Microsoft’s new security posture leads to baked-in security
More than ever, Microsoft wants its products to be the first choice for enterprises, organizations, and governments. And to do that, they embedded security in the core.
Yesterday, at the Microsoft Government Cloud Forum 2015, Microsoft CEO Satya Nadella pointed out how the company has been working hard to respond to the demands put forth by the rapidly changing threat environment.
The breaking of the perimeter, corporate networks being extended to customers, an increased pace of connectivity, the incorporation of employees’ devices into the enterprise environment, the Internet of Things (sensors in every room) – it all leads to one realization: we live in a world where attacks can come from anywhere.
Information security, Nadella said, is one of the most pressing issues of our times, as digital technology today is at the core of every industry. But users won’t use technology if they don’t trust it, and Microsoft is doing everything it can to build that trust.
He pointed out that Microsoft’s unique perspective on what’s happening both when it comes to attack and response, as they have insight offered by more that 1 billion Windows devices, 300 billion users authentications each month, and 200 billion emails analyzed for spam and malware.
This perspective allowed them to create a specific operational security posture, characterized by consistency (it’s like going to the gym – you have to constantly “exercise” security, he says), constant improvement in threat detection (moving from signatures to spotting unusual behavior), complete protection (endpoints, sensors, data centers, etc.).
This security posture spurred them to come up with new solutions that incorporate three points: platform, intelligence, and partners.
Julia White, general manager of Microsoft Office division, then entered the stage to demonstrate some of the embedded security technologies incorporated in Windows 10, Azure, and Office 365 (the platform component of the aforementioned triad): from Windows 10 Hello and Password features that allow user authentication without passwords and Azure Active Directory (user and device management for Windows domain networks), to the Office 365 suite (with its malware detection improvements such as the link “detonation chamber”) and Windows 10’s Device Guard, a system which allows administrators to block the execution of software that is not digitally signed by a trusted vendor or Microsoft.
She mentioned Credential Guard, which uses virtualization-based security to protect against credential theft attacks, and new protections to prevent enterprise data loss, which she demonstrated by trying – and failing – to exfiltrate potentially sensitive enterprise data via email or by uploading a file to a cloud storage account:
These features protect data across all devices, and IT admins can define what can and cannot be performed on each of them.
When it comes to breach detection, spotting abnormal behavior is the key. Microsoft’s Advanced Threat Analytics (ATA) helps IT pros quickly detect suspicious user and device activity within the enterprise network (click on the screenshot to enlarge it):
On the infrastructure level, detection and prevention is aided by the Azure security center, which offers a central view of security settings, constant monitoring, policy based recommendations, and partner solutions (click on the screenshot to enlarge it):
Nadella then took over again and explained the “intelligence” aspect of the operational security posture.
With a quick nod to Microsoft’s past efforts and collaborations with the industry partners and law enforcement, he explained that security managers from Microsoft’s various divisions and product groups are finally being placed physically together in a Cybersecurity Defense Operations Center, so that they can create an accurate intelligence graph – a representation of the curent threat situation – which is then shared with customers and partners.
Finally, he noted that they the partnership part of the security equation is equally important as the first two. After all, as Nadella pointed out, they want to take advantage of tools each partner brings to the table, and partners to do the same with Microsoft’s tools.