows 11 integrated Bing Chat, Bing and Edge and more. Moving forward, I don't imagine there will be any part of Microsoft that won't have some element of AI. With the massive investments the company has made into OpenAI, it makes sense that it would continue to go all in on AI integrations.
AI was certainly front and center—and placed squarely where people do their work—at Microsoft Build, with integrations embedded at the point of need rather than merely being scattered across disparate apps. In a nutshell, GAI incorporated across Microsoft’s platform now acts as a centralized assistant that empowers users to collaborate and complete tasks regardless of which application they’re using. With this approach, Microsoft is working to solidify its AI first-mover advantage, meaningfully taking its story from buzzwords to business value.
This article outlines some of the highlights from Microsoft Build. I’ll also examine how the company’s latest AI developments fit into two general themes from Build 2023: plugins and copilots.
Plugging into the developer community
Many of Microsoft's announcements at the event answered how the company is extending generative AI to its diverse developer community. The company has the world's largest developer communities and ecosystems, from Azure to Windows to devices and everything in between. Microsoft must constantly face the challenge of fostering healthy, inclusive and safe developer communities with transformational tools that enable even more people from diverse backgrounds to develop software. I believe the company has demonstrated that it’s up for this challenge yet again with its new AI solutions for developers.
Microsoft announced it would adopt the same open plugin standard that OpenAI introduced for ChatGPT, growing the AI plugin ecosystem to leverage ChatGPT services within Microsoft. This means that developers can now use one platform to build plugins that work across consumer and business touchpoints, including ChatGPT, Bing, Dynamics 365 Copilot and Microsoft 365 Copilot.
Any plugins for AI applications built on the Azure OpenAI Service will be interoperable with this same plugin standard. This ups the ante for developers to create experiences that enable people to interact with apps using text and language prompts the same way they would use a chatbot. This is another example of meeting people where they are and providing the tools they need to drive better outcomes.
Bing Chat plugin partners
Microsoft
Microsoft also announced support for new plugins for Bing Chat. These add-ons interact with a wide range of platforms including Atlassian, Adobe, Instacart, Zillow, Klarna and many others, along with the already announced OpenTable and WolframAlpha. Microsoft expects thousands of plugins by the time Copilot is generally available. The vast user experience improvement of "interacting" with an app in this way has yet to be realized. Still, once the models are better trained—particularly with tenant data—having a chatbot in OpenTable will be like having a concierge that can make recommendations and reservations. Similarly, an Atlassian chatbot could become a scrum master (or scrum copilot) capable of organizing dev teams' workflows.
Building the groundwork for enterprise generative AI with Copilots
As I mentioned, one central theme of Microsoft's announcement was copilots. At the event, Microsoft showcased updated features for copilots that cater to a wide range of users. These include Dynamics 365 Copilot, Microsoft 365 Copilot and Copilot for Power Platform.
Microsoft's approach to each copilot builds on the belief that AI's current place in the workforce is to complement people in their roles rather than replace them. Integrating copilots directly into users' workflows makes access to information readily accessible in the context of use rather than requiring the user to toggle through tools to accomplish an AI-assisted task.
Microsoft's plan for copilots in workflows is nicely illustrated (pun intended) with the DALL·E-powered Bing Image Creator now functioning within Bing Chat. The company has opened a full public preview of the platform so that anyone with a Microsoft account can create images using a text prompt.
Microsoft also announced the expansion of a new AI-powered Bing for the Windows 11 taskbar, mobile and Skype.
Panos Panay, executive vice president and chief product officer, Microsoft, at Microsoft Build 2023.
Dan DeLong
Windows Copilot: It goes to (Windows) 11
Throughout the past year, Windows has experienced remarkable growth, primarily driven by the widespread adoption of Windows 11. Particularly noteworthy in fueling this growth has been developer engagement. Microsoft reported a notable 24% year-over-year increase in the usage of devices dedicated to development purposes.
Building on the integration into Windows 11 back in February that brought the new AI-powered Bing to the taskbar, Windows Copilot now makes Windows the first PC platform to centralize AI assistance. Using Bing Chat and first-party and third-party plugins, users can concentrate on realizing ideas, completing projects and collaborating effectively rather than expending energy searching for, launching and working with multiple applications.
Copilot in the Windows 11 taskbar opens the Copilot sidebar, which can help with tasks such as summaries and explanations. It provides a productivity boost and offers rudimentary (at least for now) IT support, as users can ask it to adjust their computer's settings. Microsoft will start testing the Windows Copilot for Windows 11 publicly in June before a wider rollout.
Dev Home makes Windows dev machines easier to use
In one of many announcements catering to the development community, Microsoft showed that it is making it easier for developers to set up and use Windows dev machines. Dev Home is designed to allow developers to get a quick overview of their projects through GitHub widgets that surface GitHub issues and pull requests. Microsoft said it would eventually add the Xbox GDK to Dev Home to expand functionality to game developers.
The whole thing is essentially self-contained for developers, so that hopefully, spinning up a dev environment on a personal system will be much less clunky and less likely to foul up the system. A new Dev Home section of Windows 11 is now available in preview.
Microsoft also announced that Windows Terminal (a developer tool that enables multiple command-line apps or shells to run side-by-side in a customizable environment) would have an AI-powered chatbot. Through an integration with GitHub, developers who use GitHub Copilot can now use the chatbot directly within Windows Terminal to receive code recommendations and explanations for errors as well as to perform other actions. Microsoft says it's also exploring integrating GitHub Copilot with other developer tools.
Bing ChatGPT.
Microsoft
Consumer announcements from Microsoft Build 2023
Microsoft made several consumer announcements not specific to developers at Build, including the announcement of Bing as ChatGPT's default search engine. ChatGPT Plus’s paid users will now see citations for the chatbot's responses when surfaced by Bing. This is not surprising, given Microsoft's multi-billion-dollar investment in OpenAI. With all the talk and media hysteria about chatbots "hallucinating," Bing citations will help users discern real information and increase their confidence in ChatGPT’s results.
Microsoft is also bringing 365 Copilot to its Edge web browser. 365 Copilot will live within the browser's sidebar to use content from the web for projects in Microsoft 365 apps. Again, this allows for less toggling and more focused work—something any Microsoft 365 user should appreciate.
Developments for the cloud
Microsoft also announced the implementation of its Hybrid Loop—initially introduced at last year’s Microsoft Build—designed to enhance AI development across different platforms. Hybrid Loop uses ONNX Runtime as a gateway to Windows AI and Olive, Microsoft’s toolchain that makes it easier to optimize models for different devices. With ONNX Runtime, third-party developers can use the same tools Microsoft uses to run AI models on Windows or other devices, whether it's using CPU, GPU, NPU or hybrid with Azure. The goal is to support AI development from Azure to client devices, enabling hybrid AI mode to build for both ends of the spectrum. Hybrid inferencing scenarios refers to the use of local resources when possible, with the ability to switch to the cloud when needed.
Although I expected to see more on-device AI integrations from Microsoft, the Qualcomm partnership to deploy the Qualcomm AI Engine to deliver efficient machine learning at the edge highlights the increasing adoption of hybrid AI, distributing inference between the cloud and edge. This trend is driven by the demand for security, low latency and high performance, as well as the growing trend of AI at the edge where data is collected. Microsoft has also partnered with AMD, Intel and Nvidia for new silicon support.
Microsoft showcased its Azure AI Content Safety service that facilitates the establishment of secure online environments. Leveraging AI models, it identifies and categorizes offensive, violent, sexual and self-harm content in images and text, assigning severity scores to aid businesses in restricting content and prioritizing moderation. Azure AI Content Safety can comprehend nuance and context, minimizing false positives and alleviating the burden on content moderation teams. This is especially important as regulators try to figure out what constitutes “responsible” use of AI and how to regulate it via policy.
Microsoft Fabric.
Microsoft
Microsoft Fabric to unify analytics stacks
Microsoft introduced Microsoft Fabric, an end-to-end unified analytics solution. Fabric is designed to help enterprises eliminate data silos and duplication and reduce the time it takes to turn raw data into business intelligence. A unified solution consolidating the necessary data provisioning, transformation, modeling and analysis services into one UI is a smart move for Microsoft, one that will help enterprises extract more value from their data while laying a foundation for the AI era.
Microsoft will continue to offer enterprise-grade PaaS solutions for data analytics. More than just repackaging existing tools, Fabric's value proposition represents an evolution of those offerings in the form of a simplified SaaS solution (Fabric) that can connect to existing PaaS offerings such as Azure Synapse Analytics and Azure Data Factory. At the core of the new platform is Microsoft's OneLake data lake. However, the platform can integrate data from Amazon S3 and will soon support data from Google Cloud as well. I think enterprises will appreciate streamlining their data infrastructure without being forced to rely exclusively on one cloud vendor.
Wrapping up
The GAI race started with search, but that was just the tip of the iceberg. Once a mild sceptic, I’m now convinced AI is going to change nearly everything, particularly workflows. With these latest announcements, Microsoft is focusing on targeted use cases and UX refinement for developers and consumers. Microsoft did an excellent job showing the potential to unlock new opportunities that all these evolving technologies bring. The sheer number of use cases for developers addressed by Microsoft’s services, devices and applications made this year’s event one of the most exciting Microsoft Builds I've seen.
Note: This analysis contains significant contributions from Melody Brue, Modern Work Vice President and Principal Analyst.
Moor Insights & Strategy provides or has provided paid services to technology companies like all research and tech industry analyst firms. These services include research, analysis, advising, consulting, benchmarking, acquisition matchmaking, and video and speaking sponsorships. The company has had or currently has paid business relationships with 8×8, Accenture, A10 Networks, Advanced Micro Devices, Amazon, Amazon Web Services, Ambient Scientific, Ampere Computing, Anuta Networks, Applied Brain Research, Applied Micro, Apstra, Arm, Aruba Networks (now HPE), Atom Computing, AT&T, Aura, Automation Anywhere, AWS, A-10 Strategies, Bitfusion, Blaize, Box, Broadcom, C3.AI, Calix, Cadence Systems, Campfire, Cisco Systems, Clear Software, Cloudera, Clumio, Cohesity, Cognitive Systems, CompuCom, Cradlepoint, CyberArk, Dell, Dell EMC, Dell Technologies, Diablo Technologies, Dialogue Group, Digital Optics, Dreamium Labs, D-Wave, Echelon, Ericsson, Extreme Networks, Five9, Flex, Foundries.io, Foxconn, Frame (now VMware), Fujitsu, Gen Z Consortium, Glue Networks, GlobalFoundries, Revolve (now Google), Google Cloud, Graphcore, Groq, Hiregenics, Hotwire Global, HP Inc., Hewlett Packard Enterprise, Honeywell, Huawei Technologies, HYCU, IBM, Infinidat, Infoblox, Infosys, Inseego, IonQ, IonVR, Inseego, Infosys, Infiot, Intel, Interdigital, Jabil Circuit, Juniper Networks, Keysight, Konica Minolta, Lattice Semiconductor, Lenovo, Linux Foundation, Lightbits Labs, LogicMonitor, LoRa Alliance, Luminar, MapBox, Marvell Technology, Mavenir, Marseille Inc, Mayfair Equity, Meraki (Cisco), Merck KGaA, Mesophere, Micron Technology, Microsoft, MiTEL, Mojo Networks, MongoDB, Multefire Alliance, National Instruments, Neat, NetApp, Nightwatch, NOKIA, Nortek, Novumind, NVIDIA, Nutanix, Nuvia (now Qualcomm), NXP, onsemi, ONUG, OpenStack Foundation, Oracle, Palo Alto Networks, Panasas, Peraso, Pexip, Pixelworks, Plume Design, PlusAI, Poly (formerly Plantronics), Portworx, Pure Storage, Qualcomm, Quantinuum, Rackspace, Rambus, Rayvolt E-Bikes, Red Hat, Renesas, Residio, Samsung Electronics, Samsung Semi, SAP, SAS, Scale Computing, Schneider Electric, SiFive, Silver Peak (now Aruba-HPE), SkyWorks, SONY Optical Storage, Splunk, Springpath (now Cisco), Spirent, Splunk, Sprint (now T-Mobile), Stratus Technologies, Symantec, Synaptics, Syniverse, Synopsys, Tanium, Telesign,TE Connectivity, TensTorrent, Tobii Technology, Teradata,T-Mobile, Treasure Data, Twitter, Unity Technologies, UiPath, Verizon Communications, VAST Data, Ventana Micro Systems, Vidyo, VMware, Wave Computing, Wellsmith, Xilinx, Zayo, Zebra, Zededa, Zendesk, Zoho, Zoom, and Zscaler. Moor Insights & Strategy founder, CEO, and Chief Analyst Patrick Moorhead is an investor in dMY Technology Group Inc. VI, Fivestone Partners, Frore Systems, Groq, MemryX, Movandi, and Ventana Micro., MemryX, Movandi, and Ventana Micro.
Mon, 05 Jun 2023 04:58:00 -0500Patrick Moorheadentext/htmlhttps://www.forbes.com/sites/patrickmoorhead/2023/06/05/microsoft-build-2023-brings-ai-tools-to-where-work-is-done-with-copilots-and-plugins/The POWER Interview: Using AI to Optimize the Power Grid
There is a continued push in the power generation sector to make the industry more efficient through the use of artificial intelligence (AI), machine learning, and data science. Several companies are working to provide products and services for utilities and other power producers, focused on generation, transmission and distribution, and the way utilities interact with their customers.
Buzz Solutions, a Palo Alto, California-based group, is known for products that make the power grid smarter and more resilient, with an emphasis on technology and environmental sustainability. The company provides an AI-powered software and predictive analytics platform for detecting faults and anomalies on power line assets and components for power utilities. Buzz works with utilities to prevent downed power lines, outages, and as part of efforts to prevent and mitigate wildfires that could be caused by a utility’s equipment.
Buzz has partnered with the New York Power Authority (NYPA) on inspections of NYPA’s high-voltage power infrastructure, as well as with Newfoundland Power, where Buzz has inspected the group’s low-voltage infrastructure. Buzz also works with customers to deliver real-time, condition-based equipment monitoring and surveillance, both on the ground and in the air. These inspections could be at a substation, or along a transmission line, or at a power generation facility such as a hydropower dam.
Want to learn more about the use of data, artificial intelligence, and machine learning in the power generation industry? Register today for POWER’sConnected Plant Conference, June 25-28 in New Orleans, Louisiana, and for POWER’sExperience POWER Week, set for Aug. 14-17 in Savannah, Georgia.
Vikhyat Chaudhry is the co-founder, chief technology officer, and chief operations officer at Buzz Solutions. He previously led machine learning and AI teams at Cisco Systems. His works focuses on energy engineering and data science, machine learning, and AI technologies for the energy sector, specifically in smart grid technologies, demand response, clean energy technologies, and energy efficiency.
Kaitlyn Albertoli is CEO and co-founder of Buzz Solutions. She was previously a wealth management analyst at JP Morgan Chase, and also ran a non-profit organization focused on sustainable food.
Buzz Solutions was founded as part of the Stanford Launchpad project in 2017. Both Chaudry and Albertoli are Stanford graduates. Albertoli has said that the company was created to address the need to acquire more visual data “to ensure and enable thorough and frequent inspections” of power generation and transmission infrastructure, and to help utilities develop better inspection strategies and programs.
Chaudhry and Albertoli recently provided POWER with their thoughts about the need for utilities to use AI to make their operations more efficient, particularly when it comes to maintenance and upgrades of their power delivery systems.
POWER: There’s wide consensus that the U.S. power grid is badly in need of upgrades in order to lessen power loss, mitigate outages, and integrate more renewable energy. How can these upgrades occur in a timely and cost-effective manner?
Albertoli: There are a few ways we can think about modernizing the U.S. power grid, but before we talk about the work, we have to talk about the data that supports the work. The challenge that utilities currently face is a huge backlog in maintenance that leads to anomalies which cause power outages and more.
Kaitlyn Albertoli
Utilities have an abundance of data, but the bulk of the analysis is still done manually by lineman and field technicians. At scale, this just doesn’t work. Not only does it prolong the analysis time, but these linemen and field technicians should be focusing their efforts toward grid maintenance and upgrades. With a clearer picture of all of our utility assets, we can Strengthen site inspections, predict where breakdowns might occur and enable utilities to act more quickly and efficiently.
When we are able to shift the industry mindset from a reactive one, where we’re plugging holes as we go, to a proactive one that can plan maintenance and modernize without significant disruption, then we can talk about significant upgrades.
POWER: How important is the use of drones in inspecting transmission infrastructure, and how can AI help interpret the data gathered during the inspection process?
Chaudhry: Drone inspection is safer and far more cost effective than other methods of infrastructure inspection—like helicopters and fixed wing aircrafts. Their size alone allows them to maneuver in a way that allows us to capture more granular information than we were able to before. But alone, drones are not a game changer. It’s the way that drone data capturing and AI are working together that is making a difference in the industry.
Vik Chaudhry
What’s most transformative is the sheer speed and accuracy at which AI can analyze what the drones capture. This allows the utilities to inspect hundreds of miles of power lines and analyze for anomalies before they become detrimental or cause serious damage to the surrounding area.
The benefit of AI is the ability to learn from technicians—making the process truly collaborative. Through a process called Human-in-the-loop (HITL), utility technicians can flag unique situations that the AI might have missed or were incorrect and manually input the data. With every manual intervention the AI gets “smarter” and its pattern recognition in unusual situations gets better.
POWER: Are there other new, innovative methods to inspect infrastructure that should be explored?
Chaudhry: The way the utility sector grows from here is not necessarily about finding new ways to inspect the infrastructure—though I’m sure those will come. It’s about uniting the data we already have to optimize how we repair and modernize our national infrastructure.
One transition we are seeing the utility companies make is adoption of an Advanced Distribution Management System or ADMS. An ADMS is an integrated system that brings together data from across the organization—including what the drones are seeing and the AI analysis created—to optimize energy distribution. The ADMS can do things like anticipate outages and manage intermittency with load forecasting. This is the future technology we should be focused on.
POWER: There are thousands of miles of power lines, along with other transmission and distribution equipment, in need of maintenance and upgrades. What entity—federal, state, and/or local government, or individual utilities or grid operators—should be responsible for this maintenance and upgrades? In other words, who should pay for it?
Albertoli: There are several factors to consider when looking at the required upgrades on the grid and who should pay for it. First, there is a critical time sensitivity for grid maintenance, upgrades and modernization. The U.S. is facing extreme pressures to electrify and to transition to renewable energy resources, yet the grid in its current state is not equipped to sustain such load and imbalance.
With these changes happening at such accelerated rates, it puts the utility under a tremendous time and resource crunch, particularly when you consider that many utilities have thousands, if not tens of thousands of miles of lines.
In order for the utility to effectively maintain and upgrade their infrastructure, it will likely require external funding and even labor resources from federal and state entities. Additionally, successful grid modernization will demand a clear action plan and coordinated efforts from grid operators, utilities, regulators, and government agencies.
—Darrell Proctor is a senior associate editor for POWER (@POWERmagazine).
Tue, 30 May 2023 04:13:00 -0500en-UStext/htmlhttps://www.powermag.com/the-power-interview-using-ai-to-optimize-the-power-grid/Voiceitt and Webex by Cisco Make Video Meetings More Accessible for People with DisabilitiesNo result found, try new keyword!Voiceitt, a leading speech recognition technology for non-standard speech, announced today that people with speech impairments will be able to speak a ...Tue, 16 May 2023 05:45:00 -0500https://www.businesswire.com/news/home/20230516005409/en/Voiceitt-and-Webex-by-Cisco-Make-Video-Meetings-More-Accessible-for-People-with-Disabilities/Webex by Cisco Delivers First App for Hybrid Work to Audi VehiclesJust a moment...
Thu, 01 Jun 2023 06:22:00 -0500en-UStext/htmlhttps://it.tmcnet.com/news/2023/06/01/9825099.htmVolt Typhoon targets US critical infrastructure with living-off-the-land techniques
Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible. Microsoft is choosing to highlight this Volt Typhoon activity at this time because of our significant concern around the potential for further impact to our customers. Although our visibility into these threats has given us the ability to deploy detections to our customers, the lack of visibility into other parts of the actor’s activity compelled us to drive broader community awareness and further investigations and protections across the security ecosystem.
To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence. In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar.
In this blog post, we share information on Volt Typhoon, their campaign targeting critical infrastructure providers, and their tactics for achieving and maintaining unauthorized access to target networks. Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this attack could be challenging. Compromised accounts must be closed or changed. At the end of this blog post, we share more mitigation steps and best practices, as well as provide details on how Microsoft 365 Defender detects malicious and suspicious activity to protect organizations from such stealthy attacks. The National Security Agency (NSA) has also published a Cybersecurity Advisory [PDF] which contains a hunting guide for the tactics, techniques, and procedures (TTPs) discussed in this blog.
As with any observed nation-state actor activity, Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments. To learn about Microsoft’s approach to threat actor tracking, read Microsoft shifts to a new threat actor naming taxonomy.
Figure 1. Volt Typhoon attack diagram
Initial access
Volt Typhoon achieves initial access to targeted organizations through internet-facing Fortinet FortiGuard devices. Microsoft continues to investigate Volt Typhoon’s methods for gaining access to these devices.
The threat actor attempts to leverage any privileges afforded by the Fortinet device, extracts credentials to an Active Directory account used by the device, and then attempts to authenticate to other devices on the network with those credentials.
Volt Typhoon proxies all its network traffic to its targets through compromised SOHO network edge devices (including routers). Microsoft has confirmed that many of the devices, which include those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose HTTP or SSH management interfaces to the internet. Owners of network edge devices should ensure that management interfaces are not exposed to the public internet in order to reduce their attack surface. By proxying through these devices, Volt Typhoon enhances the stealth of their operations and lowers overhead costs for acquiring infrastructure.
Post-compromise activity
Once Volt Typhoon gains access to a target environment, they begin conducting hands-on-keyboard activity via the command line. Some of these commands appear to be exploratory or experimental, as the operators adjust and repeat them multiple times.
Volt Typhoon rarely uses malware in their post-compromise activity. Instead, they rely on living-off-the-land commands to find information on the system, discover additional devices on the network, and exfiltrate data. We describe their activities in the following sections, including the most impactful actions that relate to credential access.
Credential access
If the account that Volt Typhoon compromises from the Fortinet device has privileged access, they use that account to perform the following credential access activities.
Figure 2. Volt Typhoon command to dump LSASS process memory, encoded in Base64Figure 3. Decoded Base64 of Volt Typhoon command to dump LSASS process memory
Volt Typhoon also frequently attempts to use the command-line tool Ntdsutil.exe to create installation media from domain controllers, either remotely or locally. These media are intended to be used in the installation of new domain controllers. The files in the installation media contain usernames and password hashes that the threat actors can crack offline, giving them valid domain account credentials that they could use to regain access to a compromised organization if they lose access.
Figure 4. Volt Typhoon command to remotely create domain controller installation mediaFigure 5. Volt Typhoon command to locally create domain controller installation media
Discovery
Microsoft has observed Volt Typhoon discovering system information, including file system types; drive names, size, and free space; running processes; and open networks. They also attempt to discover other systems on the compromised network using PowerShell, Windows Management Instrumentation Command-line (WMIC), and the ping command. In a small number of cases, the threat actors run system checks to determine if they are operating within a virtualized environment.
Collection
In addition to operating system and domain credentials, Volt Typhoon dumps information from local web browser applications. Microsoft has also observed the threat actors staging collected data in password-protected archives.
Command and control
In most cases, Volt Typhoon accesses compromised systems by signing in with valid credentials, the same way authorized users do. However, in a small number of cases, Microsoft has observed Volt Typhoon operators creating proxies on compromised systems to facilitate access. They accomplish this with the built-in netsh portproxy command.
Figure 6. Volt Typhoon commands creating and later deleting a port proxy on a compromised system
In rare cases, they also use custom versions of open-source tools Impacket and Fast Reverse Proxy (FRP) to establish a C2 channel over proxy.
Compromised organizations will observe C2 access in the form of successful sign-ins from unusual IP addresses. The same user account used for these sign-ins may be linked to command-line activity conducting further credential access. Microsoft will continue to monitor Volt Typhoon and track changes in their activity and tooling.
Mitigation and protection guidance
Mitigating risk from adversaries like Volt Typhoon that rely on valid accounts and living-off-the-land binaries (LOLBins) is particularly challenging. Detecting activity that uses normal sign-in channels and system binaries requires behavioral monitoring. Remediation requires closing or changing credentials for compromised accounts. Suspected compromised accounts or affected systems should be investigated:
Identify LSASS dumping and domain controller installation media creation to identify affected accounts.
Examine the activity of compromised accounts for any malicious actions or exposed data.
Close or change credentials for all compromised accounts. Depending on the level of collection activity, many accounts may be affected.
Defending against this campaign
Mitigate the risk of compromised valid accounts by enforcing strong multi-factor authentication (MFA) policies using hardware security keys or Microsoft Authenticator. Passwordless sign-in, password expiration rules, and deactivating unused accounts can also help mitigate risk from this access method.
Reduce the attack surface. Microsoft customers can turn on the following attack surface reduction rules to block or audit some observed activity associated with this threat:
Block credential stealing from the Windows local security authority subsystem (lsass.exe).Block process creations originating from PSExec and WMI commands. Some organizations may experience compatibility issues with this rule on certain server systems but should deploy it to other systems to prevent lateral movement originating from PsExec and WMI.
Harden the LSASS process by enabling Protective Process Light (PPL) for LSASS on Windows 11 devices. New, enterprise-joined Windows 11 (22H2 update) installs have this feature enabled by default. In addition, enable Windows Defender Credential Guard, which is also turned on by default for organizations using the Enterprise edition of Windows 11.
Turn on cloud-delivered protection in Microsoft Defender Antivirus to cover rapidly evolving attacker tools, techniques, and behaviors such as those exhibited by Volt Typhoon.
Run endpoint detection and response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat, or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-compromise.
Detection details and hunting queries
Microsoft Defender Antivirus
Microsoft Defender Antivirus detects attempted post-compromise activity. Note, however, that these alerts can also be triggered by threat activity unrelated to Volt Typhoon. Turn on cloud-delivered protection to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block most new and unknown threats.
Behavior:Win32/SuspNtdsUtilUsage.A
Behavior:Win32/SuspPowershellExec.E
Behavior:Win32/SuspRemoteCmdCommandParent.A
Behavior:Win32/UNCFilePathOperation
Behavior:Win32/VSSAmsiCaller.A
Behavior:Win32/WinrsCommand.A
Behavior:Win32/WmiSuspProcExec.J!se
Behavior:Win32/WmicRemote.A
Behavior:Win32/WmiprvseRemoteProc.B
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint alerts with the following titles can indicate possible presence of Volt Typhoon activity.
Volt Typhoon threat actor detected
The following alerts may also be associated with Volt Typhoon activity. Note, however, that these alerts can also be triggered by threat activity unrelated to Volt Typhoon.
A machine was configured to forward traffic to a non-local address
Ntdsutil collecting Active Directory information
Password hashes dumped from LSASS memory
Suspicious use of wmic.exe to execute code
Impacket toolkit
Hunting queries
Microsoft 365 Defender
Volt Typhoon’s post-compromise activity usually includes distinctive commands. Searching for these can help to determine the scope and impact of an incident.
Find commands creating domain controller installation media
This query can identify domain controller installation media creation commands similar to those used by Volt Typhoon.
DeviceProcessEvents
| where ProcessCommandLine has_all ("ntdsutil", "create full", "pro")
Find commands establishing internal proxies
This query can identify commands that establish internal proxies similar to those used by Volt Typhoon.
Below are some suggested queries to assist Microsoft Sentinel customers in identifying Volt Typhoon activity in their environment:
Microsoft customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious hash indicators (related to the custom Fast Reverse Proxy binaries) mentioned in this blog post. These analytics are part of the Threat Intelligence solution and can be installed from the Microsoft Sentinel Content Hub if not currently deployed. More details on the Content Hub can be found here: https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy.
Indicators of compromise (IOCs)
The below list provides IOCs observed during our investigation. We encourage our customers to investigate these indicators in their environments and implement detections and protection to identify past related activity and prevent future attacks against their systems.
