Story image

Microsoft makes security offerings available to nation states and law enforcement

25 Sep 18

Cybersecurity is the central challenge of the digital age.

Without it, the most basic human rights like privacy cannot exist.

Every day, organisations take precious time and resources away from their core business mission to defend against and recover from cyberattacks.

They operate dozens of complex disconnected tools, yet the gaps between those tools remain and threats get through.

Their security teams struggle to keep up and skilled expertise is scarce.

Microsoft is empowering IT to unlock the security capabilities of the intelligent cloud to tip the scales in the cyber war.

Microsoft focuses on three areas: running security operations that work for customers, building enterprise-class technology, and driving partnerships for a heterogeneous world.

First, it’s clear today’s cyberwar is an intelligence game.

At Microsoft, more than 3500 full-time security professionals work with leading AI tools to analyse more than 6.5 trillion global signals each day.

This is the most recent chapter in a journey down the experience curve that we have been on for more than a decade.

Beginning with securing the operating system platform, our Microsoft Threat Intelligence Center (MSTIC) learned to build multi-dimensional telemetry to support security use cases and to spot that rogue exploit in a distant crash dump bucket.

As the attacks morphed, so did Microsoft’s defensive approaches in our threat intelligence and response teams through PCs to the Internet era, from servers in the data centre to workloads in the cloud.

Today, Microsoft operates its security infrastructure at a global scale to protect its customers: securing data centres, running a Cyber Defense Operations Center, hacking its own defences (red-teaming), and hunting down attackers.

Specialists in the Microsoft Cybersecurity Solutions Group work with Microsoft customers to strengthen their resilience and help them recover from incidents.

Microsoft’s Digital Crimes Unit works to disrupt and deter perpetrators.

Microsoft blocks more than 5 billion distinct malware threats per month.

One recent example shows the power of the cloud.

Microsoft’s cloud-based machine learning models detected a stealthy and highly targeted attack on small businesses across the United States with only 200 discrete targets called Ursnif and neutralised the threat in seconds.

Second, with Microsoft’s enterprise-class technology, it is using the cloud to secure organisations broadly.

The cloud enables it to take all its signal, intelligence, and operational experience and

use it to help its customers be more secure, with enterprise-class security technology.

In identity, for example, Microsoft takes the insights from processing hundreds of billions of authentications a month and delivers risk-based conditional access for customers using Azure AD to secure access to thousands of SaaS and line of business applications.

For security operations professionals, Microsoft surface its threat intelligence and has created a community where its researchers and others from the industry, can share advanced queries to hunt attackers and new threats so that it can collectively advance insight and protection.

At its Ignite conference in Orlando, Microsoft made these additional announcements:

  • Nearly all data loss starts with compromised passwords. Microsoft is delivering new support for password-less login via the Microsoft Authenticator app for the hundreds of thousands of Azure AD connected apps that businesses use every day.
     
  • Microsoft Secure Score is an enterprise-grade dynamic report card for cybersecurity. By using it, organisations get assessments and recommendations that typically reduce their chance of a breach by 30-fold with steps like securing admin accounts with MFA and end users accounts with MFA and turning off client-side email forwarding rules. Many of these best practices mirror those of consumers, where the most impactful steps toward improving overall security include upgrading to Windows 10, turning on MFA for all available accounts (including MSA), and enabling ransomware protection in OneDrive. The average score we see across the Ignite audience today is in the 80s, for an active user it is over 120.
     
  • Building on our experience running security operations, we are announcing Microsoft Threat Protection. It brings together threat protection solutions across email, PCs, documents, identities and infrastructure into a single integrated experience in Microsoft 365 saving thousands of hours for over-stretched security teams.
     
  • In addition to these intelligent security products available to Microsoft 365 customers today, Microsoft is looking ahead and opening new business scenarios with previews of Azure confidential computing to protect data in use.

Third, Microsoft is driving a broad set of technology, industry and policy partnerships for a heterogeneous world.

It tackles emerging new ecosystem challenges like security for MCU-powered devices and IoT with innovations such as Azure Sphere, now available for preview.

Microsoft works with fellow security vendors to integrate the variety of security tools that its mutual customers use through its Microsoft Intelligent Security Association.

Specifically, the Microsoft Graph Security API, generally available starting today, helps partners (such as Palo Alto Networks) work with Microsoft to deliver better threat detection and faster incident response.

It connects a broad ecosystem of security solutions via a standard interface to help integrate security alerts, unlock contextual information, and simplify security automation.

Microsoft is working with tech companies, policymakers, and institutions critical to the democratic process on strategies to protect the United States’ midterm elections.

The company’s Defending Democracy program is working to protect political campaigns from hacking, increase the security of the electoral process, defend against disinformation, and bring greater transparency to political advertising online.

Part of this program is the AccountGuard initiative which provides cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organisations.

Microsoft has seen strong AccountGuard interest and in the first month onboarded more than 30 organisations.

Its focused on onboarding large national party operations first and has successfully done so for committees representing both major US parties as well as high-profile campaigns and think-tanks, and we are working to onboard additional groups each week.

Microsoft is developing plans to extend its Defending Democracy program to democracies around the world.

Since participating in the establishment of the Cybersecurity Tech Accord, an agreement to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states, it has seen that group nearly double in size with 27 new organisations joining from around the globe including Panasonic, Salesforce, Swisscom and Rockwell Automation to name a few, bringing total signatories to 61.

The Digital Crimes Unit has worked with global law enforcement agencies to bring criminals to justice: to date, taking down 18 criminal botnets and rescuing nearly 500 million devices from secret botnet control.

In partnership with security teams across the company, the DCU has also combatted nation-state hackers, using innovative legal approaches 12 times in two years to shut down 84 fake websites, often used in phishing attacks and set up by a group known as Strontium that is widely associated with the Russian government.

By Microsoft security corporate vice president Rob Leffer

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.