Helping businesses take a more proactive, layered approach to security

Helping businesses take a more proactive, layered approach to security

Microsoft’s Vasu Jakkal and Rob Lefferts discuss the important role of people and zero-trust  

Elly Yates-Roberts |

The cybersecurity landscape is becoming increasingly complex, according to Microsoft’s October 2021 Digital Defense Report.

The image of a hooded figure working with lines of code on a laptop is no longer an accurate representation of the reality. Instead, businesses are falling victim to sophisticated and well-researched cybercriminal organisations with the resources and investments to deploy complex and well-informed attacks.  

However, Microsoft is leading the charge in equipping businesses with the tools to prevent and combat these attacks. “Our approach to security is unique in the industry,” says Vasu Jakkal, corporate vice president of security, compliance, identity and management at Microsoft. “We believe that anything short of end-to-end security is no security at all. We combine security, compliance, identity and management as an interdependent whole to look across entire organisations and eliminate gaps between solutions where attackers can leverage to sneak in and hide.  

“In security, working in silos or having gaps between solutions creates opportunity for exploitation. No one else brings these critical parts of risk management together, not as a suite, but as an approach that solves problems for customers on their terms across clouds and platforms. We have an approach that is truly end-to-end, and it is notable in how deeply this is embedded in our culture.”  

The Microsoft report also highlights the widespread adoption of artificial intelligence (AI) and machine learning in improving businesses’ cybersecurity posture through better threat detection and reduced human error. 

“AI and machine learning help us understand what normal behaviour looks like for devices, identities and things,” says Jakkal. “That intelligence helps us learn and predict patterns that generate signals to identify anomalous behaviour which are sent to the cloud for analysis. Those signals enable us to enforce proactive protections to avoid the spread of malware and other kinds of attacks before they infect a user or the rest of the network.” 

Microsoft also believes that people play an important role in helping businesses be proactive – rather than reactive – when it comes to cybersecurity. “We believe in the power of our people,” says Jakkal. “We are facing a global talent shortage, with 2.5 million security jobs vacant in the USA alone. Even when talent is available, highly skilled expertise remains a challenge. We know technology is not enough to defend against cybercrime – human services play a critical role in managing security posture.  

“It is the combination of leading technologies, comprehensive threat intelligence, and highly skilled people that make for a truly effective security posture.”  

Microsoft is uniquely positioned to help improve customers’ resilience to the sophisticated, cross-domain attacks occurring today. “It is through our best-of-breed technology innovation, top security talent, skilling programmes and deep threat intelligence that we will help provide more accurate detection and faster response,” says Jakkal.  

“Today’s threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centres must be equipped with tools and expert insight to identify and resolve potentially high-impact threats before attackers set up persistence mechanisms, steal data or deploy ransomware.” 

In May 2022, Microsoft announced its new service category, Microsoft Security Experts, that is designed to meet the unique needs of customers across healthcare, financial services and other industries. This new category brings together Microsoft’s existing incident response and security advisory services with three new managed security services.  

“Our experts will help augment a customer’s existing security team or – alongside our partners – manage security for them entirely,” says Rob Lefferts, corporate vice president of modern protection and security operation centre at Microsoft. “Our vision is to deliver this new category of services across security, compliance, identity, management and privacy, and the first step on that journey is offering new and expanded services for security.” 

With input from its partners, Microsoft created three new managed services as part of the Security Experts service that will augment customer’s existing security teams.  

Microsoft Defender Experts for Hunting was created for customers who already have a robust security operations centre and want Microsoft to help them proactively hunt for threats. “It goes beyond traditional end-point hunting and expands the scope across end points, Office 365, cloud applications and identity,” says Lefferts. “Through their security portal, customers will get targeted attack notifications and access to experts on demand at the click of a button.” 

Defender Experts for Hunting is an evolution of a managed hunting service called Microsoft Threat Experts that was launched in 2019. The new version can hunt across all of Microsoft 365 Defender. “This is because we can find more threats with better contextual information on what the attacker is doing if we correlate end-point data across Office 365, cloud apps and identity data as well,” says Lefferts.  

Microsoft Defender Experts for XDR is a managed extended detection and response service that combines machine automation and human expertise to proactively hunt for threats and reactively respond to incidents alongside customer’s existing security team. 

According to Lefferts, one of the major changes in the cybersecurity landscape is the shift to ‘attack kill chains’ that are no longer limited to end points. “They extend beyond the end point to identity, cloud apps, and email,” Lefferts explains. “Protection across each of those domains requires a solution that can intelligently correlate alerts from each into an incident. Incidents are what alert security teams that there is a larger-scale attack. This more comprehensive and complete view is imperative in today’s security landscape.”  

According to Microsoft Azure Active Directory authentication log data from 2022, there are 921 attempted password attacks every second, which equates to over 79 million attempts every day. And this has nearly doubled over the past 12 months. 

In the multi-cloud, multi-platform world in which enterprises currently operate, the number of platforms, devices, users, services, and locations multiplies exponentially. As such, securing those dynamically changing identities and permissions is becoming an increasingly important aspect of defence. 

“We believe that the best way for organisations to protect themselves is not to detect an intrusion after it happened, but to hunt for threats proactively within existing and new data, correlate signal intelligence to see complete incidents, not just alerts, and to build a modern, zero-trust security posture,” says Lefferts.  

Zero-trust strategies play an integral role in business security, and therefore in Microsoft’s offerings. “People and organisations need to have trust in the technologies that bring them together,” says Lefferts. “The term ‘zero trust’ may feel like the opposite of that, but when you assume breach and provide the least privileged access necessary, it actually empowers employees with the flexibility and freedom they want with the security they and businesses need.”  

Instead of assuming everything behind the corporate firewall is safe, a zero-trust model assumes a breach and verifies each request as if it originates from an open network. Regardless of where the request originates or what resource it accesses, zero trust teaches users to ‘never trust, always verify’. Every access request is fully authenticated, authorised and encrypted before granting access.  

“Customers who have implemented a zero-trust strategy report that their employees can complete their duties from anywhere in the world while still maintaining necessary control over core security needs,” says Lefferts. “They are able to quickly scale up remote work as needed, and they say their employees are more productive with a reliable connection and simplified sign-in.”  

The ability to maintain a high level of security from remote locations is particularly important today, as workforces are increasingly dispersed.  

“At the beginning of the pandemic, when organisations all over the world were figuring out how to support a suddenly remote workforce, people were very much in a reactive mode of survival, figuring out how to sustain productivity,” says Lefferts. “As we began to settle into this new normal, our customers started to look at the unique problems remote and hybrid work presented – from managing devices to ensuring employees are using secure connections to staying on top of insider risk.  

“Remote and hybrid work accelerated adoption of the cloud in new ways and also uncovered some security risks that had remained unnoticed in the past. We’ve seen many of our customers really take a proactive and hands-on approach to create a new way of working that is secure, flexible and productive for their employees.”  

To truly meet the challenge of hybrid security, Jakkal believes that defenders across the industry must come together for an end-to-end, zero-trust security approach that covers the entire technology ecosystem.  

“Digital transformation cannot happen without security transformation,” Jakkal says. “Hybrid work requires a zero-trust strategy. There is no one-size-fits-all approach to zero-trust implementation, and that’s a good thing. It means you’re free to start anywhere. Organisations of all sizes begin in different areas, based on their immediate needs and available resources.” 

A variety of Microsoft partners also contributed to this feature: AvePoint, Axiad, Center for Internet Security, Darktrace, Fastpath, Gamma, JourneyTEAM, Secured2 Corporation, Skkynet, Synergy Technical, Tiberium Technology, Sophos, ITC Secure, Cofense, Red Sift, Open Systems, Kensington, Barracuda, Orca Security. Read about how they are helping customers improve their cybersecurity infrastructure and prevent attacks.  

This article was originally published in the Summer 2022 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.

Subscribe to the Technology Record newsletter

  • ©2024 Tudor Rose. All Rights Reserved. Technology Record is published by Tudor Rose with the support and guidance of Microsoft.