This 2021 IGNITE session looks at today’s ever-growing attack surface. Where more people are working from more places. In richer environments, with increasingly connected devices and (Internet of) Things.
At the start, there’s an explanation of how Microsoft’s offerings are becoming more focused on Microsoft 365 as a whole, rather than specific operating systems and Microsoft products.
Azure Defender is becoming Microsoft Defender for Cloud. This reflects the protection offered for multi-cloud environments, including Amazon Web Services and Google Cloud Platform. Part of this includes 150 new recommendations within Microsoft Defender for Cloud, to help accelerate the move to a single pane solution.
The discussion then moves on to a series of questions based on cyber security developments over the past year.
Novel attacks: What have you seen & how could they have been prevented?
The Nobelium group, behind 22,868 attacks between July and October, is mentioned. Its novel attacks involved using FoggyWeb, a backdoor vulnerability to gain admin-level access to Active Directory Federation Services servers.
However, many of the attacks are cited as being down to a lack of standard procedures such as MFA, patching, endpoints. “It comes to some of the basics around hygiene,” says Rob Lefferts, CVP, Program Management – Microsoft.
The challenges come as a result of the “complexity in landscape”, says Ping Look, Principal Program Manager – Microsoft. The range in solutions means “maybe we’re asking customers to do too much” to ensure the basics are carried out.
Microsoft cybersecurity and employees – are hardware dongles the answer?
The session discusses a shift in end users’ roles. From being part of the endpoint vulnerabilities to being the first line of defense. Away from, “We’re going to add more controls”, to thinking, “How can we make them secure but also keep them doing their job”.
This ties into what Pink Look describes as, “The journey beyond passwords”. Where users are increasingly using hardware dongles, such as YubiKey, for authentication.
The rise in lateral threats in organizational environments
The group then looks at the rise in multi-vendor environments, and how this has increased threats due to lack of interoperability. As a response, Microsoft offers integrated Single Integration and Event Management (SIEM) and Extended Detection Response (XDR) solutions. This approach is designed to coordinate and align protection across complex threat landscapes.
It’s the “vision of pulling things together” explains Rob Lefferts.
How visibility & data protect IoT solutions
A doubling of Microsoft Sentinel customers (14,000 compared to a year ago) is yielding more SIEM data. This offers rich potential for enterprise IoT, with solutions such as Microsoft Defender for IoT benefiting from “visibility end-to-end across your network, your devices”, says Eric Doerr, VP, Cloud Security – Microsoft.
How to protect and secure Microsoft 365 for organizations
The group goes on to explore the question of outcomes. In particular, creating outcomes that organizations want in their journeys. And whether it’s easier for security teams to find threats and malicious behavior.
The development of Microsoft 365 Defender and a unified XDR has taken intelligence beyond alerts. Towards a method of “correlating those into stories” that go “across a whole attack timeline”, says Rob Lefferts. He says this has meant an 80% reduction in security incidents, and freeing up human teams to focus on more strategic goals instead of routine tasks and false positives. With Microsoft Defender for Cloud Apps, attack breach likelihood has been reduced by 40%.
If this info made you think about how to develop a cloud-first strategy in Microsoft 365, we have an eBook for you!
Announcement: Enterprise-grade protection technology for smaller organizations
Microsoft Defender for Business is now available for small businesses. Smaller businesses are often most vulnerable, due to fewer resources, says Ping Look. “They probably do not have the right talent” to ensure protection, often making incidents more costly to control.
Interoperability & integration within Microsoft security products
The “breadth of coverage” in Microsoft security products and “types of systems you are integrating with” is highlighted by Bernard Brantley, CISO – Corelight. He says this is a big change from the past, when his first-choices would have included choosing a Linux system or third-party vendor for security.
There’s agreement that integrating different technologies is offering many benefits. For example, helping people work together more efficiently, with fewer interoperability hassles. Combining capabilities and resources is also helping to protect against attacks, as partners increasingly collaborate and speak to each other. The result is described as an “asymmetric advantage” against “the bad actors.”
Automated Office 365 governance & security
Integration and interoperability are crucial in achieving end-to-end protection. That’s why many organizations use SysKit Point for their Microsoft 365 environments. It gives you a full overview across Microsoft Teams, SharePoint Online, Microsoft 365 Groups, and OneDrive. Tracking everything from usage and permissions, to activity and configurations. Explore SysKit Point and see how to enable powerful end-to-end business protection.