Microsoft Announces IoT Security Silicon And Platform In Its March To Deliver End To End Security

Security is more important now than ever, given the new players, motives, and sophistication of cybercrime. Earlier this year, Cisco Systems issued it’s Annual Cybersecurity Report (read my coverage here), which, amongst other things, found that the threat surface is rapidly expanding with the advent of IoT, large-scale ransomware attacks are on the rise (remember WannaCry?), and cybercriminals are becoming increasingly evasive and sophisticated by embracing encryption. It’s a scary world out there, and it’s getting scarier—enterprises have to protect themselves. Microsoft, more than ever, is investing to be the enterprise’s one-stop shop for security. Microsoft’s RSA 2018 announcements are another stop along the way and I wanted to weigh in on the company’s security-related announcements coming out of the event.

Azure Sphere debuts

The first announcement I’ll hit on here and the biggest is the preview of Microsoft Azure Sphere, a solution for creating extremely secure microcontroller devices (MCUs). For those unfamiliar, MCUs are the tiny chips that function as the “brain” for the many household and industrial connected devices. Given the proliferation of such devices (9 billion MCU-powered devices are purportedly built and deployed each year), they are an increasing target for cybercriminal activity. Azure Sphere’s three components seek to address this.

Azure Sphere- MCU, OS, Cloud security service

First, Microsoft announced Azure Sphere certified MCUs, which combines real-time (MCU) and application processors (MPU) with Microsoft security technology and connectivity” into a cross-over class of MCUs. RTL has been shared with companies like MediaTek, NXP, and Qualcomm and they will actually bring them to market. Secondly, Microsoft announced the new Azure Sphere OS, a Linux-based (yes, for real) OS that Microsoft says is “purpose-built” for security and agility, providing many more layers of security than the ones currently powering most MCUs. All of this is rounded out with the new Azure Sphere Security Service, a cloud-service that protects all Azure Sphere devices and brokers trust in communication through certificate-based authentication. Azure Sphere Security Service detects emerging threats in its ecosystem via online failure reporting and renews security via software updates to make sure all devices are up to date on their protections.

This announcement is huge on many fronts. It fills in many pieces of the puzzle for how Microsoft intends to address the IoT space. First off, Microsoft is a software and services company, not a chip company, but Microsoft realizes that what many customers want right now are solutions, not necessarily piece parts. To be clear, some want full DIY but as many don’t want that. And to do so, you need hardware, and OS, apps and a cloud service. It will be important that Microsoft have a roadmap for future devices as the market shifts and turns and would expect more powerful designs in the future. No one wants to invest in a dead-end hardware platform. Like a chip company, Microsoft will need to do updates like chip companies do. The Linux OS is a mind-blower as it’s, well, Linux, and not Windows. Pragmatically, this makes sense, but it’s too bad Microsoft couldn’t get IoT Windows small enough. This is the new Microsoft that is making decisions based on what it thinks is the best customer solution whether it’s Windows or not. To program that tiny chip, Microsoft will be extending Visual Studio, of course, which should be easier than many of the impossible-to-use MCU programming tools. At the event, Microsoft claimed “no lock-in” and says the system can be used with current Amazon.com AWS, Google GCP, and IBM Cloud implementations, but I’ll need to do some more research on exactly what that means.

Getting the jump on cyber threats

I’ve always faulted the security industry for the lack of comparable security benchmarks and the coded language it uses. Why would the CEO, CFO, or board of any company pay more for security if it’s not measurable or communicated in a consistent way? Microsoft is now seeking to improve this, with the newly announced Microsoft Secure Score. Secure Score was designed to simplify security assessment for organizations, giving them an overall security benchmark score for their readiness to handle threats, and letting them compare their results with other, similar organizations’ scores using machine learning. While of course, I’ll have to see this in action before I completely weigh in, it looks to be just the sort of security benchmark system I’ve been waiting for, at least at the enterprise-level. What I’d really like to see those same scores designated to PCs, tablets, and phones, too. This would enable organizations to better get funding by having a comparable “benchmark” to compare and justify investments. The security industry needs to get this right else they’l be stuck whining and wondering why companies don’t invest in security.

Secure Score Summary

The Attack Simulator is a great addition, and it does precisely what it sounds like it does—simulate attacks. As a part of Office 365 Threat Intelligence, this simulator allows security teams to run mock ransomware and phishing campaigns (amongst other potential forms of attacks), to test their organization’s readiness and better tune their security configurations.

ATP expands its coverage to Microsoft 365

Microsoft also announced at RSA 2018 that the latest Windows 10 update (currently in preview) expands Windows Defender Advanced Threat Protection (ATP) coverage across Office 365, Windows 10, and Azure. This is a very big deal, as Microsoft 365 customers can now get full ATP coverage. New automated investigation and remediation capabilities are also coming to ATP with the new Windows 10 update, which Microsoft says will utilize AI and ML to quickly detect and neutralize endpoint threats, at scale. Given the millions and billions of pieces of alerts that come in, AI is the only way to sort through them all.

Conditional Access Device Risk Levels

The last ATP-related announcement was that Microsoft was adding device risk levels (established by ATP) to Conditional Access in preview, a feature which the company says will help prevent the access of sensitive data by compromised devices. This is like a white, gray and blacklisting for devices and with it, certain pieces of data and recommended remediation, whether that be lock-out, MFA, limit access, etc.

Microsoft introduces new security API

Some companies utilize social (Facebook), search (Google), and shopping (Amazon) graphs to mine intelligence from consumer and business use cases. These companies have this for various reasons and we all got a taste of how some companies and countries use the Facebook social Graph. Microsoft now has its Intelligent Security Graph, which pulls security data from its own endpoints (like Windows and Office 365) and also across companies in the newly-formed Microsoft Intelligent Security Association. The association’s founding members include Palo Alto Networks, Anomoli, and PwC, all of whom add even more signals to the security graph.

Microsoft Intelligent Security Graph

I’d love for more companies to join the association, including security stalwarts Apple, Cisco Systems and Arm. Microsoft announced at RSA a preview of a new security API, designed for the purpose of connecting Microsoft Intelligent Security Graph-enabled products and other solutions built by the company’s customers and partners. While Microsoft has a massive (yes, massive) security graph of its own, it’s very important to get as many people collaborating as possible.

Wrapping up

All of these announcements are great examples of the work Microsoft is doing to build end-to-end security capabilities and become a true one-stop-shop for the secure enterprise. Microsoft, and for that matter, companies like Cisco Systems and Palo Alto Networks, realize that stringing together complex security systems from multiple vendors is hard to do and enterprises are asking for help.

I’m glad to see we’re finally starting to have an easier way to see the level of comparable cybersecurity standards with Microsoft Secure Score, which I hope will help justify purchases and internal communications. The Attack Simulator looks to be another great tool to help security teams fine-tune their strategies and not have to wait for a real disaster to happen to test their systems. From the expansion of ATP, to the new Security Graph API, to Azure Sphere, it’s clear Microsoft is serious about addressing the emerging threats that come part and parcel with IoT and the proliferation of unsecured endpoints.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.