Security is more important now than ever, given the new players, motives, and sophistication of cybercrime. Earlier this year, Cisco Systems issued it’s Annual Cybersecurity Report (read my coverage here), which, amongst other things, found that the threat surface is rapidly expanding with the advent of IoT, large-scale ransomware attacks are on the rise (remember WannaCry?), and cybercriminals are becoming increasingly evasive and sophisticated by embracing encryption. It’s a scary world out there, and it’s getting scarier—enterprises have to protect themselves. Microsoft, more than ever, is investing to be the enterprise’s one-stop shop for security. Microsoft’s RSA 2018 announcements are another stop along the way and I wanted to weigh in on the company’s security-related announcements coming out of the event.
Azure Sphere debuts
The first announcement I’ll hit on here and the biggest is the preview of Microsoft Azure Sphere, a solution for creating extremely secure microcontroller devices (MCUs). For those unfamiliar, MCUs are the tiny chips that function as the “brain” for the many household and industrial connected devices. Given the proliferation of such devices (9 billion MCU-powered devices are purportedly built and deployed each year), they are an increasing target for cybercriminal activity. Azure Sphere’s three components seek to address this.
Azure Sphere- MCU, OS, Cloud security service
First, Microsoft announced Azure Sphere certified MCUs, which combines real-time (MCU) and application processors (MPU) with Microsoft security technology and connectivity” into a cross-over class of MCUs. RTL has been shared with companies like MediaTek, NXP, and Qualcomm and they will actually bring them to market. Secondly, Microsoft announced the new Azure Sphere OS, a Linux-based (yes, for real) OS that Microsoft says is “purpose-built” for security and agility, providing many more layers of security than the ones currently powering most MCUs. All of this is rounded out with the new Azure Sphere Security Service, a cloud-service that protects all Azure Sphere devices and brokers trust in communication through certificate-based authentication. Azure Sphere Security Service detects emerging threats in its ecosystem via online failure reporting and renews security via software updates to make sure all devices are up to date on their protections.
I’ve always faulted the security industry for the lack of comparable security benchmarks and the coded language it uses. Why would the CEO, CFO, or board of any company pay more for security if it’s not measurable or communicated in a consistent way? Microsoft is now seeking to improve this, with the newly announced Microsoft Secure Score. Secure Score was designed to simplify security assessment for organizations, giving them an overall security benchmark score for their readiness to handle threats, and letting them compare their results with other, similar organizations’ scores using machine learning. While of course, I’ll have to see this in action before I completely weigh in, it looks to be just the sort of security benchmark system I’ve been waiting for, at least at the enterprise-level. What I’d really like to see those same scores designated to PCs, tablets, and phones, too. This would enable organizations to better get funding by having a comparable “benchmark” to compare and justify investments. The security industry needs to get this right else they’l be stuck whining and wondering why companies don’t invest in security.
Secure Score Summary
The Attack Simulator is a great addition, and it does precisely what it sounds like it does—simulate attacks. As a part of Office 365 Threat Intelligence, this simulator allows security teams to run mock ransomware and phishing campaigns (amongst other potential forms of attacks), to test their organization’s readiness and better tune their security configurations.
ATP expands its coverage to Microsoft 365
Microsoft also announced at RSA 2018 that the latest Windows 10 update (currently in preview) expands Windows Defender Advanced Threat Protection (ATP) coverage across Office 365, Windows 10, and Azure. This is a very big deal, as Microsoft 365 customers can now get full ATP coverage. New automated investigation and remediation capabilities are also coming to ATP with the new Windows 10 update, which Microsoft says will utilize AI and ML to quickly detect and neutralize endpoint threats, at scale. Given the millions and billions of pieces of alerts that come in, AI is the only way to sort through them all.
Conditional Access Device Risk Levels
The last ATP-related announcement was that Microsoft was adding device risk levels (established by ATP) to Conditional Access in preview, a feature which the company says will help prevent the access of sensitive data by compromised devices. This is like a white, gray and blacklisting for devices and with it, certain pieces of data and recommended remediation, whether that be lock-out, MFA, limit access, etc.
Microsoft introduces new security API
Some companies utilize social (Facebook), search (Google), and shopping (Amazon) graphs to mine intelligence from consumer and business use cases. These companies have this for various reasons and we all got a taste of how some companies and countries use the Facebook social Graph. Microsoft now has its Intelligent Security Graph, which pulls security data from its own endpoints (like Windows and Office 365) and also across companies in the newly-formed Microsoft Intelligent Security Association. The association’s founding members include Palo Alto Networks, Anomoli, and PwC, all of whom add even more signals to the security graph.
Microsoft Intelligent Security Graph
I’d love for more companies to join the association, including security stalwarts Apple, Cisco Systems and Arm. Microsoft announced at RSA a preview of a new security API, designed for the purpose of connecting Microsoft Intelligent Security Graph-enabled products and other solutions built by the company’s customers and partners. While Microsoft has a massive (yes, massive) security graph of its own, it’s very important to get as many people collaborating as possible.
Wrapping up
All of these announcements are great examples of the work Microsoft is doing to build end-to-end security capabilities and become a true one-stop-shop for the secure enterprise. Microsoft, and for that matter, companies like Cisco Systems and Palo Alto Networks, realize that stringing together complex security systems from multiple vendors is hard to do and enterprises are asking for help.