Microsoft has outlined a new approach to security, announcing the Cyber Defense Operations Center and cross-company investments to help better protect customers.
Microsoft’s CDOC facility brings together security response experts from across the company to help protect, detect and respond to threats in real-time. Staffed with teams 24x7, the center has direct access to thousands of security professionals, data analysts, engineers, developers, program managers and operations specialists throughout Microsoft.
In tandem with this, Microsoft announced a new Enterprise Cybersecurity Group. This is a dedicated group of worldwide security experts that offers security assessments, provides ongoing monitoring and threat detection, and also incident response capabilities.
The company also added Enterprise Mobility Suite (EMS) support for mobile application management, without the need to enroll the device. This provides features that help IT protect and manage corporate applications and data on any Windows, iOS and Android device.
Other news falls into the partnership category: Box and Adobe will offer new Microsoft Intune native apps on iOS and Android to help prevent accidental sharing of confidential corporate data to personal locations or cloud services; SAP Fiori mobile apps, built by SAP customers, will also support Intune mobile app management. And, starting December 1, Customer Lockbox will offer customers full control over access to their data in Office 365 and Equivio Analytics for eDiscovery.
“In our mobile-first, cloud-first world, employees work on corporate applications and access sensitive data from on-premises and cloud-based systems using every type of device from laptops to BYO devices to IoT sensors,” said Bret Arsenault, Microsoft’s CISO, in a blog. “While there is an immense opportunity for enterprises and individuals to derive personal and professional value from today’s connected technologies, there is a corresponding growth in risk as people increase their exposure to cybersecurity threats. While security has always been a focus for Microsoft, we recognize that the digital world in which we live requires a new approach to how we protect, detect and respond to security threats.”
Satya Nadella, during his keynote at the Microsoft Government Cloud Forum in Washington D.C., noted that Microsoft invests more than a billion dollars in security research and development, every year. He said that innovations in Windows 10, Office 365, Microsoft Azure, and Microsoft EMS work in tandem with each other, and with partner solutions from across the security ecosystem. Combined with insights from the intelligent security graph, these security features are designed to help prevent the accidental or intentional loss of corporate data, prevent password related attacks, and prevent and respond to the installation of malware on a machine or in your environment.
For example: To protect against password related attacks Windows 10’s Microsoft Passport and Windows Hello use strong biometrics to eliminate the need for passwords and Credential Guard protects from "pass the hash" attacks—where hackers use one account to gain access to the credentials of another user—with new virtualization technology. Should a compromise occur, Advanced Threat Analytics detects anomalous patterns and recommends configuration changes to help protect the environment and users. And Azure Active Directory simplifies password and identity management—for IT and users—by federating identities across business and consumer services to make maintaining and signing into multiple services simpler and more secure.
“While there will always be new threats, new attacks and new technologies, companies can take action today to address security concerns and improve their security postures,” said Arsenault. “It is critical for companies to strengthen their core security hygiene (across things like monitoring, antivirus, patch and operating systems), adopt modern platforms and comprehensive identity, security and management solutions, and leverage features offered within cloud services; and it is just as important to create education and awareness across employee populations in order to build and sustain a pervasive security culture.”
Photo © hans engeres