Modern workplace IGNITE: What are key Microsoft cybersecurity challenges in 2022 November 10, 2021 By: Syskit team Last updated: May 11, 2023 5 min read Let's see the issues, lessons, and key recommendations learned in 2021 in the M365 security industry. Table of contents Novel attacks: What have you seen & how could they have been prevented?Microsoft cybersecurity and employees – are hardware dongles the answer?The rise in lateral threats in organizational environmentsHow visibility & data protect IoT solutionsHow to protect and secure Microsoft 365 for organizationsAnnouncement: Enterprise-grade protection technology for smaller organizationsInteroperability & integration within Microsoft security productsAutomated Office 365 governance & security This 2021 IGNITE session looks at today’s ever-growing attack surface. Where more people are working from more places. In richer environments, with increasingly connected devices and (Internet of) Things. At the start, there’s an explanation of how Microsoft’s offerings are becoming more focused on Microsoft 365 as a whole, rather than specific operating systems and Microsoft products. Azure Defender is becoming Microsoft Defender for Cloud. This reflects the protection offered for multi-cloud environments, including Amazon Web Services and Google Cloud Platform. Part of this includes 150 new recommendations within Microsoft Defender for Cloud, to help accelerate the move to a single pane solution. Microsoft Cloud App Security is becoming Microsoft Defender for Cloud Apps, and Azure Sentinel is becoming Microsoft Sentinel. The discussion then moves on to a series of questions based on cyber security developments over the past year. Novel attacks: What have you seen & how could they have been prevented? The Nobelium group, behind 22,868 attacks between July and October, is mentioned. Its novel attacks involved using FoggyWeb, a backdoor vulnerability to gain admin-level access to Active Directory Federation Services servers. However, many of the attacks are cited as being down to a lack of standard procedures such as MFA, patching, endpoints. “It comes to some of the basics around hygiene,” says Rob Lefferts, CVP, Program Management – Microsoft. The challenges come as a result of the “complexity in landscape”, says Ping Look, Principal Program Manager – Microsoft. The range in solutions means “maybe we’re asking customers to do too much” to ensure the basics are carried out. Microsoft cybersecurity and employees – are hardware dongles the answer? The session discusses a shift in end users’ roles. From being part of the endpoint vulnerabilities to being the first line of defense. Away from, “We’re going to add more controls”, to thinking, “How can we make them secure but also keep them doing their job”. This ties into what Pink Look describes as, “The journey beyond passwords”. Where users are increasingly using hardware dongles, such as YubiKey, for authentication. The rise in lateral threats in organizational environments The group then looks at the rise in multi-vendor environments, and how this has increased threats due to lack of interoperability. As a response, Microsoft offers integrated Single Integration and Event Management (SIEM) and Extended Detection Response (XDR) solutions. This approach is designed to coordinate and align protection across complex threat landscapes. It’s the “vision of pulling things together” explains Rob Lefferts. How visibility & data protect IoT solutions A doubling of Microsoft Sentinel customers (14,000 compared to a year ago) is yielding more SIEM data. This offers rich potential for enterprise IoT, with solutions such as Microsoft Defender for IoT benefiting from “visibility end-to-end across your network, your devices”, says Eric Doerr, VP, Cloud Security – Microsoft. How to protect and secure Microsoft 365 for organizations The group goes on to explore the question of outcomes. In particular, creating outcomes that organizations want in their journeys. And whether it’s easier for security teams to find threats and malicious behavior. The development of Microsoft 365 Defender and a unified XDR has taken intelligence beyond alerts. Towards a method of “correlating those into stories” that go “across a whole attack timeline”, says Rob Lefferts. He says this has meant an 80% reduction in security incidents, and freeing up human teams to focus on more strategic goals instead of routine tasks and false positives. With Microsoft Defender for Cloud Apps, attack breach likelihood has been reduced by 40%. If this info made you think about how to develop a cloud-first strategy in Microsoft 365, we have an eBook for you! Announcement: Enterprise-grade protection technology for smaller organizations Microsoft Defender for Business is now available for small businesses. Smaller businesses are often most vulnerable, due to fewer resources, says Ping Look. “They probably do not have the right talent” to ensure protection, often making incidents more costly to control. Interoperability & integration within Microsoft security products The “breadth of coverage” in Microsoft security products and “types of systems you are integrating with” is highlighted by Bernard Brantley, CISO – Corelight. He says this is a big change from the past, when his first-choices would have included choosing a Linux system or third-party vendor for security. There’s agreement that integrating different technologies is offering many benefits. For example, helping people work together more efficiently, with fewer interoperability hassles. Combining capabilities and resources is also helping to protect against attacks, as partners increasingly collaborate and speak to each other. The result is described as an “asymmetric advantage” against “the bad actors.” Automated Office 365 governance & security Integration and interoperability are crucial in achieving end-to-end protection. That’s why many organizations use Syskit Point for their Microsoft 365 environments. It gives you a full overview across Microsoft Teams, SharePoint Online, Microsoft 365 Groups, and OneDrive. Tracking everything from usage and permissions, to activity and configurations. Explore Syskit Point and see how to enable powerful end-to-end business protection. Discover, secure, and control M365 Manage your company’s Microsoft 365 ecosystem with Syskit Point, a scalable platform that will help you govern and secure your environment while giving you deep visibility into your entire inventory. Try for free Subscribe to our Newsletter Thank you for joining our community! Related Posts Modern workplace Power BI paginated reports Learn what Power BI paginated reports are and how they compare to regular Power… August 17, 2022 7 min read Modern workplace Microsoft Teams, Slack, and Zoom - Which one to choose for team collaboration? The popularity of remote work has reached its peak, and a lot of companies are … April 16, 2020 7 min read Modern workplace How to save time managing Microsoft 365 Simplify Microsoft 365 admin tasks and save hours daily with Syskit Point’… November 7, 2023 5 min read