As the new year begins, progress with Microsoft Threat Protection continues. It remains one of the only solutions available in market, providing comprehensive, end-to-end security for the modern workplace. Microsoft Threat Protection helps users gain optimal security from the moment they sign in to their laptops or mobile devices, check their email or begin work on their documents, or utilize the many cloud applications common in the modern workplace. IT administrators benefit from minimal complexity in staying ahead of the threat landscape, gaining visibility and control over the expanding attack surface, and reducing the time, cost, and effort needed to understand and take action on the trillions of threat signals observed from their IT environment.
In previous posts, we provided examples of how Microsoft Threat Protection helps secure across identities, endpoints, email and data, apps, and infrastructure. We also highlighted how Microsoft Threat Protection quickly and efficiently handled the Tropic Trooper attack campaign. Today, we highlight examples of automation and seamless integration which are core differentiators for Microsoft Threat Protection. We first discuss new automation capabilities that improve security for your app’s ecosystem. Next, we share results from the MITRE evaluation that exemplifies how signal sharing across integrated security services helps provide impressive threat detection capabilities for endpoints.
Simplifying the life of SecOps with automated security workflows
Automation is a key attribute of Microsoft Threat Protection. While it comes in many forms, the intent is always to help reduce the burden on security teams tasked with handling the myriad and frequent threats modern organizations deal with. Automation can address basic security needs, enabling security teams to focus on the more challenging security problems. This ultimately helps make organizations less susceptible to threats.
The following example demonstrates how our automation capabilities can simplify the oversight for cloud apps and services. Microsoft Threat Protection helps secure cloud apps and services with Microsoft Cloud App Security, a premier Cloud Access Security Broker (CASB) service. It gives visibility into cloud apps and services, provides sophisticated analytics to identify and combat cyberthreats, and enables control over data travel. Leading organizations such as Accenture leverage the monitoring capabilities of Cloud App Security to detect anomalous behavior in their SaaS and cloud apps. Now imagine adding the benefit of automated workflows to this already powerful service. We have heard feedback in countless discussions with Security Operations (SecOps) professionals that solutions enabling automated processes would help significantly by reducing the number of incidents requiring direct oversight.
To serve this customer need, we’re excited to announce the integration of Microsoft Flow with Cloud App Security (Figure 1). This new integration supports a series of powerful use cases to enable centralized alert automation and orchestration by leveraging out-of-the-box and custom workflow playbooks that work with the systems of your choice. Microsoft Flow leverages an ecosystem of connectors from over 100 third-party services including ServiceNow, Jira, and SAP. The combination of Cloud App Security and Microsoft Flow will enable security specialists to create playbooks that work with systems of their choice, existing in-house processes, and automating the triage of alerts. Learn more about the detailed use cases and exciting capabilities this integration facilitates.
Figure 1. Microsoft Cloud App Security + Microsoft Flow integration schematic.
Demonstrating industry leading optics and detection for endpoint security
The Microsoft Intelligent Security Graph is the foundational element of Microsoft Threat Protection powering every service in the solution, providing a blend of deep and broad threat signals, and leveraging machine learning for intelligent signal correlation. The Intelligent Security Graph seamlessly integrates all Microsoft Threat Protection services, enabling each to share signal.
For example, Windows Defender Advanced Threat Protection (ATP) correlates signals across endpoints and identities by leveraging signal from Azure ATP (identity security). MITRE recently evaluated Windows Defender ATP’s ability to detect techniques used by the attack group APT3 (also known as Boron or UPS). Windows Defender ATP’s exceptional capabilities registered the best optics and top detection coverage across the attacker kill chain. Seamless integration is a tenet of Microsoft Threat Protection and the results from the MITRE evaluation provide another example of how seamless integration across different security services leads to exceptional security gains.
It is important to note that MITRE evaluates detection capabilities only. Windows Defender ATP also provides protection and response to threats. In a customer environment, Windows Defender ATP would have blocked many of the attack techniques at onset by leveraging attack surface reduction and next-gen protection capabilities. In addition, investigation and hunting features enable security operations personnel to correlate alerts and incidents, enabling holistic response actions.
To learn more about Microsoft’s MITRE results, read Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP and visit the MITRE website. Please reach out to your Microsoft rep to walk through the full details of the results.
Experience the evolution of Microsoft Threat Protection
Take a moment to learn more about Microsoft Threat Protection and read our previous monthly updates. Organizations have already transitioned to Microsoft Threat Protection and partners are leveraging its powerful capabilities.
Begin trials of the Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.