Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response.
With digital transformation, technology becomes increasingly central to every business and organization. This makes ensuring cybersecurity increasingly important. And, as employees increase their use of mobile devices and cloud-based apps, protecting their work requires a new approach for IT. With 80% of employees admitting to the use of non-approved cloud apps for work, ensuring data protection cannot be left to employees to manage.
To address these needs, Microsoft continues to take a multi-faceted approach to providing built-in security capabilities. These span areas across:
- Protecting at the front door
- Protecting data anywhere
- Achieving data security compliance objectives
- Detecting and recovering from attacks
- Managing the security tool set
The Microsoft security tools continuously improve with insight from the Microsoft Intelligent Security Graph, which serves as the connective tissue across Microsoft security solutions. Today at Ignite, we are announcing new integrations, expanded capabilities, and partnerships toward addressing the complex areas of cybersecurity for all organizations.
Protect at the front door
The vast majority of security breaches continue to trace back to weak or stolen passwords. Because it’s proving to work, attackers are increasing their focus on stealing passwords to access corporate systems. The latest Microsoft Security Intelligence Report shows a 300 percent increase in user account attacks. To address this growing issue, it is essential to focus on securing identities and access. Our cloud-based approach is through broadly implemented conditional access.
Conditional access enables you to control who has access to your organization’s resources based on a combination of risk factors, such as user account activity, physical location, and the trustworthiness of the device. Azure Active Directory analyzes these factors and applies continuous cybersecurity threat intelligence, powered by Microsoft’s Intelligent Security Graph. This insight provides real-time risk assessment, and triggers the appropriate authentication requirements needed for accessing apps and data. Today, we are expanding conditional access capabilities by integrating with Microsoft Cloud App Security, Azure Information Protection, and our partners in the ecosystem:
- Microsoft Cloud App Security performs real-time monitoring and helps IT gain control over cloud apps and how employees use these apps. Now with Cloud App Security, users’ actions taken in cloud applications can be managed and controlled based on conditional access policies and proxy-enforced session restrictions. For example, you can allow users to access cloud apps from an unfamiliar location or unmanaged device, but prevent them from downloading documents.
- To further enhance security at the file level, we’re introducing conditional access for sensitive files. With the integration of Azure Information Protection and Azure Active Directory, conditional access can be set up to allow or block access to documents protected with Azure Information Protection. You can also enforce additional security requirements such as multi-factor authentication or device enrollment.
- Not only are we providing better integration within our own solutions to deliver holistic and identity-driven security, we also are working with our partners to extend conditional access in the ecosystem. In addition to Azure multi-factor authentication (MFA), you can now use RSA, Duo or Trusona for two-step authentication as part of your conditional access policy.
Protect your data anywhere
Employees are using more SaaS apps, creating more data, and working across multiple devices. While this has enabled people to do more, it has also increased the risk of data loss – it is estimated that 58% of workers have accidentally shared sensitive data with the wrong person.
Microsoft’s Information Protection solutions help you detect, classify, protect and monitor your data – regardless of where it is stored or shared. Today, we’re announcing several new investments in the integration across our information protection solutions – helping provide more comprehensive protection across the data lifecycle.
A key part of this vision is to provide a more consistent and integrated classification, labeling and protection approach across our information protection technologies, enabling persistent protection of your data – everywhere. Microsoft Cloud App Security natively integrates with Azure Information Protection to classify and label files that reside in cloud applications.
Finally, we are announcing the general availability of improvements to Office 365 message encryption, which makes it easier to share protected emails with anybody – inside or outside of your organization. Recipients can view protected Office 365 emails on a variety of devices, using common email clients or even consumer email services such as Gmail and Outlook.com.
Achieve your data security compliance objectives
Regulated organizations have additional needs to demonstrate compliance, and we’re investing in tools to help achieve those goals.
Customer Key can help regulated customers meet their security compliance obligations by providing added control and management of encryption keys. To learn more, check out this video example of how Customer Key works in SharePoint Online.
Beyond just security compliance, achieving organizational compliance is a complex challenge. It’s hard to stay up-to-date with all the regulations that matter to your organization, and to define and implement controls with limited in-house capability. We’re pleased to introduce the upcoming preview of Compliance Manager, which enables you to manage your compliance posture from one place and stay up-to-date on evolving data protection regulations. Compliance Manager enables real-time risk assessment with one intelligent score reflecting your compliance posture against data protection regulations when using Microsoft cloud services. It also provides recommended actions and step-by-step guidance to help you improve your compliance posture.
Detect and recover from attacks
On average breaches exist for over 90 days in a customer’s environment before they are detected. In response, many organizations are moving to an assume breach posture. We continue to invest in tools that help detect attacks sooner and then remediate. But, we know it’s also important to continue investing in pre-breach attack prevention tools.
Today, we are announcing several new capabilities to further improve our anti-phishing capabilities in Office 365 Advanced Threat Protection, with a focus on mitigating content phishing, domain spoofing, and impersonation campaigns. Office 365 Advanced Threat Protection is also expanded to help secure SharePoint Online, OneDrive for business, and Teams. In Office 365 Threat Intelligence, we have introduced threat insights and tracking to help with detection and remediation. In Windows, we are adding Windows Defender Application Control, which is powered by the Microsoft Intelligent Security Graph to make it less likely that malicious code can run on the endpoint.
On the post-breach detection side, we are announcing the limited preview of a brand-new service – Azure Advanced Threat Protection for users – that brings our on-premises identity threat detection capabilities to the cloud and integrates them with the Microsoft Intelligent Security Graph. Powered by the graph, our Advanced Threat Protection products have a unified view of security event data so your security operations analysts can investigate an incident from endpoint to end-user to e-mail. Finally, as previously announced earlier in the month, Windows Defender Advanced Threat Protection is integrating Hexadite’s AI technology to automatically investigate new alerts, determine the complexity of a threat, and take the necessary actions to remediate it.
Protecting resources across distributed infrastructure against evolving cyberthreats demands a new approach to security management – a solution that provides comprehensive visibility, consistent controls and actionable intelligence and guidance.
We are announcing today that Azure Security Center, which helps customers protect workloads running in Azure against cybersecurity threats, can now also be used to secure workloads running on-premises and in other private and public clouds. Azure Security Center reduces management complexity by delivering visibility and control over workloads across clouds, enables adaptive threat prevention to reduce your exposure to threats, and provides intelligent detection to help you keep pace with rapidly evolving cyberattacks.
Azure Security Center also has new capabilities to enable central management of security policies, better detect and defend against advanced threats, and streamline investigation of threats for your hybrid workloads. Read the Azure blog to learn more about these and other new features.
We have made it easier than ever to get end-to-end security solutions up and running. FastTrack for Microsoft 365 now provides deployment services for key security scenarios, giving you the resources, tools, and support you need from Microsoft engineers.
FastTrack for Microsoft 365 can work with you directly, work with your existing partner, or help you get matched with a trusted Microsoft partner to deploy comprehensive security solutions. And the best part is this isn’t a one-time benefit. It is a repeatable resource that you can use to ensure you have the help and resources you need.
You can go to fasttrack.microsoft.com and get help to deploy Microsoft products to address some of the most common security scenarios including:
- Working securely from anywhere, anytime on almost any device enabling a flexible workstyle
- Protect your data on files, apps and devices within and across orgs
- Detect and protect against external threats
- Protect your users and their accounts
- Securely collaborate on documents in real time