Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
In November, Microsoft CEO Satya Nadella outlined a new comprehensive, cross company approach to security for our mobile-first, cloud-first world. To support this approach, Microsoft invests more than a billion dollars in security research and development, every year. Today we are announcing the general availability of key security capabilities in the Microsoft Cloud, which are products of this research and development investment: Azure Security Center, Azure Active Directory Identity Protection, and Azure Active Directory Privileged Identity Management.
These investments strengthen our efforts in three important areas:
- To deliver a holistic security platform where our products and services work in concert with each other, and with our partners in the security ecosystem, to protect our customers.
- Microsoft’s unique insights into the threat landscape, informed by trillions of signals from billions of sources, create an intelligent security graph that we use to inform how we protect all endpoints, better detect attacks and accelerate our response.
- To ensure that when your organization leverages the Microsoft Cloud, it can improve your security posture, versus what you are doing to protect your on-premises IT environment alone.
Azure Security Center is generally available
We are announcing that Azure Security Center is generally available. Azure Security Center provides customers around the world with security management and monitoring capabilities for the millions of resources they run in Microsoft Azure helping them keep pace with rapidly evolving threats in ways they likely could not achieve in their own datacenters.
Driven by Microsoft’s new approach to security, Azure Security Center is transforming how customers protect their cloud workloads. Powered by advanced analytics and a rich set of protection capabilities built into Azure, Security Center helps customers protect, detect, and respond to threats.
Since the preview launched in December 2015, Azure Security Center has helped protect over a 100,000 Azure subscribers and hundreds of thousands of virtual machines – providing our customers with a unified view of the security state of all their cloud workloads, recommending ways to strengthen their security posture in accordance with their company policies, and using behavioral analysis and machine learning to detect threats.
In addition, Azure Security Center integrates with an ecosystem of partners like Barracuda.
“Microsoft is an important partner to Barracuda as we look to help customers improve security for their deployments in Azure. Azure Security Center is just one part of the compelling security agenda we have seen from Microsoft, and we believe the way it integrates Barracuda solutions will be a great benefit to our customers,” said Nicole Napiltonia, VP Strategic Alliances at Barracuda.
In addition to announcing general availability, Azure Security Center includes a number of new features today:
- Integrated vulnerability assessment from partners like Qualys
- Options for integrating Security Center recommendations and alerts with existing operations and security information event management (SIEM) solutions
- Expanded support for Linux and Cloud Services VMs
- New algorithms which detect lateral movement, internal reconnaissance, outgoing attacks, malicious scripts, and more
- Alerts are now mapped against cyber kill chain patterns to provide customers with a single view of an attack campaign and all of the related alerts – so they can quickly understand what actions the attacker took and what resources were impacted
You can get more details on new security capabilities for Azure customers from the blog post by Sarah Fender, Principal Program Manager, Azure Cybersecurity. The blog provides information on how to quickly get started with Azure Security Center to get better control and protection for your Azure resources.
Azure Active Directory Identity Protection
Another great example of a new Microsoft security investment is Azure Active Directory Identity Protection. Azure Active Directory security capabilities are built on Microsoft’s long experience protecting identities used to access Microsoft’s consumer and enterprise services, and gains tremendous accuracy by analyzing the signal from over 14 billion logins every day to help identify potentially compromised user accounts.
Azure Active Directory Identity Protection builds on these capabilities and detects suspicious activities for end users and privileged identities based on signals like brute force attacks, leaked credentials, logins from unfamiliar locations and infected devices. Based on these suspicious activities, a user risk severity is calculated and risk-based policies can be configured allowing the service to automatically protect the identities of your organization from future threats.
Azure Active Directory Identity Protection will become generally available later in the quarter. Enterprise customers should evaluate the preview of Azure Active Directory Identity Protection now, so that they are ready to use it when it becomes generally available.
Azure Active Directory Privileged Identity Management
Some of the threats that keep Chief Information Security Officers up at night include threats to privileged identities like administrator accounts. Some examples of these threats include:
- Malicious or rogue administrators
- Administrator credentials leaked via phishing attacks
- Administrator credentials cached on compromised systems
- User accounts that are granted temporary elevated privileges that become permanent.
More and more organizations are realizing that they have to strictly manage privileged accounts and monitor their activities because of the risk associated with their misuse. With Azure AD Privileged Identity Management you can manage, control, and monitor access to resources in Azure AD as well as other Microsoft online services like Office 365 or Microsoft Intune.
Azure Active Directory Privileged Identity Management will become generally available later in the quarter. I encourage you to evaluate the preview that became available in May so that you are ready to adopt this great new cloud security capability when it is generally available next month.
More good news is that we’ve made it super easy and cost effective for enterprise customers to get Azure Active Directory Identity Protection and Azure AD Privileged Identity Management by including them in the new Microsoft Enterprise Mobility + Security (EMS) E5 suite. You can get all the details, including all the other mobility and security related products and services included in EMS that were just announced, here. If your security strategy reaches more broadly to include Office 365, Windows 10 Enterprise, and EMS, consider the recently announced offering called Secure Productive Enterprise.
These key cloud security capabilities are a big step forward, and will help our customers protect, detect and respond to threats in a mobile-first, cloud-first world. To learn more about our security strategy and investments, visit the Microsoft Secure website.
General Manager, Azure Security