Above: Microsoft Cybercrime Center, Asia. Photo courtesy Microsoft.
BitDepth#1273 for October 29, 2020
In a week that made it clear that cybersecurity would be everybody’s problem in a suddenly digital world, Microsoft’s newly appointed Corporate vice-president for Security, Compliance and Identity, Vasu Jakkal explained the company’s refreshed position on the issue.
On Friday, following announcements at Microsoft’s Ignite, Jakkal told a virtual media conference that the company was embedding Extended Detection and Response (XDR) and cloud-native Security Information and Event Management (SIEM) in all of its security tools on all platforms.
The company has also simplified its regulatory compliance software, delivering the solution as a new dashboard that makes it more accessible to non-technical users.
Microsoft Defender for Endpoint replaces Microsoft 365 Defender and Azure Defender to offer deeper protection across industry systems, including identities, endpoints, cloud apps, email and documents, infrastructure, and cloud platforms.
The move leans even harder into the platform neutral stance adopted by CEO Satya Nadella soon after he took over the role, and the new protection protocols have been extended to Android, a new preview for IOS, and an alphabet soup of server-side technologies.
The new threat protection approach bundles all the company’s detection and response tools into a single product.
“There is a common need for cybersecurity, and the circumstances of the pandemic have brought a heightened understanding of the need to be careful,” Jakkal said.
“It is a year of transformation, and secure remote access is the number one challenge.”
“Ninety-four per cent of businesses are deploying Zero Trust systems, which verify everything.”
Microsoft’s new threat detection and Endpoint data loss protection extends to DropBox, Box, WebX and other popular tools.
The company is also embracing identity protection as an open standards project and announced a decentralised identity protection pilot in collaboration with US Department of Defense and Trident, an online military university.
For users of the company’s Azure cloud solution, Azure Sentinel, Microsoft’s cloud-native SIEM has been redesigned to adapt to the growth in remote work, improving threat intelligence management.
The preventive tool analyses user and entity behaviour to assess unknown threats as well as monitoring unusual behaviour by compromised users or insider threats.
The new capabilities make use of Microsoft’s security research and leverages machine learning tools.
On the use of artificial intelligence in cybersecurity tools, Jakkal noted that “Effective AI depends on input and that data must represent diversity.”
“We are seeing more inclusion in schools and in hiring, but we need more diversity; we need more women working in cybersecurity.”
Responding to a question I posed during the online session, she noted that companies should always begin their preparations with a cybersecurity assessment for the organisation.
Of ransomware, Jakkal advised companies to, “Implement best practices to reduce the risk associated with the human element, which gives access to ransomware injections.”
“It’s a multi-pronged approach.”
Jakkal is bullish about the potential in digital transformation for companies and nations.
“Digitally transformed businesses and governments have an advantage. There is need for a digital-first mindset. Organisations and countries that adopt it will thrive in the future. The pandemic is likely to be an equaliser.”
Four things Microsoft says you can do to improve company security right away.
• Use multi-factor authentication. Move toward passwordless solutions.
• Have a plan for keeping software up-to-date and patch!
• Get a handle on all devices connecting to your network, from phones and laptops to edge devices, and how you’re detecting potential threats to all of them.
• Use benchmarks and insights like Microsoft Secure Score and Compliance Manager to understand your standing and track your progress.