Microsoft Defender for Endpoint and Intel TDT Combine for a New Ransomware Defense>
Infused Innovations – K.K. Tucker
Ransomware encrypts business and user data, making it inaccessible to organizations in order to hold it for ransomâand this process creates a lot of activity in the targetâs central processing unit (CPU). Intel TDT watches this activity through telemetry signals that its Intel hardware sends out. The hardwareâs performance monitoring unit (PMU) records low-level information about the execution patterns of instructions that are processed by the CPU. This information then goes through machine learning techniques to help determine whether the CPU activity is legitimate or malicious. If an attack is happening, TDT is able to detect the malware code execution âfingerprintâ at runtime.

Now paired with Microsoft Defender for Endpoint, the detector sends its signals to MDE, which applies its own threat intelligence and machine learning to assess the danger. If the occurrence is a true threat, Defender for Endpoint will automatically block or remediate it.
Link: https://www.infusedinnovations.com/blog/secure-intelligent-workplace/microsoft-defender-for-endpoint-and-intel-tdt-combine-for-a-new-ransomware-defense