sb-eu logo
Story image

Microsoft's new security innovations at Ignite 2019

05 Nov 2019

With Microsoft Ignite kicking off in Florida this week, Microsoft is wasting no time in detailing its visions for security, compliance, and identity.

Microsoft 365 and Security corporate vice president Kirk Koenigsbauer outlined 10 major security announcements across Azure, Microsoft 365, Office, and Microsoft Defender ATP. 

Microsoft Azure enhanced with a range of security and compliance services

- Azure Sentinel will now include new collectors to assist security analysts with collecting data from different sources such as Citrix, Barracuda, and Zscaler. Furthermore, Microsoft is releasing new hunting queries, as well as machine learning-based detections to help analysts prioritise security events.

- Azure AD will soon feature Azure AD Connect Cloud provisioning, which is a lightweight agent to move identities from disconnected Active Directory forests to the cloud.  Azure AD Connect cloud provisioning is previewing at the end of November, Koenigsbauer says. The company will also work with partners including Akamai, Citrix, F5 Networks and Zscaler to improve access to legacy-auth based applications.  Additionally, Azure AD’s MyApps portal has been redesigned.

- Azure Security Center now features new capabilities to identify misconfigurations and threats for containers and SQL in IaaS.  Security Center also provides vulnerability assessment for virtual machines; integration with security alerts from partners; and quick fixes for remediation.

- Microsoft Authenticator is now available in the Azure Active Directory (Azure AD) free plan. “Deploying Multi-Factor Authentication (MFA) reduces the risk of phishing and other identity-based attacks by 99.9%,” says Koenigsbauer.

- Azure Firewall Manager is now in public preview. Users are able to manage multiple firewall instances through the platform. Microsoft is currently working on creating support for new firewall deployment topologies.

Microsoft 365 and Office

- Microsoft 365 includes a new insider risk management to help security teams detect and remediate threats within an organisation. The solution is currently in public preview.

“This new solution leverages the Microsoft Graph along with third-party signals, like HR systems, to identify hidden patterns that traditional methods would likely miss,” says Koenigsbauger.

- Microsoft 365’s compliance center can now allow users to view data classifications as categorised by types of sensitive information or industry regulations. Users can also take advantage of machine learning and existing data to train classifiers unique to an organisation, such as customer records and HR data.

- Microsoft Compliance Score maps Microsoft 365 configuration settings to common regulations and standards, to help simplify regulatory complexity and reduce risk. It provides continuous monitoring and recommended actions.

- Application Guard for Office is now in public preview. It provides hardware-level and container-based protection against potentially malicious Word, Excel, and PowerPoint files. It also leverages Microsoft Defender ATP to establish whether a document is either malicious or trusted.

Microsoft Defender ATP

- Microsoft Defender Advanced Threat Protection has been extended to introduce new capabilities, including MacOS support (now in preview). Microsoft is also working on adding support for Linux servers.

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Bitglass receives US patent for SAML technology
Bitglass designed its SAML relay to allow a cloud access security broker (CASB) to be inserted into the traffic flow between users and cloud services during the login process.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More