Archive

Archive for the ‘Microsoft Intelligent Security Association (MISA)’ Category

Compliance joins Microsoft Intelligent Security Association (MISA)

March 3rd, 2021 No comments

Like many of you, I’m thrilled to have my 2020 calendar safely in the recycling pile. During that time though, you too might have noticed how, perhaps unknowingly, you were able to turn some of last year’s lemons into lemonade. Maybe you developed a deeper appreciation for everyday moments and the people in your life, gaining a new perspective on what matters most.

For my team, seeing the Microsoft Intelligent Security Association (MISA) grow to 190 partner companies has been a bright spot in a dark year. To date, MISA members have created 215 product integrations, and I’m pleased to announce that our pilot program for adding managed security service providers (MSSPs) has formally transitioned. MISA now includes 39 MSSP members who have created 76 MSSP offers since the beginning of the fiscal year.

“Microsoft Security integrates with a broad ecosystem of platforms and cloud providers, so they work with the things you already have in your environment; whether those things are from Microsoft, or not. Our partners are key to helping facilitate this integration.”Vasu Jakkal, CVP, Security, Compliance and Identity

“Adding managed security service providers promises to increase the ecosystem’s value even more by offering an extra layer of threat protection—reducing the day-to-day involvement of in-house security teams. It’s another important step in strengthening and simplifying security at a time when risk mitigation is one of IT’s highest priorities.”Shawn O’Grady, Senior Vice President and General Manager, Cloud + Data Center Transformation at Insight

Because Microsoft’s footprint extends across many technologies, we have an advantage in creating holistic solutions that encompass the full breadth of security, compliance, and identity. In keeping with that end-to-end approach, we’ve expanded MISA to include 5 new compliance products, growing the MISA product portfolio to 18.

“The explosion of data from digital transformation and remote work make the integration of security and compliance tools across internal and external ecosystems more critical than ever. Together with the deep expertise of our MISA members, we can help our customers address their complex, evolving security and compliance needs.”Alym Rayani, General Manager, Microsoft Compliance

Compliance comes to MISA

Microsoft compliance products help our customers assess their compliance risk, protect their sensitive data, and govern it according to regulatory requirements. Through MISA, members get support in building managed services and integrations that:

  1. Protect and govern data wherever it lives.
  2. Identify and take actions on critical insider risks.
  3. Simplify compliance and reducing risk.
  4. Investigate and respond with relevant data.

“TeleMessage is excited to bring our Mobile Communication Archiving products to be a part of Microsoft’s security solutions. Being a MISA member allows us to work closely with the Microsoft teams and allows us to provide seamless, secure, and compliant integrations delivering all popular forms of mobile communication.”—Guy Levit, CEO at TeleMessage

Microsoft Information Protection has been part of MISA since the association began in 2018, providing broad coverage across devices, apps, cloud services, and on-premises systems. This year, we’re continuing to develop our holistic partner community across security, compliance, and identity by adding five additional Microsoft compliance products to our portfolio:

  • Microsoft Information Governance: Keep what you need and delete what you don’t. Apply compliance solutions and a deletion workflow for email, documents, instant messages, social media, document collaboration platforms, and more.
  • Microsoft Data Loss Prevention: Help users stay compliant without interrupting their workflow—prevent the accidental sharing of sensitive information across Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, and desktop versions of Excel, PowerPoint, and Microsoft Word.
  • Microsoft 365 Insider Risk Management: Identify critical insider risks and take the appropriate action. With built-in privacy controls, use native and third-party signals to identify, investigate, and remediate malicious and inadvertent activities in your organization.
  • Microsoft Advanced eDiscovery: Gain an end-to-end workflow to collect, analyze, preserve, and export content that’s responsive to your organization’s internal and external investigations. Identify persons of interest and their data sources, then manage the legal-hold communication process.
  • Microsoft Compliance Manager: Get help throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.

“Joining MISA enhances our relationship with Microsoft and our commitment to being an information governance and compliance leader providing solutions for organizations to bring third-party data into Microsoft 365 archive,” said Charles Weeden, Managing Partner of 17a-4, LCC. “DataParser’s connectors will allow Microsoft 365 Compliance users to ingest content from various sources, such as Bloomberg, Slack, Symphony, Webex Teams and many others.”

Connectors and APIs to extend compliance capabilities

Organizations today face an intimidating amount of data to protect across disparate systems, both on-premises and in the cloud. That’s why Microsoft compliance solutions span information protection and governance, data-loss prevention, insider risk, eDiscovery, audit, and compliance management—including your non-Microsoft data.

Microsoft 365 compliance enables organizations to extend, integrate, accelerate, and support their compliance solutions with three key building blocks:

All of these new capabilities exist within Microsoft’s integrated compliance platform. Meaning, customers only need to set compliance policies a single time, regardless of the data source.

“The Veritas Merge1 connector platform integration with M365 allows our joint customers to configure, connect, and capture a vast number of data sources from within the M365 compliance center. The integration makes it easy to quickly identify which data sources need to be captured, to configure connectivity to those data sources and to pull data into M365 all from within the Azure infrastructure. Our development teams have worked closely together for over 12 months to make sure the workflow is simple and the capabilities are robust. With the increase in global regulations over the past several years, our goal is to simplify compliance, and we believe we have achieved that by working together with Microsoft.”David Scott, Sr. Director, Digital Compliance at Veritas Technologies

Microsoft Security lights the way

As the global pandemic forced millions into remote work last year, hackers took advantage and upped their game, as seen with the recent Solorigate attack. Many organizations saw their sensitive data created, viewed, and distributed across multiple fragmented platforms that increased the potential attack surface. Because we view security as part of the common good, we chose to take a proactive approach; shifting cybersecurity away from the shadows and into a place of innovation and empowerment.

“MISA has helped us promote successful integrations with Azure Security Graph API and Azure Active Directory, both now deeply embedded in Barracuda security solutions.”Tim Jefferson, SVP Data, Networking, and Applications, Barracuda Networks

During Microsoft Ignite, March 2-4, 2021, you’ll see added investment in our security, compliance, and identity portfolio as we continue to innovate and create holistic solutions that support cultures of security for our customers and partners, based on four basic principles:

  • Protect everything: Safeguard your entire organization with integrated security, compliance, and identity solutions built to work across platforms and cloud environments.
  • Simplify the complex: Prioritize risks with unified management tools and strategic guidance created to maximize the human expertise inside your company.
  • Catch what others miss: Enable AI, automation, and human expertise to help you detect threats quickly, respond effectively, and fortify your security posture.
  • Grow your future: Gain the peace of mind that comes with a comprehensive security solution, empowering you to grow, create, and innovate across your business.

To learn more about upcoming big announcements at Microsoft Ignite this week, visit our latest blog posts:

To learn more about Microsoft Security solutions, visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Compliance joins Microsoft Intelligent Security Association (MISA) appeared first on Microsoft Security.

What we like about Microsoft Defender for Endpoint

February 22nd, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA 

It’s no secret that the security industry generally likes Microsoft Defender for Endpoint. After a few months of using and integrating it with our platform here at Expel, we feel the same.

On Expel’s EXE Blog, we regularly share our thought process on how we think about security operations at scale at Expel and the decision support (or additional context) we provide our analysts through automation.

In short, Defender for Endpoint makes it easy for us to achieve our standard of investigative quality and response time, but it doesn’t require a heavy lift from our analysts. And that’s good news both for our customers and for us.

So, what is Microsoft Defender for Endpoint?

Defender for Endpoint is an enterprise endpoint security product that supports Mac, Linux, and Windows operating systems, along with Android and iOS. There are lots of cool things that Defender for Endpoint does at an administrative level (such as attack surface reduction and configurable remediation). However, from our vantage point, we know it best for its detection and response capabilities.

Defender for Endpoint is unique because not only does it combine an Endpoint Detection and Response (EDR) and AV detection engine into the same product, but for Windows 10 hosts, this functionality is built into the operating system, removing the need to install an endpoint agent.

With an appropriate Microsoft license, Defender for Endpoint and Windows 10 provide out-of-the-box protection without the need to mass-deploy software or provision sensors across your fleet.

How EDR tools help us as an XDR vendor

When we integrate with an EDR product like Defender for Endpoint in support of our customers, our goal is to predict the investigative questions that an analyst will ask and then automate the action of getting the necessary data from that tool.

This frees up our analysts to make the decision—versus making them spend time extracting the right data.

We think Defender for Endpoint provides the right toolset that helps us reach that goal—and removes some burden from our analysts—thanks to its APIs.

Thanks to Defender for Endpoint’s robust APIs, we augmented its capability to provide upfront decision support to our analysts. As a result, we’re able to arm them with the answers to the basic investigative questions we ask ourselves with every alert.

To find these answers, there are a few specific capabilities of Defender for Endpoint we use that allow us to pull this information into each alert:

  • Advanced hunting database.
  • Prevalence information.
  • Detailed process logging.
  • AV actions.

This way, our analysts don’t need to worry about fiddling with the tool but instead focus on analyzing the rich data it provides.

Check out a real-life example of how Expel analysts use Defender for Endpoint to triage an alert on behalf of a customer.

Defender for Endpoint helps reduce our alert-to-fix time

The decision support—or additional context about an alert—that Defender for Endpoint enables us to generate is powerful because it allows us to become specialists at analysis rather than specialists of a specific technology.

Defender for Endpoint provides a platform that allows our analysts to quickly and accurately answer important questions during an investigation.

Most importantly, though, having these capabilities emulated in the API allowed us to build on top of the Defender for Endpoint platform to be more efficient in providing high-quality detection and response.

And that’s a win-win for both Expel and our customers.

Learn more

To learn more about Expel, visit our listing on the Azure Marketplace.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post What we like about Microsoft Defender for Endpoint appeared first on Microsoft Security.

Automating and operationalizing data protection with Dataguise and Microsoft Information Protection

February 4th, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA

In technical literature, the terms data discovery, classification, and tagging are sometimes used interchangeably, but there are real differences in what they actually mean—and each plays a critical role in an enterprise data protection strategy.

Data discovery is the process of reporting information about the sensitivity of a data object. The granularity of reporting typically includes what type of sensitive information is found, exactly where it is found, along with the exact cardinality of sensitive data elements. Data classification is the association of a label, which typically has some business value, to an object (file or a table). Classification is often stored as metadata in a separate system or an external data catalog and enables downstream usage of a data object based on security or privacy policies. Data tagging (labeling) is the application of an actual label (or classification) to the associated object.

The important thing to note here is that data discovery is always foundational to a data protection strategy. Classification and tagging depend on accurate discovery to drive the appropriate method of protection, which will ultimately depend on the consumption or utilization and privacy requirements for the data. The more comprehensive and efficient (automated and integrated) the data discovery, the more effective and cost-effective the data protection.

Dataguise and Microsoft Information Protection: Better together

 Now, you probably know that Microsoft Information Protection is a comprehensive suite of services and features that Microsoft offers for its customers to classify, label, and protect data. Microsoft Information Protection forms the core of many enterprise data protection strategies.

Dataguise is a sensitive data discovery and protection software that now integrates with Microsoft Information Protection. More specifically, it performs context-aware discovery of structured, unstructured, and semi-structured data, and can use the results of that discovery to report on data classification, tag data with Microsoft Information Protection-readable labels, and protect sensitive data either natively—via innumerable methods of masking, encryption, and monitoring—or by integrating with Microsoft Information Protection or a third-party data protection solution. It’s a highly scalable solution that relies on machine learning and other heuristics to allow for efficient, accurate data discovery in multi-petabyte, hybrid environments.

With Dataguise, discovery can be done at several levels to meet various risk, compliance, or data governance goals; but there are two kinds of discovery that are of particular interest here, and it’s important to distinguish them:

  1. Discovery of personal information and other sensitive data: This is the process of finding and reporting data governed by PII, PCI, PHI, and any similar policy, where all sensitive data needs to be discovered but not associated with an individual. Such requirements are typically driven by industry security standards or regulations.
  2. Identity-based data discovery: This is the process of finding and reporting data specifically related to an individual. The contents of the report may or may not be useful for directly identifying the associated individual, but the entirety of a report constitutes the breadth of information that an enterprise possesses about the given data subject. Identity-based discovery is typically driven by recent data privacy laws like GDPR in the EU, CCPA in California, and LGPD in Brazil.

A data protection strategy that takes both types of discovery into account and incorporates technologies to perform them accurately, efficiently, and comprehensively—can add value not only for information security or privacy teams but for risk, compliance, governance, analytics, marketing, and IT operations teams as well. When you think of all the ways an organization collects, uses, shares, and stores data across the enterprise, more granular visibility leads to more precise control and, therefore, greater business flexibility and agility to maximize data value.

Ultimately, Dataguise complements Microsoft Information Protection capabilities, making the combination extremely useful for the customer.

The discovery synergy: Dataguise augments Microsoft Information Protection scanning capabilities

Dataguise’s real strength lies in the fact that it can discover and report sensitive and personal data across relational databases, NoSQL databases, Hadoop, file shares, cloud stores like ADLS, S3, and GCS, and over 200 different cloud-based applications. Therefore, Dataguise primarily can extend Microsoft Information Protection’s scanning coverage to structured and unstructured data stored outside Microsoft products to the ones mentioned above. This is a game-changer, as Microsoft Information Protection can now be used to tag all co-located sensitive and personal data on all co-located platforms.

The protection synergy: Dataguise enhances downstream data protection capabilities for Microsoft Information Protection

 Dataguise uses Microsoft Information Protection’s SDK to seamlessly integrate discovery with Microsoft Information Protection’s tagging capability. Whether the tags power DLP, access control, or encryption and decryption solutions, Dataguise can either natively or by leveraging a third-party solution, team up with Microsoft Information Protection to create an end-to-end data protection strategy and automated implementation.

So how does this all work?

The integration is seamless and starts with defining the tags in Microsoft Information Protection. Then, there is a mapping of these tags to one or a combination of sensitive elements, out-of-the-box or custom in Dataguise. As Dataguise runs its discovery scans, it is using that mapping to report tags corresponding to each file that it has scanned. Now, using the Microsoft Information Protection SDK, these tags are applied to the corresponding file. Dataguise discovery uses context-aware discovery based on machine learning, which benefits Microsoft Information Protection by tagging files accurately and at scale. The figure below shows the flow:

An infographic that shows the flow of context-aware discovery based on machine learning.

Dataguise and Microsoft Information Protection bring a powerful combination of capabilities to any data protection strategy and implementation. The joint value of this integration lies in the fact that Dataguise can cover a broad range of platforms for discovery, and then leverage Microsoft Information Protection labeling to enable downstream data protection. Intelligent and context-aware data discovery is foundational to data protection, and with accurate optics, enterprise-wide implementation of comprehensive and automated data protection policies can be achieved.

For more information about the Dataguise Sensitive Data Discovery and Protection solution, please visit www.dataguise.com. You can also find Dataguise on the Azure Marketplace.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Automating and operationalizing data protection with Dataguise and Microsoft Information Protection appeared first on Microsoft Security.

Blue Cedar partners with Microsoft to combat BYOD issues

January 21st, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.  

Bring Your Own Device (BYOD) has been a divisive topic within corporations for years. Employees wanted the convenience of working on their own smart devices, and business decision-makers recognized the cost and productivity benefits. IT teams knew unmanaged devices would result in more work and security holes. 

As you know, the business side won out. The line-of-business (LOB) mobile app market exploded, and BYOD became the rule rather than the exception. Today, corporate IT teams manage hundreds of mobile LOBs ranging from apps developed in house to Microsoft 365, with more on the horizon. There is one thing that everyone can agree on, however: Employers should not manage their employees’ personal devices. 

Establishing data boundaries

IT teams constantly struggle to walk the delicate line of managing corporate data without impinging on personal data. The Microsoft Intune and Microsoft Office 365 teams set out to solve the problem together. The teams worked together to develop app protection policies (APPs) for what would become Microsoft Endpoint Manager (MEM). The APP places restrictions on how Office 365 data can be used on a completely managed or completely unmanaged device. Specifically:  

  • Data can only be shared between managed Office 365 apps. 
  • Users cannot forward it or save it to a non-Office 365 resource. 

Blue Cedar’s solution for Microsoft

IT and security teams have been searching for a solution to accommodate BYOD that won’t compromise network security. The Blue Cedar Platform is a no-code Integration service that enables new capabilities to be added to Mobile apps post-build without requiring a developer. With a couple of clicks, you can add Intune MAM, Azure Active Directory Authentication, and other SDKs into your compiled mobile app. The platform works with native apps or apps written using a mobile framework and integrates into your existing app delivery workflow. Built-in integrations with GitHub and the Intune cloud allow you to build seamless workflows that add new app capabilities and skip manual operations.  

Feature highlights: 

  • Add Microsoft Endpoint Manager App Protection Policy capabilities.  
  • Add new app authentication flows include the use of the Microsoft authenticator app. 
  • Keep corporate data separate from personal data. 
  • Allow users to BYOD without creating security vulnerabilities. 
  • Maintains end-user privacy. 

Secure VPN connections to on-premises resources

There is one last thing I’d like to tell you about today—and it’s a potential gamechanger for many organizations. Many companies still maintain critical data on-prem, meaning employees can’t easily access it from their mobile devices. Utilizing our patented No-code integration technology, VPN capabilities can be added to mobile apps allowing them to attach to the corporate network. 

Our in-app VPN functionality enables users to automatically connect to on-premises and in-cloud networks without requiring device management or complex VPN configuration. Our VPN connectivity is transparent and secured via a multi-factor authentication backed by Azure AD 

Infographic showing Secure VPN connections to on-premises resources using Blue Cedar

Secure VPN feature highlights: 

  • Extends network availability to on-prem networks. 
  • Permits login with Azure AD credentials. 
  • Separates corporate data from personal data.
  • Improves productivity. 

The Blue Cedar platform is also the only way to securely connect Intune-enabled apps to both cloud and on-premises databases for a single sign-on (SSO) experience without bringing the devices under management. 

Better BYOD for your organization

BYOD is here to stay; the Blue Cedar collaboration with Microsoft will save you time, resources, and budget while providing secure mobile access to your on-prem or cloud-based resources.  

To learn more about Blue Cedar Platform, visit the Blue Cedar listing in the Azure Marketplace or visit our web page about Blue Cedar’s no-code integration service. 

To learn more about the Microsoft Intelligent Security Association (MISA), visit the MISA website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.  

The post Blue Cedar partners with Microsoft to combat BYOD issues appeared first on Microsoft Security.

Forcepoint and Microsoft: Risk-based access control for the remote workforce

January 4th, 2021 No comments

This blog post is part of the Microsoft Intelligence Security Association (MISA) guest blog series. Learn more about MISA here.

Adopting cloud-based services as part of an organization’s digital transformation strategy is no longer optional, it’s a necessity. Last year, only 18 percent of the workforce worked remotely full-time. Today, companies have been forced to accelerate their digital transformation efforts to ensure the safety and well-being of employees. At the same time, organizations cannot afford to sacrifice productivity for the sake of security. With the massive move to online experiences and remote working, comes a new set of challenges—how do you ensure your data, your network, and your employees stay secure, wherever they are?

Forcepoint has integrated with Azure Active Directory (Azure AD) to enhance existing Conditional Access capabilities by orchestrating change in authentication policies dynamically so that every user authenticates with steps aligned to their risk score. Active sessions can be terminated upon risk score increase so that users must re-authenticate using an enhanced sequence of challenges, and users can be temporarily blocked in the case of high risk. Forcepoint risk scores, combined with Azure AD risk, are calculated based on the user’s context, such as location or IP, to help automatically and accurately prioritize the riskiest users. The joint solution enables administrators to protect critical data and leverage the power of automation to prevent data compromise and exfiltration from occurring. By combining the power of Azure AD with Forcepoint security solutions, organizations can scale a risk-adaptive approach to identity and access management and cloud application access without changing their existing infrastructure.

People are the perimeter

Before COVID-19, in our 2020 Forcepoint Cybersecurity Predictions and Trends report, we detailed the shifting emphasis to a “cloud-first” posture by public and private sector organizations alike. There was, and still is, a clear need for organizations to expand their view of network security and begin to understand that their people are the new perimeter. Today, more than ever, it is imperative for businesses to comprehend and to manage the interaction between their two most valuable assets—their people and their data.

Human-centric cybersecurity is about focusing on not just individuals, but how their behaviors evolve over time. Forcepoint risk scores are designed to continuously calculate the level of risk associated with individual behavior in the past, present, and future. Most organizations today will adopt blanket policies to improve their security posture. Even though policies for individuals may have some level of flexibility, most tend to apply policies to all users within a group—regardless of the individual risk profile. This results in unnecessarily complicated steps for low-risk users accessing common applications, and weak authentication challenges for privileged users logging into critical systems. In short, these implementations are likely frustrating your low-risk users by creating barriers to productivity and allowing high-risk users to fly under the radar.

Forcepoint’s mission is to provide enterprises with the tools needed to understand and quickly assess the risk levels of human behavior across their networks and endpoints and take automated action by implementing risk adaptive protection. We offer a portfolio of security solutions designed to quickly and continuously assess the potential of compromised user risk and automatically apply the appropriate protective measures.

Forcepoint + Azure Active Directory = Better together

Forcepoint has partnered with the Azure Active Directory team on a series of integrations designed to provide remote workers secure access to their cloud and legacy on-premise applications. Together, our integrated solutions combine the risk score calculated by Forcepoint’s Cloud Access Security Broker (CASB)—with Azure AD—to apply the appropriate conditional access policies tailored to each individual user risk.

integrated solutions combine the risk score calculated by Forcepoint’s CASB - with Azure AD- to apply the appropriate conditional access policies tailored to each individual user risk.

Learn more about the Forcepoint products that integrate with Microsoft Azure, including the technical implementation and demonstrations of how Forcepoint risk adaptive protection influences the conditional access policies of a potentially compromised user:

Give your organization the control it needs to protect critical assets and data by combining Forcepoint with the power of Azure AD today.

About Forcepoint

Forcepoint is a leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with networks, data, and systems. Forcepoint provides secure access solutions without compromising employee productivity. For more information, visit forcepoint.com.

Forcepoint is a member of the Microsoft Intelligent Security Association.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Forcepoint and Microsoft: Risk-based access control for the remote workforce appeared first on Microsoft Security.

A breakthrough year for passwordless technology

December 17th, 2020 No comments

As 2020 draws to a close, most of us are looking forward to putting this year in the rearview mirror. Since we depend even more on getting online for everything in our lives, we’re more than ready to be done with passwords. Passwords are a hassle to use, and they present security risks for users and organizations of all sizes, with an average of one in every 250 corporate accounts compromised each month. According to the Gartner Group, 20 to 50 percent of all help desk calls are for password resets. The World Economic Forum (WEF) estimates that cybercrime costs the global economy $2.9 million every minute, with roughly 80 percent of those attacks directed at passwords.

In November 2019 at Microsoft Ignite, we shared that more than 100 million people were already using Microsoft’s passwordless sign-in each month. In May of 2020, just in time for World Password Day, that number had already grown to more than 150 million people, and the use of biometrics to access work accounts is now almost double what it was then. We’ve drawn strength from our customers’ determination this year and are set to make passwordless access a reality for all our customers in 2021.

2020: A banner year for passwordless technology

Infograph describing the passwordless technology achievements in 2020

February: We announced a preview of Azure Active Directory support for FIDO2 security keys in hybrid environments. The Fast Identity Online (FIDO) Alliance is a “cross-industry consortia providing standards, certifications, and market adoption programs to replace passwords with simpler, stronger authentication.” Following the latest FIDO spec, FIDO2, we enabled users with security keys to access their Hybrid Azure Active Directory (Azure AD) Windows 10 devices with seamless sign-in, providing secure access to on-premises and cloud resources using a strong hardware-backed public and private-key credential. This expansion of Microsoft’s passwordless capabilities followed 2019’s preview of FIDO2 support for Azure Active Directory joined devices and browser sign-ins.

June: I gave a keynote speech at Identiverse Virtual 2020 where I got to talk about how Microsoft’s FIDO2 implementation highlights the importance of industry standards in implementing Zero Trust security and is crucial to enabling secure ongoing remote work across industries. Nitika Gupta, Principal Program Manager of Identity Security in our team, showed how Zero Trust is more important than ever for securing data and resources and provided actionable steps that organizations can take to start their Zero Trust journey.

September: At Microsoft Ignite, the company revealed the new passwordless wizard available through the Microsoft 365 Admin Center. Delivering a streamlined user sign-in experience in Windows 10, Windows Hello for Business replaces passwords by combining strong MFA for an enrolled device with a PIN or user biometric (fingerprint or facial recognition). This approach gives you, our customers, the ability to deliver great user experiences for your employees, customers, and partners without compromising your security posture.

November: Authenticate 2020, “the first conference dedicated to who, what, why and how of user authentication,” featured my boss, Joy Chik, CVP of Identity at Microsoft, as the keynote speaker. Joy talked about how FIDO2 is a critical part of Microsoft’s passwordless vision, and the importance of the whole industry working toward great user experiences, interoperability, and having apps everywhere support passwordless authentication. November also saw Microsoft once again recognized by Gartner as a “Leader” in identity and access management (IAM).

MISA members lead the way

The Microsoft Intelligent Security Association (MISA) is an ecosystem of security partners who have integrated their solutions with Microsoft to better defend against increasingly sophisticated cyber threats. Four MISA members—YubiKey, HID Global, Trustkey, and AuthenTrend—stood out this year for their efforts in driving passwordless technology adoption across industries.

Yubico created the passwordless YubiKey hardware to help businesses achieve the highest level of security at scale.

“We’re providing users with a convenient, simple, authentication solution for Azure Active Directory.”—Derek Hanson, VP of Solutions Architecture and Alliances, Yubico

HID Global engineered the HID Crescendo family of FIDO-enabled smart cards and USB keys to streamline access for IT and physical workspaces—enabling passwordless authentication anywhere.

“Organizations can now secure access to laptops and cloud apps with the same credentials employees use to open the door to their office.”—Julian Lovelock, VP of Global Business Segment Identity and Access Management Solutions, HID

TrustKey provides FIDO2 hardware and software solutions for enterprises who want to deploy passwordless authentication with Azure Active Directory because: “Users often find innovative ways to circumvent difficult policies,” comments Andrew Jun, VP of Product Development at TrustKey, “which inadvertently creates security holes.”

AuthenTrend applied fingerprint-authentication technology to the FIDO2 security key and aspires to replace all passwords with biometrics to help people take back ownership of their credentials.

Next steps for passwordless in 2021

Our team has been working hard this year to join these partners in making passwords a thing of the past. Along with new UX and APIs for managing FIDO2 security keys enabling customers to develop custom solutions and tools, we plan to release a converged registration portal in 2021, where all users can seamlessly manage passwordless credentials via the My Apps portal.

We’re excited about the metrics we tracked in 2020, which show a growing acceptance of passwordless among organizations and users:

  • Passwordless usage in Azure Active Directory is up by more than 50 percent for Windows Hello for Business, passwordless phone sign-in with Microsoft Authenticator, and FIDO2 security keys.
  • More than 150 million total passwordless users across Azure Active Directory and Microsoft consumer accounts.
  • The number of consumers using Windows Hello to sign in to Windows 10 devices instead of a password grew to 84.7 percent from 69.4 percent in 2019.

We’re all hoping the coming year will bring a return to normal and that passwordless access will at least make our online lives a little easier.

Learn more about Microsoft’s passwordless story. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post A breakthrough year for passwordless technology appeared first on Microsoft Security.

Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security

December 8th, 2020 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. You can learn more about MISA here

Cybercriminals have ramped up their initial compromises through phishing and pharming attacks using a variety of tools and tactics that, while numerous, are simple and often go undetected. One technique that attackers continue to leverage to obfuscate their activity and remain undetected is dwell time.

Dwell is the time between the initial compromise and the point when the attack campaign is identified. While industry reports offer differing averages for dwell time, I have yet to see reporting that presents an average below the 50 to 60-day range. Read more about advanced endpoint protection and dwell time.

Bolster Your Advanced Endpoint Protection (AEP)

Download the Digital Defense white paper here.

While dwell times have slightly decreased as attackers become less patient, they are still significant enough to evade the plethora of security tools that exist today. The challenge with these tools is their inability to piece together attacker activity over long periods. By the time enough indicators of compromise (IoC) reveal themselves to be detected, it is often too late to prevent a breach. Most monitoring solutions look for attacker activity to identify a potential indicator of compromise. However, the best way to combat dwell time is to identify and eradicate dormant or nascent malware that stays well-hidden before they periodically activate.

A layered Solution

Frontline Active Threat Sweep™ (Frontline ATS™), integrated with Microsoft Defender for Endpoint, identifies malware designed to actively evade EDR solutions. Frontline ATS™ is part of the Digital Defense Frontline.Cloud platform providing on-demand agentless threat detection that proactively analyzes assets for indications of a malware infection before other agent-based security tools can be deployed. When integrated, Frontline ATS augments Defender for Endpoint’s capabilities by identifying hidden IoCs without adding agents.

Placeholder

The ability to stay undetected for long periods of time is one of the most common and challenging tactics that attackers use to execute a successful breach. In addition, even when a security team using monitoring tools or an incident response (IR) service is able to detect a threat and clean up an infection, it is common to see it repeatedly resurface. This is because even though all active indicators of the threat have been investigated and addressed, if the initial, and often inactive, installation of malware is not discovered due to inactivity, it can later be re-activated to re-spark an infection. With Frontline ATS and Defender for Endpoint, security teams can find any source, artifact, or inactive remnants of malware that could restart the attack campaign. Defender for Endpoint and Frontline ATS provides comprehensive and unobtrusive advanced endpoint detection, protection, and response for drastically improving the security operations team’s effectiveness at preventing breaches.

To learn about the Digital Defense Frontline ATS integration with Microsoft Defender for Endpoint, please visit our listing in the Microsoft Azure Marketplace or visit Digital Defense to learn more.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security appeared first on Microsoft Security.

Key layers for developing a smarter SOC with CyberProof-managed Microsoft Azure security services

November 17th, 2020 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA here 

Security teams are struggling to reduce the time to detect and respond to threats due to the complexity and volume of alerts being generated from multiple security technologies.

With more workloads being migrated to the cloud, this brings an additional perimeter, which requires constant vigilance for early signs of a cyber-attack. New security challenges also emerge due to its elastic nature and the constant provisioning of new services.

How CyberProof is working with Microsoft to solve these challenges

CyberProof partnered with Microsoft to provide customers with cloud-scalable security monitoring, detection, and response services across the endpoint, network, identities, SaaS applications, and Azure cloud infrastructure.

With the CyberProof Defense Center (CDC) service delivery platform pre-integrated with Microsoft’s cloud-native SIEM, Azure Sentinel, CyberProof’s built-in virtual analyst, SeeMo, automates up to 80 percent of tier one and two activities such as monitoring, enrichment, incident handling, and remediation. This frees up your team to focus on the most critical business issues.

Key Layers to Building a Smarter SOC

We recommend that security operations center teams implement the following three key layers of a smarter system on a chip (SOC) architecture when looking to generate continuous value from your Azure security stack with managed security services.

Each layer includes the integrations between Microsoft and CyberProof that help facilitate this architecture. For more information, check out our on-demand webinar—which we ran in collaboration with Microsoft’s Chief Security Advisor EMEA, Cyril Voisin.

1. Data collection and integration layer—enrichment of security data from multiple sources

This is particularly useful for enterprise-grade SOCs that collect and parse relevant data from multiple business units before going into a data lake. Organizing and classifying all of this data will save time and money when you start introducing integration and automation technologies, as the information will already be structured in an optimum way. Here’s how log collection, normalization, and analysis work:

  1. Integration: An organization identifies the assets, tools, technologies, and applications that need to be integrated.
  2. Data normalization: Enterprise SOCs need to parse data before it enters the data lake—to tag and filter it—so the right information is being fed into the SOC in the most efficient way.
  3. Data collection and analysis: Using a solution such as Microsoft’s Azure Monitor Log Analytics and scalable storage such as Azure Data Lake, terabytes of data can be ingested in order to query and manage at scale. Machine learning can be used for the identification of anomalies and monitoring whether log sources are operating correctly, as well as to support threat hunting.

At CyberProof, we leverage Azure Monitor Log Analytics and CyberProof Log Collection (CLC) SaaS technology to pull logs from all sources of data. These include a customer’s existing Microsoft investments—including on-premises, SaaS, and Azure assets—and existing Microsoft security controls that generate alerts across identities, endpoints, data, and email, and cloud apps.

2. Security analytics layer—generating contextual alerts and minimizing false positives

The traditional on-premises SIEM architecture has limited scalability—such as, infrastructure costs are incurred up-front, based on peak requirements rather than on-demand provisioning that scales with current demand and growth over time. Also, effectively mapping logs from all ecosystems can be a time-consuming endeavor when having to correlate rules and create clear reporting.

The world of security data collection has evolved. It is no longer a single query or rule that triggers the discovery of an incident. Typically, security monitoring identifies the proverbial “needle in the haystack”—and to do this type of threat detection requires broad visibility across the enterprise. This requires more processing power and data collection, in order to establish what the baseline really looks like. These are attributes are best accomplished by implementing security in the cloud.

That’s where Azure Sentinel comes in, supplying correlation and analytics rules and filtering massive volumes of events to obtain high-context alerts. Azure Sentinel uses machine learning to proactively find anomalies hidden within acceptable user behavior and generate alerts.

Microsoft Azure Sentinel is fully integrated with CyberProof CDC platform, so customers can work from a single console to manage high-context alerts, carry out investigations, and handle incidents.

3. Orchestration, automation, and collaboration layer—facilitating faster threat detection and response

Forrester’s recent assessment of midsized MSSPs notes that orchestration and security automation plays a vital role for overburdened SOC staff.

By automating tier one and two activities like monitoring, enrichment, investigation, and incident handling, our CDC platform takes much of the strain out of the process. Essentially, the CDC platform provides our IP as a service—helping customers avoid the expenditure necessary to develop their own IP for a next-generation SOC.

The CDC platform gives customers a “single pane of glass” view from which to manage high context alerts, incidents, and report generation for stakeholders. It integrates the functionality of Azure Sentinel as well as other security investments.

The CDC platform’s benefits include:

  • Orchestration: Integrates external intelligence sources, enrichment sources, the IT service management system, and more into a single view.
  • Automation: Leverages CyberProof virtual analyst, SeeMo, who uses our Use Case Factory—a catalog of attack uses cases consisting of prevention, detection rules, and response playbooks all aligned to the MITRE ATT&CK framework—to continuously update playbooks.
  • Collaboration: Facilitates real-time communication with our nation-state level analysts to help remediate incidents.
  • Hybrid engagement: Supports collaboration of CyberProof experts with the customer’s team to remediate incidents and upskill the customer’s team.

Customers can start benefiting now

CyberProof solution, used in tandem with Azure Sentinel provides 24/7 security monitoring, which frees up SOC teams to focus on critical incidents.

The platform’s use of machine learning and behavioral analysis can reduce alert fatigue and false positives by up to 90 percent. It offers large-scale collection and correlation of data from the endpoint, cloud network, and users—facilitating high-context alerts.

These capabilities, as well as the platform’s high-level collaboration abilities and up-to-date response playbooks, contribute to greater efficiency in threat detection and in responding to validated incidents.

Yet, it doesn’t take a lot of time to transition to CyberProof solution. CyberProof has a defined onboarding process that’s based on each customer’s requirements.

As a managed service provider, we find that we can help customers get through the transition much more quickly than they would have on their own—accelerating the process and shortening the time needed to start reaping the benefits of the solutions.

Want more information? Check out our Azure Security Services page and the CDC platform from CyberProof. Or contact us to learn more about how we can help you transition to a smarter SOC.

To learn more about the Microsoft Intelligent Security Association (MISA), visit the Microsoft Intelligent Security Association website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Key layers for developing a smarter SOC with CyberProof-managed Microsoft Azure security services appeared first on Microsoft Security.

Advanced protection for web applications in Azure with Radware’s Microsoft Security integration

October 12th, 2020 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA here.

The state of application security

Companies face a wide range of security challenges, such as Open Source Foundation for Application Security Project (OWASP) vulnerabilities, advanced BOT threats and the need to manage BOTs, securing APIs, and protecting against volumetric and non-volumetric DDoS attacks. Advanced threats mean that application security solutions must do much more. Organizations require a synchronized attack-mitigation system that provides advanced application protection against all the above threats, across all platforms and environments at all times; providing comprehensive security and a single view of application security events for quick incident response and a minimum impact on business.

Customers are increasingly requesting, if not requiring, a fully managed service option for security elements. Beyond the obvious complexity of managing the positive and negative security model rules, today’s attacks are dynamic and evolving. Teams managing application security are stressed by the rapid pace of new application development and application changes, all of which require vulnerability assessment and remediation in the form of automated continuous and consistent security policies.

Cloud is disrupting technology and security is the biggest challenge for customers around the world. Radware is embracing this shift by focusing on ‘Strength in Security’ with Microsoft Azure and is focused on helping Microsoft Azure customers secure their workloads and applications. Radware works closely with Microsoft’s engineering teams to create new and innovative solutions in Azure that benefit from Microsoft’s unique cloud capabilities and services like Azure DDoS Protection and Microsoft Azure Sentinel to build a more secure digital infrastructure, enabling customers to overcome security challenges. Radware Security for Azure provides local availability and easy deployment capabilities across any Azure region, enabling organizations to move to Azure with the knowledge that their applications, networks, and data will be secure around the world.

The application threat landscape

Application vulnerabilities are now the fastest-growing cybersecurity threat to organizations, according to a year-over-year comparison of Radware’s annual Global Application & Network Security Report. Applications, and the APIs they leverage, must be protected against an expanding variety of attack methods. In addition, DevOps and Agile development practices mean that applications are in a state of constant flux, and security policies must adapt to keep pace. Web application security solutions must be smarter and address a broad spectrum of vulnerability exploitation scenarios and attack types and vectors. On top of protecting the application from these common vulnerabilities, they have to protect APIs and mitigate denial-of-service (DoS) attacks, manage bot traffic, and make a distinction between legitimate bots and malicious bots.

Web applications are a critical part of most modern businesses, but many organizations continue to overlook web application security, despite escalating threats. According to a recent Gartner report, by 2023, more than 30 percent of public-facing web applications will be protected by cloud web application and API protection services that combine DDoS protection, bot mitigation, API protection, and web application firewalls (WAFs).

Cloud web application and API security and integrated BOT and DDoS protection is the evolution of cloud-delivered WAF services. Comprehensive cloud-delivered managed security services is a more comprehensive runtime protection successor to WAF appliances. It is faster to deploy and easier for organizations to maintain. Customers want to consume security products without managing the underlying infrastructure which is a big benefit that a product like Radware Security for Azure brings to customers in Azure.

Radware Security for Azure is a managed service that provides network and application security protection against small-scale to even the most sophisticated large-scale attacks ensuring applications are protected from malicious DDoS attacks and zero-day web attacks and common vulnerabilities.

By leveraging the global scale of the Microsoft network and integrating with Azure DDoS Protection, Radware Security for Azure provides enhanced Layer 3 – Layer 7 DDoS mitigation capabilities tuned for applications and resources deployed in virtual networks backed by an industry-leading service level agreement (SLA) and 24/7 incident response team.

Six steps on how to neutralize the application threat

Radware provides advanced protection for web applications in Azure with an integrated application and API security service. Radware Security for Azure provides:

Details on security solutions offered by Radware Security for Azure

To learn more about Radware Security for Azure, visit our listing in the Azure Marketplace or visit Radware.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Advanced protection for web applications in Azure with Radware’s Microsoft Security integration appeared first on Microsoft Security.

Vectra and Microsoft join forces to step up detection and response

September 21st, 2020 No comments

This blog post is part of the Microsoft Intelligence Security Association (MISA) guest blog series. Click here to learn more about MISA.

Traditional security operations center (SOC) processes typically involve a wide variety of disparate event notification tools that force overworked analysts to battle massive amounts of inbound alerts. This often leads to missed signals and incorrect alert prioritization.

The move to cloud, hybrid environments, and IoT further exacerbates the situation as the attack surface is distributed, boundless, and ever-changing. Perimeter defenses, although necessary, are insufficient.

To address these challenges, SOCs today are focusing on continuous real-time detection and response capabilities that are based on three tightly integrated vantage points and solutions – network detection and response (NDR), endpoint detection and response (EDR), and security information and event management (SIEM).

Gartner calls this approach the SOC visibility triad. It combines the widespread visibility of NDR with the deep process-level insight of EDR, and couples them together with log and security analytics from a variety of sources in the SIEM.

Using these three components in a deeply integrated solution gives security professionals the tools and visibility into modern networking environments and allows them to detect and stop attacks that evade perimeter defenses.

The Cognito® platform from Vectra® delivers high-fidelity NDR by keeping a watchful eye on hidden attacker behaviors in workloads in the cloud and hybrid cloud as well as on-premises enterprise networks.

By combining security research with data science, Vectra AI-derived machine learning algorithms automatically detect and prioritize the highest-risk attacker behaviors in cloud/SaaS and data center workloads as well as user and IoT devices.

As a result, Vectra enables security professionals to reduce the SOC workload, instantly get deep insights and context about every attack, and respond faster to encroaching threats with surgical precision.

An image of the SOC Vectra Triad.

The deep native integrations between Vectra (NDR), Microsoft Defender ATP (EDR) and Microsoft Azure Sentinel (SIEM) make the SOC triad fully operational for customers, enabling them to use tools they are already familiar with.

This SOC triad brings together context from each data source, creating an extraordinary solution that is greater than the sum of its parts.

In addition to enriching Vectra detections with contextual endpoint data from Microsoft Defender ATP, this solution automatically shows attacker detections in the Microsoft Azure Sentinel dashboard, where SOC teams can conduct conclusive investigations.

The SOC visibility triad further helps drive integrated enforcement actions like disabling compromised accounts and isolating hosts that an attacker is using. This allows SOCs to deliver well-coordinated responses, enhance efficiency, and reduce attacker dwell-times.

The Host Lockdown feature from Vectra is a perfect example of this. When a high-risk attack is detected by the Cognito platform, SOC teams can respond quickly and accurately to lockdown Microsoft Defender ATP hosts from the Cognito dashboard.

This can be performed manually with a button-click or configured for automated enforcement that triggers when host threat, certainty, and observed-privilege scores exceed SOC-defined thresholds.

In summary, together with Microsoft Defender ATP, Vectra enables SOC teams to:

  • Combine the Vectra 360-degree aerial view of interactions on cloud and data center workloads with the in-depth ground-level view from Microsoft Defender ATP.
  • Enrich high-fidelity Vectra detections with deep process-level host-context from Microsoft Defender ATP.
  • Take precise and immediate enforcement actions from Vectra closer to the source using Microsoft Defender ATP.

And together with Microsoft Azure Sentinel, Vectra enables SOCs to:

  • Bring Vectra high-certainty behavior-based detections straight to Microsoft Azure Sentinel workbooks for immediate attention.
  • Automate incidents in Microsoft Azure Sentinel based on configurable threat and certainty score thresholds from Vectra.
  • Perform forensic analysis on incidents to identify involved devices, accounts, and attackers.

With these deep integrations between NDR, EDR, and SIEM that Vectra and Microsoft have collaborated on, we are able to realize the SOC visibility triad, ultimately allowing customers to elevate SOC visibility and prevent attackers from establishing footholds across cloud, data center, IoT, and enterprise networks.

For more details, check out the Cognito platform from Vectra and our integration with Microsoft Defender ATP and Microsoft Azure Sentinel.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our web site where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft security solutions, visit the Microsoft security web site. Bookmark the security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Vectra and Microsoft join forces to step up detection and response appeared first on Microsoft Security.

Microsoft and Corrata integrate to extend cloud app security to mobile endpoints

August 24th, 2020 No comments

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here.

The growth of mobile and remote work and the emergence of the “post perimeter” world has made keeping track of shadow IT a huge challenge for enterprise IT teams. What makes this problem particularly difficult for infosec teams is a parallel development. Not only are your apps leaving the data-center, but your employees are leaving the building. In the good old days, you might have used firewalls or secure web gateways to give you visibility. On top of that, risky or unsanctioned apps could be blocked with a firewall script or added to a blacklist.

But with employees working from home, the network perimeter has disappeared. In this new world, how can you have any idea what’s going on, let alone impose control?

The growth of SaaS

The rapid adoption of SaaS services has driven cloud computing and digital transformation for many organizations. File storage, CRM, and ERP systems are now commonly delivered on a SaaS basis. Services based on the SaaS model offer fantastic advantages. For a start, they do not require in-house infrastructure. In addition, they have rich out of the box feature sets and deliver across both web and mobile platforms. Finally, their low upfront commitment and automatic version updates make them easy to adopt. Their advantages are endless…

…and of Shadow IT

Research by Microsoft shows that on average enterprises use more than 1,000 SaaS applications and that IT are unaware of more than 60% of these applications (so-called ‘shadow IT’). As a result, corporate data can easily slip beyond the control of the company’s ‘gatekeeper’. Once your CRM is in the cloud, your visibility is limited – it’s more challenging to see when a soon to depart salesperson has downloaded the contact details of your entire customer base. Or, imagine that highly- sensitive network diagrams are leaked online leaving your company vulnerable to spoofing or Man-in-the-Middle attacks.

Discovery and control

It is on foot of these trends that the ability to discover and control cloud app usage across organizations has become critical. New SaaS apps need to be quickly identified and risk assessed. Approved apps can be integrated with existing identity and security processes while risky and unsanctioned apps can be blocked. Robust mechanisms for discovering cloud app usage and blocking unapproved apps are important. Remote and mobile work scenarios present particular challenges because they are beyond the network perimeter. For instance, mobile app usage has doubled since organizations migrated to remote working. As a result, companies have no way of knowing what SaaS services their employees are engaging with. For example, an employee might use unsanctioned cloud storage apps for uploading client data or use unapproved marketing automation tools. This is why cloud app security and visibility is critical.

Why endpoint makes sense

The answer to this is what the industry calls “endpoint cloud application discovery and control”. What does this clunky phrase refer to, you ask? It refers to the use of endpoint security solutions, such as Corrata or Microsoft Defender ATP, to identify cloud app usage and to block risky or unsanctioned apps.

The endpoint security solution collects traffic information to discover what apps are in use, uploading this information to a cloud access security broker (CASB) solution such as Microsoft Cloud App Security. The IT admin uses the CASB portal to specify which apps are to be blocked. The CASB then automatically forwards these instructions to the endpoint security solution which enforces the block on the endpoint.

At Ignite 2019, Microsoft Cloud App Security announced an integration with Microsoft Defender ATP to bring endpoint-based cloud discovery and control to Windows devices. Now Corrata’s integration with Microsoft Cloud App Security means that Microsoft customers can extend the same discovery and control to phones and tablets. This means that you can automatically detect the cloud apps your employees are using on mobile devices and take the appropriate security actions. Namely, Corrata acts as a firewall on your unmanaged mobile and tablet devices.

How does it work?

Corrata and Microsoft have worked together to ensure that the integration of the Corrata solution with Microsoft Cloud App Security is simple and easy to implement.

A graphic showing how Corrata and Microsoft have worked together to ensure that the integration of the Corrata solution with Microsoft Cloud App Security is simple and easy to implement.

Traffic information from smartphones and tablets running Corrata is uploaded for analysis to Microsoft Cloud App Security on a continuous basis. Cloud app usage information collected by Corrata is visible to admins via the Microsoft Cloud App Security console. This provides an integrated view of an organization’s cloud app usage and one-click enforcement of app usage policies across iOS, Android, and Windows devices.

App designated as risky or unsanctioned within the Cloud App Security portal are automatically blocked by Corrata on the mobile endpoint. This capability is delivered using Corrata’s patented SafePathML technology which uses Machine Learning to accurately assess the probability of a domain being unsafe. With SafePathML, Corrata can block threats even before the wider cyber security community has identified them.

If you’re an existing or prospective Corrata or Microsoft Cloud App Security customer, you can learn more here about how to harness the advantages of endpoint-based discovery and control for cloud apps.

Corrata is a member of the Microsoft Intelligent Security Association.

Find the Corrata Microsoft Cloud App Security Solution on the Azure Marketplace here.

To learn more about the Microsoft Intelligent Security Association (MISA) #MISA, visit our website where you can learn more about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn more about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft and Corrata integrate to extend cloud app security to mobile endpoints appeared first on Microsoft Security.

Microsoft Intelligent Security Association expands to include managed security service providers

July 14th, 2020 No comments

We’d planned a splashy party at Microsoft Inspire to announce our newest Microsoft Intelligent Security Association (MISA) members and introduce them to association members, but given our world today, I am instead picturing you reading this announcement curled up in a chair with a cup of coffee. Almost as satisfying, right?

Welcoming Managed Security Service Providers to MISA

Two years ago, we launched MISA to offer our customers holistic solutions that help them better defend against a world of increasing threats. Our vision was to build a robust security ecosystem that included leading security technology companies that provide value to our joint customers. We began by partnering with independent software vendors that have integrated their solutions with Microsoft. Since launch, MISA has expanded significantly—in just the last year, membership increased from 57 members to 133!

Through MISA, we’ve been able to collaborate with some of the most innovative security companies in the world, but our joint customers also need security services that are deeply interwoven with MISA software solutions. To meet this demand, MISA is launching an invitation-only pilot program in July 2020 for select managed security service providers (MSSPs).

Today we’re happy to bring a win-win-win offering by enabling MSSPs and managed detection and response partners to sell and deploy not just Microsoft’s security solutions but more importantly our joint solutions with our independent software vendor partners.”  – Eran Barak, Principle PM Manager, Microsoft Threat Protection.

By including MSSPs in the program, our joint customers will benefit from security consultants with deep expertise in MISA solutions, enabling them to get the most out of their investments. The expansion also creates more opportunities for security organizations to work together on the creative solutions we will need to confront an evolving threat landscape.

“MISA members are the cybersecurity industry leaders, unified by the common goal of helping secure our customers by offering their own valuable expertise and making the association more effective as it expands.”– Mandana Javaheri, Global Director of Cybersecurity Solutions Group at Microsoft Corp.

I am proud of the work that MISA has accomplished to date and look forward to partnering with our newest members to help our joint customers better safeguard their organizations. Please join me in welcoming the following MSSPs to MISA:

Accenture

MISA service offering: Azure Sentinel

Accenture Security helps organizations prepare, protect, detect, respond and recover along across the entire Microsoft Security portfolio across the full security lifecycle. Learn more.

AscentSolutions

MISA service offering: Azure Sentinel, Azure Security Center

Ascent Solutions’ risk-based defense strategy aligns your priorities with the right technology, processes, and route map to make your business more secure today. And because cybersecurity is at the heart of everything we do, we also help you defend against the right attack vectors and combat malicious actors to better protect your businesses into the future. Learn more.

Avanade

MISA service offering: Azure Sentinel

From enabling a modern workplace, to protecting your applications in the cloud, Avanade provides a holistic approach to security at every step. Learn more. 

BlueVoyant

MISA service offering: Azure Sentinel, Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

BlueVoyant provides managed detection and response (MDR) services utilizing Azure Sentinel, a cloud-native security information and event manager (SIEM), and Microsoft Threat Protection, an integrated platform that unifies best-in-class products that include Microsoft Defender ATP, Office 365 Advanced Threat Protection, Azure Advanced Threat Protection, and Microsoft Cloud Application Security. Learn more.

Born in the Cloud

MISA service offering: Azure Sentinel, Azure Security Center

Born In The Cloud leverages Azure Security services including Azure Sentinel and machine learning algorithms to monitor your environment and make sense of the data faster than any human can, allowing us to respond to threats quickly. We also manage Windows 10, Office 365, Microsoft Defender ATP and Microsoft Endpoint Manager for you, to help keep devices, data, and identities safe. All built on Azure Cloud. Learn more.

BT

MISA service offering: Azure Sentinel

One of the few local service providers in managed security services, BT Consulting uses cutting edge technology to monitor firewalls and manage endpoint security. Learn more.

Critical Start

MISA service offering: Microsoft Defender ATP, Azure Sentinel

CRITICALSTART enables customers to centralize, ingest, and correlate their logs to ensure their environment is secure. CRITICALSTART’s MDR utilizes a Trusted Behavior Registry to investigate every alert generated until they are classified as a known good and can be safely resolved. Customers see every action our CYBERSOC analysts take since our platform provides transparency across the entire process. Learn more.

Cyberproof

MISA service offering: Azure Sentinel

Cyberproof monitors your security alerts and suspicious events, collected from multiple internal and external customer data sources including Microsoft Azure Sentinel SIEM. Threats are detected as they emerge in critical cloud and on-premises infrastructure. Learn more.

Dell

MISA service offering: Microsoft Defender ATP, Azure ATP

At Dell, security is a priority – a part of every conversation; it connects our team members, customers, processes and technologies. Dell’s Security and Trust Center provides easy access to resources and solutions to help you quickly find answers to your security questions. Learn more.

Expel

MISA service offering: Microsoft Defender ATP, Azure Sentinel

The combination of the Expel Workbench™ and Expel analysts monitor your environment 24×7 to provide transparent managed security that finds attackers and gives you the answers to help you kick them out and keep them out. Learn more.

EY

MISA service offering: Microsoft Defender ATP, Azure Security Center

EY provides day-to-day resilience as well as a proactive, pragmatic, and strategic approach that considers risk and security from the onset. This is Security by Design. Rather than avoiding risk altogether, Security by Design is about enabling trust in systems, designs, and data so that organizations can take on more risk, lead transformational change, and innovate with confidence. EY Next-generation security operations and response teams can provide organizations with the right amount of support to help them manage leading-class security operations in a programmatic way.  Learn more.

FishTech

MISA service offering: Microsoft Defender ATP

Fishtech is the leading current generation cybersecurity services provider for enabling secure and successful business transformation. Data-driven and born in the cloud, Fishtech provides the people, processes, and technology to minimize risk, maintain compliance, and increase business efficiency. Our human-led, machine-driven security-as-a-service division, CYDERES, helps organizations manage cybersecurity risks, detect threats, and respond to security incidents in real-time. Learn more.

Infosys

MISA service offering: Azure Active Directory, Azure Sentinel

Infosys CyberSecurity offers a flexible managed security services model that empowers organizations with people, processes, and technology to secure their critical assets and data. With our quality services, we help protect your data and infrastructure with the latest technology and certified professionals, while adhering to the latest industry-specific compliance standards. Learn more.

Insight

MISA service offering: Azure Sentinel

Insight Services for Azure Sentinel help you take advantage of cutting-edge technology from Microsoft to strengthen and simplify your security environment. During an engagement, our consultants address all major areas of your SOC, including new tools or processes that would be beneficial to adopt. Learn more.

Inspark

MISA service offering: Azure Sentinel

The new Azure Sentinel and the Fusion capabilities empower Inspark to help keep our customers safe for the future. Our Cloud Security Center incorporates Azure Sentinel and the Microsoft Security Graph into our solution to better protect our customers. Learn more.

KPMG (US & EMEA)

MISA service offering: Azure Sentinel

The KPMG + Azure Sentinel solution has been designed to help businesses improve their security monitoring and incident response capabilities by combining KPMG’s cybersecurity, incident response, and industry experience with Microsoft’s advanced cybersecurity technologies. Learn more.

Open Systems

MISA service offering: Azure Sentinel

Open Systems designed a scalable MDR platform that helps detect threats early to limit the damage. It combines human knowhow, advanced automated threat detection, and the best sensor technology. In addition, a cloud-scale SIEM built on Microsoft Azure Sentinel ensures smooth logfile integration from your existing security controls and other sources of relevant data. Learn more.

Optiv Security

MISA service offering: Microsoft Defender ATP, Azure Sentinel, Azure Active Directory

Optiv Security is a security solutions integrator that enables clients to reduce risk by taking a strategic approach to cybersecurity. Align your security program to achieve specific business outcomes with our full suite of service capabilities, from strategy to technology—and everything in between. Our managed security services provide vetted on-staff vulnerability and security researchers and multiple operations centers to support your organization every moment, of every day, so you can refocus your existing IT staff on core business needs. Learn more.

Truesec

MISA service offering: Microsoft Defender ATP

As a leading cybersecurity consulting company, Truesec offers a wide range of services including security health checks, security engineering, and penetration testing, all provided by cyber security specialists. Our managed service will give your organization the capability to detect and respond quickly to cyberattacks. Our success is based on a combination of extraordinary cyber experts, the most advanced tools in the market today, and by investing in truly understanding the specifics of our client’s IT environments. Learn more.

Trustwave

MISA service offering:  Microsoft Defender ATP, Azure Sentinel

Trustwave Threat Detection and Response Services for Microsoft Azure uses Microsoft Security Graph API to ingest data from Microsoft Azure Sentinel and Microsoft Defender ATP to provide real-time triage, analysis, investigation, response, and remediation of security threats. Learn more.

Wipro

MISA service offering: Azure Active Directory, Azure Sentinel

Wipro provides end-to-end security solutions and services for business to enterprise, partners and consumers through Microsoft security stacks. Learn more

For more information

To learn more about the Microsoft Intelligent Security Association watch this video or visit the webpage.  To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Intelligent Security Association expands to include managed security service providers appeared first on Microsoft Security.

Microsoft Intelligent Security Association expands to include managed security service providers

July 14th, 2020 No comments

We’d planned a splashy party at Microsoft Inspire to announce our newest Microsoft Intelligent Security Association (MISA) members and introduce them to association members, but given our world today, I am instead picturing you reading this announcement curled up in a chair with a cup of coffee. Almost as satisfying, right?

Welcoming Managed Security Service Providers to MISA

Two years ago, we launched MISA to offer our customers holistic solutions that help them better defend against a world of increasing threats. Our vision was to build a robust security ecosystem that included leading security technology companies that provide value to our joint customers. We began by partnering with independent software vendors that have integrated their solutions with Microsoft. Since launch, MISA has expanded significantly—in just the last year, membership increased from 57 members to 133!

Through MISA, we’ve been able to collaborate with some of the most innovative security companies in the world, but our joint customers also need security services that are deeply interwoven with MISA software solutions. To meet this demand, MISA is launching an invitation-only pilot program in July 2020 for select managed security service providers (MSSPs).

Today we’re happy to bring a win-win-win offering by enabling MSSPs and managed detection and response partners to sell and deploy not just Microsoft’s security solutions but more importantly our joint solutions with our independent software vendor partners.”  – Eran Barak, Principle PM Manager, Microsoft Threat Protection.

By including MSSPs in the program, our joint customers will benefit from security consultants with deep expertise in MISA solutions, enabling them to get the most out of their investments. The expansion also creates more opportunities for security organizations to work together on the creative solutions we will need to confront an evolving threat landscape.

“MISA members are the cybersecurity industry leaders, unified by the common goal of helping secure our customers by offering their own valuable expertise and making the association more effective as it expands.”– Mandana Javaheri, Global Director of Cybersecurity Solutions Group at Microsoft Corp.

I am proud of the work that MISA has accomplished to date and look forward to partnering with our newest members to help our joint customers better safeguard their organizations. Please join me in welcoming the following MSSPs to MISA:

Accenture

MISA service offering: Azure Sentinel

Accenture Security helps organizations prepare, protect, detect, respond and recover along across the entire Microsoft Security portfolio across the full security lifecycle. Learn more.

AscentSolutions

MISA service offering: Azure Sentinel, Azure Security Center

Ascent Solutions’ risk-based defense strategy aligns your priorities with the right technology, processes, and route map to make your business more secure today. And because cybersecurity is at the heart of everything we do, we also help you defend against the right attack vectors and combat malicious actors to better protect your businesses into the future. Learn more.

Avanade

MISA service offering: Azure Sentinel

From enabling a modern workplace, to protecting your applications in the cloud, Avanade provides a holistic approach to security at every step. Learn more. 

BlueVoyant

MISA service offering: Azure Sentinel, Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

BlueVoyant provides managed detection and response (MDR) services utilizing Azure Sentinel, a cloud-native security information and event manager (SIEM), and Microsoft Threat Protection, an integrated platform that unifies best-in-class products that include Microsoft Defender ATP, Office 365 Advanced Threat Protection, Azure Advanced Threat Protection, and Microsoft Cloud Application Security. Learn more.

Born in the Cloud

MISA service offering: Azure Sentinel, Azure Security Center

Born In The Cloud leverages Azure Security services including Azure Sentinel and machine learning algorithms to monitor your environment and make sense of the data faster than any human can, allowing us to respond to threats quickly. We also manage Windows 10, Office 365, Microsoft Defender ATP and Microsoft Endpoint Manager for you, to help keep devices, data, and identities safe. All built on Azure Cloud. Learn more.

BT

MISA service offering: Azure Sentinel

One of the few local service providers in managed security services, BT Consulting uses cutting edge technology to monitor firewalls and manage endpoint security. Learn more.

Critical Start

MISA service offering: Microsoft Defender ATP, Azure Sentinel

CRITICALSTART enables customers to centralize, ingest, and correlate their logs to ensure their environment is secure. CRITICALSTART’s MDR utilizes a Trusted Behavior Registry to investigate every alert generated until they are classified as a known good and can be safely resolved. Customers see every action our CYBERSOC analysts take since our platform provides transparency across the entire process. Learn more.

Cyberproof

MISA service offering: Azure Sentinel

Cyberproof monitors your security alerts and suspicious events, collected from multiple internal and external customer data sources including Microsoft Azure Sentinel SIEM. Threats are detected as they emerge in critical cloud and on-premises infrastructure. Learn more.

Dell

MISA service offering: Microsoft Defender ATP, Azure ATP

At Dell, security is a priority – a part of every conversation; it connects our team members, customers, processes and technologies. Dell’s Security and Trust Center provides easy access to resources and solutions to help you quickly find answers to your security questions. Learn more.

Expel

MISA service offering: Microsoft Defender ATP, Azure Sentinel

The combination of the Expel Workbench™ and Expel analysts monitor your environment 24×7 to provide transparent managed security that finds attackers and gives you the answers to help you kick them out and keep them out. Learn more.

EY

MISA service offering: Microsoft Defender ATP, Azure Security Center

EY provides day-to-day resilience as well as a proactive, pragmatic, and strategic approach that considers risk and security from the onset. This is Security by Design. Rather than avoiding risk altogether, Security by Design is about enabling trust in systems, designs, and data so that organizations can take on more risk, lead transformational change, and innovate with confidence. EY Next-generation security operations and response teams can provide organizations with the right amount of support to help them manage leading-class security operations in a programmatic way.  Learn more.

FishTech

MISA service offering: Microsoft Defender ATP

Fishtech is the leading current generation cybersecurity services provider for enabling secure and successful business transformation. Data-driven and born in the cloud, Fishtech provides the people, processes, and technology to minimize risk, maintain compliance, and increase business efficiency. Our human-led, machine-driven security-as-a-service division, CYDERES, helps organizations manage cybersecurity risks, detect threats, and respond to security incidents in real-time. Learn more.

Infosys

MISA service offering: Azure Active Directory, Azure Sentinel

Infosys CyberSecurity offers a flexible managed security services model that empowers organizations with people, processes, and technology to secure their critical assets and data. With our quality services, we help protect your data and infrastructure with the latest technology and certified professionals, while adhering to the latest industry-specific compliance standards. Learn more.

Insight

MISA service offering: Azure Sentinel

Insight Services for Azure Sentinel help you take advantage of cutting-edge technology from Microsoft to strengthen and simplify your security environment. During an engagement, our consultants address all major areas of your SOC, including new tools or processes that would be beneficial to adopt. Learn more.

Inspark

MISA service offering: Azure Sentinel

The new Azure Sentinel and the Fusion capabilities empower Inspark to help keep our customers safe for the future. Our Cloud Security Center incorporates Azure Sentinel and the Microsoft Security Graph into our solution to better protect our customers. Learn more.

KPMG (US & EMEA)

MISA service offering: Azure Sentinel

The KPMG + Azure Sentinel solution has been designed to help businesses improve their security monitoring and incident response capabilities by combining KPMG’s cybersecurity, incident response, and industry experience with Microsoft’s advanced cybersecurity technologies. Learn more.

Open Systems

MISA service offering: Azure Sentinel

Open Systems designed a scalable MDR platform that helps detect threats early to limit the damage. It combines human knowhow, advanced automated threat detection, and the best sensor technology. In addition, a cloud-scale SIEM built on Microsoft Azure Sentinel ensures smooth logfile integration from your existing security controls and other sources of relevant data. Learn more.

Optiv Security

MISA service offering: Microsoft Defender ATP, Azure Sentinel, Azure Active Directory

Optiv Security is a security solutions integrator that enables clients to reduce risk by taking a strategic approach to cybersecurity. Align your security program to achieve specific business outcomes with our full suite of service capabilities, from strategy to technology—and everything in between. Our managed security services provide vetted on-staff vulnerability and security researchers and multiple operations centers to support your organization every moment, of every day, so you can refocus your existing IT staff on core business needs. Learn more.

Truesec

MISA service offering: Microsoft Defender ATP

As a leading cybersecurity consulting company, Truesec offers a wide range of services including security health checks, security engineering, and penetration testing, all provided by cyber security specialists. Our managed service will give your organization the capability to detect and respond quickly to cyberattacks. Our success is based on a combination of extraordinary cyber experts, the most advanced tools in the market today, and by investing in truly understanding the specifics of our client’s IT environments. Learn more.

Trustwave

MISA service offering:  Microsoft Defender ATP, Azure Sentinel

Trustwave Threat Detection and Response Services for Microsoft Azure uses Microsoft Security Graph API to ingest data from Microsoft Azure Sentinel and Microsoft Defender ATP to provide real-time triage, analysis, investigation, response, and remediation of security threats. Learn more.

Wipro

MISA service offering: Azure Active Directory, Azure Sentinel

Wipro provides end-to-end security solutions and services for business to enterprise, partners and consumers through Microsoft security stacks. Learn more

For more information

To learn more about the Microsoft Intelligent Security Association watch this video or visit the webpage.  To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Intelligent Security Association expands to include managed security service providers appeared first on Microsoft Security.

Microsoft Intelligent Security Association expands to include managed security service providers

July 14th, 2020 No comments

We’d planned a splashy party at Microsoft Inspire to announce our newest Microsoft Intelligent Security Association (MISA) members and introduce them to association members, but given our world today, I am instead picturing you reading this announcement curled up in a chair with a cup of coffee. Almost as satisfying, right?

Welcoming Managed Security Service Providers to MISA

Two years ago, we launched MISA to offer our customers holistic solutions that help them better defend against a world of increasing threats. Our vision was to build a robust security ecosystem that included leading security technology companies that provide value to our joint customers. We began by partnering with independent software vendors that have integrated their solutions with Microsoft. Since launch, MISA has expanded significantly—in just the last year, membership increased from 57 members to 133!

Through MISA, we’ve been able to collaborate with some of the most innovative security companies in the world, but our joint customers also need security services that are deeply interwoven with MISA software solutions. To meet this demand, MISA is launching an invitation-only pilot program in July 2020 for select managed security service providers (MSSPs).

Today we’re happy to bring a win-win-win offering by enabling MSSPs and managed detection and response partners to sell and deploy not just Microsoft’s security solutions but more importantly our joint solutions with our independent software vendor partners.”  – Eran Barak, Principle PM Manager, Microsoft Threat Protection.

By including MSSPs in the program, our joint customers will benefit from security consultants with deep expertise in MISA solutions, enabling them to get the most out of their investments. The expansion also creates more opportunities for security organizations to work together on the creative solutions we will need to confront an evolving threat landscape.

“MISA members are the cybersecurity industry leaders, unified by the common goal of helping secure our customers by offering their own valuable expertise and making the association more effective as it expands.”– Mandana Javaheri, Global Director of Cybersecurity Solutions Group at Microsoft Corp.

I am proud of the work that MISA has accomplished to date and look forward to partnering with our newest members to help our joint customers better safeguard their organizations. Please join me in welcoming the following MSSPs to MISA:

Accenture

MISA service offering: Azure Sentinel

Accenture Security helps organizations prepare, protect, detect, respond and recover along across the entire Microsoft Security portfolio across the full security lifecycle. Learn more.

AscentSolutions

MISA service offering: Azure Sentinel, Azure Security Center

Ascent Solutions’ risk-based defense strategy aligns your priorities with the right technology, processes, and route map to make your business more secure today. And because cybersecurity is at the heart of everything we do, we also help you defend against the right attack vectors and combat malicious actors to better protect your businesses into the future. Learn more.

Avanade

MISA service offering: Azure Sentinel

From enabling a modern workplace, to protecting your applications in the cloud, Avanade provides a holistic approach to security at every step. Learn more. 

BlueVoyant

MISA service offering: Azure Sentinel, Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

BlueVoyant provides managed detection and response (MDR) services utilizing Azure Sentinel, a cloud-native security information and event manager (SIEM), and Microsoft Threat Protection, an integrated platform that unifies best-in-class products that include Microsoft Defender ATP, Office 365 Advanced Threat Protection, Azure Advanced Threat Protection, and Microsoft Cloud Application Security. Learn more.

Born in the Cloud

MISA service offering: Azure Sentinel, Azure Security Center

Born In The Cloud leverages Azure Security services including Azure Sentinel and machine learning algorithms to monitor your environment and make sense of the data faster than any human can, allowing us to respond to threats quickly. We also manage Windows 10, Office 365, Microsoft Defender ATP and Microsoft Endpoint Manager for you, to help keep devices, data, and identities safe. All built on Azure Cloud. Learn more.

BT

MISA service offering: Azure Sentinel

One of the few local service providers in managed security services, BT Consulting uses cutting edge technology to monitor firewalls and manage endpoint security. Learn more.

Critical Start

MISA service offering: Microsoft Defender ATP, Azure Sentinel

CRITICALSTART enables customers to centralize, ingest, and correlate their logs to ensure their environment is secure. CRITICALSTART’s MDR utilizes a Trusted Behavior Registry to investigate every alert generated until they are classified as a known good and can be safely resolved. Customers see every action our CYBERSOC analysts take since our platform provides transparency across the entire process. Learn more.

Cyberproof

MISA service offering: Azure Sentinel

Cyberproof monitors your security alerts and suspicious events, collected from multiple internal and external customer data sources including Microsoft Azure Sentinel SIEM. Threats are detected as they emerge in critical cloud and on-premises infrastructure. Learn more.

Dell

MISA service offering: Microsoft Defender ATP, Azure ATP

At Dell, security is a priority – a part of every conversation; it connects our team members, customers, processes and technologies. Dell’s Security and Trust Center provides easy access to resources and solutions to help you quickly find answers to your security questions. Learn more.

Expel

MISA service offering: Microsoft Defender ATP, Azure Sentinel

The combination of the Expel Workbench™ and Expel analysts monitor your environment 24×7 to provide transparent managed security that finds attackers and gives you the answers to help you kick them out and keep them out. Learn more.

EY

MISA service offering: Microsoft Defender ATP, Azure Security Center

EY provides day-to-day resilience as well as a proactive, pragmatic, and strategic approach that considers risk and security from the onset. This is Security by Design. Rather than avoiding risk altogether, Security by Design is about enabling trust in systems, designs, and data so that organizations can take on more risk, lead transformational change, and innovate with confidence. EY Next-generation security operations and response teams can provide organizations with the right amount of support to help them manage leading-class security operations in a programmatic way.  Learn more.

FishTech

MISA service offering: Microsoft Defender ATP

Fishtech is the leading current generation cybersecurity services provider for enabling secure and successful business transformation. Data-driven and born in the cloud, Fishtech provides the people, processes, and technology to minimize risk, maintain compliance, and increase business efficiency. Our human-led, machine-driven security-as-a-service division, CYDERES, helps organizations manage cybersecurity risks, detect threats, and respond to security incidents in real-time. Learn more.

Infosys

MISA service offering: Azure Active Directory, Azure Sentinel

Infosys CyberSecurity offers a flexible managed security services model that empowers organizations with people, processes, and technology to secure their critical assets and data. With our quality services, we help protect your data and infrastructure with the latest technology and certified professionals, while adhering to the latest industry-specific compliance standards. Learn more.

Insight

MISA service offering: Azure Sentinel

Insight Services for Azure Sentinel help you take advantage of cutting-edge technology from Microsoft to strengthen and simplify your security environment. During an engagement, our consultants address all major areas of your SOC, including new tools or processes that would be beneficial to adopt. Learn more.

Inspark

MISA service offering: Azure Sentinel

The new Azure Sentinel and the Fusion capabilities empower Inspark to help keep our customers safe for the future. Our Cloud Security Center incorporates Azure Sentinel and the Microsoft Security Graph into our solution to better protect our customers. Learn more.

KPMG (US & EMEA)

MISA service offering: Azure Sentinel

The KPMG + Azure Sentinel solution has been designed to help businesses improve their security monitoring and incident response capabilities by combining KPMG’s cybersecurity, incident response, and industry experience with Microsoft’s advanced cybersecurity technologies. Learn more.

Open Systems

MISA service offering: Azure Sentinel

Open Systems designed a scalable MDR platform that helps detect threats early to limit the damage. It combines human knowhow, advanced automated threat detection, and the best sensor technology. In addition, a cloud-scale SIEM built on Microsoft Azure Sentinel ensures smooth logfile integration from your existing security controls and other sources of relevant data. Learn more.

Optiv Security

MISA service offering: Microsoft Defender ATP, Azure Sentinel, Azure Active Directory

Optiv Security is a security solutions integrator that enables clients to reduce risk by taking a strategic approach to cybersecurity. Align your security program to achieve specific business outcomes with our full suite of service capabilities, from strategy to technology—and everything in between. Our managed security services provide vetted on-staff vulnerability and security researchers and multiple operations centers to support your organization every moment, of every day, so you can refocus your existing IT staff on core business needs. Learn more.

Truesec

MISA service offering: Microsoft Defender ATP

As a leading cybersecurity consulting company, Truesec offers a wide range of services including security health checks, security engineering, and penetration testing, all provided by cyber security specialists. Our managed service will give your organization the capability to detect and respond quickly to cyberattacks. Our success is based on a combination of extraordinary cyber experts, the most advanced tools in the market today, and by investing in truly understanding the specifics of our client’s IT environments. Learn more.

Trustwave

MISA service offering:  Microsoft Defender ATP, Azure Sentinel

Trustwave Threat Detection and Response Services for Microsoft Azure uses Microsoft Security Graph API to ingest data from Microsoft Azure Sentinel and Microsoft Defender ATP to provide real-time triage, analysis, investigation, response, and remediation of security threats. Learn more.

Wipro

MISA service offering: Azure Active Directory, Azure Sentinel

Wipro provides end-to-end security solutions and services for business to enterprise, partners and consumers through Microsoft security stacks. Learn more

For more information

To learn more about the Microsoft Intelligent Security Association watch this video or visit the webpage.  To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Intelligent Security Association expands to include managed security service providers appeared first on Microsoft Security.

Microsoft Intelligent Security Association expands to include managed security service providers

July 14th, 2020 No comments

We’d planned a splashy party at Microsoft Inspire to announce our newest Microsoft Intelligent Security Association (MISA) members and introduce them to association members, but given our world today, I am instead picturing you reading this announcement curled up in a chair with a cup of coffee. Almost as satisfying, right?

Welcoming Managed Security Service Providers to MISA

Two years ago, we launched MISA to offer our customers holistic solutions that help them better defend against a world of increasing threats. Our vision was to build a robust security ecosystem that included leading security technology companies that provide value to our joint customers. We began by partnering with independent software vendors that have integrated their solutions with Microsoft. Since launch, MISA has expanded significantly—in just the last year, membership increased from 57 members to 133!

Through MISA, we’ve been able to collaborate with some of the most innovative security companies in the world, but our joint customers also need security services that are deeply interwoven with MISA software solutions. To meet this demand, MISA is launching an invitation-only pilot program in July 2020 for select managed security service providers (MSSPs).

Today we’re happy to bring a win-win-win offering by enabling MSSPs and managed detection and response partners to sell and deploy not just Microsoft’s security solutions but more importantly our joint solutions with our independent software vendor partners.”  – Eran Barak, Principle PM Manager, Microsoft Threat Protection.

By including MSSPs in the program, our joint customers will benefit from security consultants with deep expertise in MISA solutions, enabling them to get the most out of their investments. The expansion also creates more opportunities for security organizations to work together on the creative solutions we will need to confront an evolving threat landscape.

“MISA members are the cybersecurity industry leaders, unified by the common goal of helping secure our customers by offering their own valuable expertise and making the association more effective as it expands.”– Mandana Javaheri, Global Director of Cybersecurity Solutions Group at Microsoft Corp.

I am proud of the work that MISA has accomplished to date and look forward to partnering with our newest members to help our joint customers better safeguard their organizations. Please join me in welcoming the following MSSPs to MISA:

Accenture

MISA service offering: Azure Sentinel

Accenture Security helps organizations prepare, protect, detect, respond and recover along across the entire Microsoft Security portfolio across the full security lifecycle. Learn more.

AscentSolutions

MISA service offering: Azure Sentinel, Azure Security Center

Ascent Solutions’ risk-based defense strategy aligns your priorities with the right technology, processes, and route map to make your business more secure today. And because cybersecurity is at the heart of everything we do, we also help you defend against the right attack vectors and combat malicious actors to better protect your businesses into the future. Learn more.

Avanade

MISA service offering: Azure Sentinel

From enabling a modern workplace, to protecting your applications in the cloud, Avanade provides a holistic approach to security at every step. Learn more. 

BlueVoyant

MISA service offering: Azure Sentinel, Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

BlueVoyant provides managed detection and response (MDR) services utilizing Azure Sentinel, a cloud-native security information and event manager (SIEM), and Microsoft Threat Protection, an integrated platform that unifies best-in-class products that include Microsoft Defender ATP, Office 365 Advanced Threat Protection, Azure Advanced Threat Protection, and Microsoft Cloud Application Security. Learn more.

Born in the Cloud

MISA service offering: Azure Sentinel, Azure Security Center

Born In The Cloud leverages Azure Security services including Azure Sentinel and machine learning algorithms to monitor your environment and make sense of the data faster than any human can, allowing us to respond to threats quickly. We also manage Windows 10, Office 365, Microsoft Defender ATP and Microsoft Endpoint Manager for you, to help keep devices, data, and identities safe. All built on Azure Cloud. Learn more.

BT

MISA service offering: Azure Sentinel

One of the few local service providers in managed security services, BT Consulting uses cutting edge technology to monitor firewalls and manage endpoint security. Learn more.

Critical Start

MISA service offering: Microsoft Defender ATP, Azure Sentinel

CRITICALSTART enables customers to centralize, ingest, and correlate their logs to ensure their environment is secure. CRITICALSTART’s MDR utilizes a Trusted Behavior Registry to investigate every alert generated until they are classified as a known good and can be safely resolved. Customers see every action our CYBERSOC analysts take since our platform provides transparency across the entire process. Learn more.

Cyberproof

MISA service offering: Azure Sentinel

Cyberproof monitors your security alerts and suspicious events, collected from multiple internal and external customer data sources including Microsoft Azure Sentinel SIEM. Threats are detected as they emerge in critical cloud and on-premises infrastructure. Learn more.

Dell

MISA service offering: Microsoft Defender ATP, Azure ATP

At Dell, security is a priority – a part of every conversation; it connects our team members, customers, processes and technologies. Dell’s Security and Trust Center provides easy access to resources and solutions to help you quickly find answers to your security questions. Learn more.

Expel

MISA service offering: Microsoft Defender ATP, Azure Sentinel

The combination of the Expel Workbench™ and Expel analysts monitor your environment 24×7 to provide transparent managed security that finds attackers and gives you the answers to help you kick them out and keep them out. Learn more.

EY

MISA service offering: Microsoft Defender ATP, Azure Security Center

EY provides day-to-day resilience as well as a proactive, pragmatic, and strategic approach that considers risk and security from the onset. This is Security by Design. Rather than avoiding risk altogether, Security by Design is about enabling trust in systems, designs, and data so that organizations can take on more risk, lead transformational change, and innovate with confidence. EY Next-generation security operations and response teams can provide organizations with the right amount of support to help them manage leading-class security operations in a programmatic way.  Learn more.

FishTech

MISA service offering: Microsoft Defender ATP

Fishtech is the leading current generation cybersecurity services provider for enabling secure and successful business transformation. Data-driven and born in the cloud, Fishtech provides the people, processes, and technology to minimize risk, maintain compliance, and increase business efficiency. Our human-led, machine-driven security-as-a-service division, CYDERES, helps organizations manage cybersecurity risks, detect threats, and respond to security incidents in real-time. Learn more.

Infosys

MISA service offering: Azure Active Directory, Azure Sentinel

Infosys CyberSecurity offers a flexible managed security services model that empowers organizations with people, processes, and technology to secure their critical assets and data. With our quality services, we help protect your data and infrastructure with the latest technology and certified professionals, while adhering to the latest industry-specific compliance standards. Learn more.

Insight

MISA service offering: Azure Sentinel

Insight Services for Azure Sentinel help you take advantage of cutting-edge technology from Microsoft to strengthen and simplify your security environment. During an engagement, our consultants address all major areas of your SOC, including new tools or processes that would be beneficial to adopt. Learn more.

Inspark

MISA service offering: Azure Sentinel

The new Azure Sentinel and the Fusion capabilities empower Inspark to help keep our customers safe for the future. Our Cloud Security Center incorporates Azure Sentinel and the Microsoft Security Graph into our solution to better protect our customers. Learn more.

KPMG (US & EMEA)

MISA service offering: Azure Sentinel

The KPMG + Azure Sentinel solution has been designed to help businesses improve their security monitoring and incident response capabilities by combining KPMG’s cybersecurity, incident response, and industry experience with Microsoft’s advanced cybersecurity technologies. Learn more.

Open Systems

MISA service offering: Azure Sentinel

Open Systems designed a scalable MDR platform that helps detect threats early to limit the damage. It combines human knowhow, advanced automated threat detection, and the best sensor technology. In addition, a cloud-scale SIEM built on Microsoft Azure Sentinel ensures smooth logfile integration from your existing security controls and other sources of relevant data. Learn more.

Optiv Security

MISA service offering: Microsoft Defender ATP, Azure Sentinel, Azure Active Directory

Optiv Security is a security solutions integrator that enables clients to reduce risk by taking a strategic approach to cybersecurity. Align your security program to achieve specific business outcomes with our full suite of service capabilities, from strategy to technology—and everything in between. Our managed security services provide vetted on-staff vulnerability and security researchers and multiple operations centers to support your organization every moment, of every day, so you can refocus your existing IT staff on core business needs. Learn more.

Truesec

MISA service offering: Microsoft Defender ATP

As a leading cybersecurity consulting company, Truesec offers a wide range of services including security health checks, security engineering, and penetration testing, all provided by cyber security specialists. Our managed service will give your organization the capability to detect and respond quickly to cyberattacks. Our success is based on a combination of extraordinary cyber experts, the most advanced tools in the market today, and by investing in truly understanding the specifics of our client’s IT environments. Learn more.

Trustwave

MISA service offering:  Microsoft Defender ATP, Azure Sentinel

Trustwave Threat Detection and Response Services for Microsoft Azure uses Microsoft Security Graph API to ingest data from Microsoft Azure Sentinel and Microsoft Defender ATP to provide real-time triage, analysis, investigation, response, and remediation of security threats. Learn more.

Wipro

MISA service offering: Azure Active Directory, Azure Sentinel

Wipro provides end-to-end security solutions and services for business to enterprise, partners and consumers through Microsoft security stacks. Learn more

For more information

To learn more about the Microsoft Intelligent Security Association watch this video or visit the webpage.  To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Intelligent Security Association expands to include managed security service providers appeared first on Microsoft Security.

The world is your authentication and identity oyster

July 2nd, 2020 No comments

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here.

The world is your authentication/identity oyster

If you’re older than 10 years of age you’ve undoubtedly heard the phrase “The world is your oyster.” This basically means that you are able to take the opportunities that life has to offer. Nothing could be more accurate in the description of technology of the world today. Now if we take some liberties with that phrase, we could also say that “the world is your authentication/identity oyster.” There are countless options available to the organizations as to how they want to execute on their vision.

Too long we’ve been collectively saddled with the prospect of passwords as one of the default authentication protocols. This has proven itself to be a standard in many respects. We’ve been taught for decades that passwords are some level of security that can be implemented to protect websites and so forth. This is an unfortunate notion that we need to dispel.

The problem here is that passwords have come to a point where they need to be replaced with an advanced system of security for authentication. Let’s take this as an example: If someone knows a password it by no means ensures who that person is who is utilizing it. Yes, there is some understanding of trust as to who has the use of said password, but over the years I’ve learned that this is by no means a guarantee. As an example, 86 percent of breaches were financially motivated, according to the 2020 Verizon DBIR.

When attackers managed to compromise a website they will re-use the credentials that they capture in a bid to increase their access to other websites simply because they understand that people are creatures of habit and will reuse the same password in multiple places in a bid to reduce the mental fatigue that comes with trying to remember them all. Even when I check in my own password manager application, I’ll note that I have over 900 passwords alone. It is too little surprise that people still write them on post-it notes to this very day.

There are so many options available to remedy our password predicament. MFA is an excellent example of how to move forward with a better solution to authentication. When we look at something such as MFA we have to understand that there is a culture shift involved. Eighty percent of security breaches involve compromised passwords. People can be hesitant and resistant to change but will embrace that change when security has been democratized.

If it is easy for a non-technical person to use, then they will adopt that and then by extension improve the security of your organization. Case in point, my mother can use the Duo app as an example to authenticate to her email and other applications. When you have applications written for engineers by engineers in the hands of the layperson you can imagine how that will end. The security tools need to be easy to use.

If you’re using a push-based application or even something with the W3C WebAuthN open standard, which can leverage an API to replace passwords, you can improve the security of your organization by removing passwords from the mix. Using technologies such as this in conjunction with Azure AD as an example will reduce the risk to an organization. You would have authenticated users access to your systems without having to wonder if the person with the password logging in from a coffee shop in London, New York, or Toronto is in fact who you assume they should be.

The tools are at your disposal today to improve your security posture, reduce risk, and ultimately costs when users can self-manage. When security technology has been democratized it leads to wider adoption by techno-savvy users and luddites alike.

Ready to get started? Sign up for a free trial at signup.duo.com.

Want to learn more about Duo and Microsoft together?

About Duo Security

Duo helps Azure Active Directory (Azure AD) customers move to the cloud safely and securely by verifying the identity of the users with strong multi-factor authentication (MFA), and the trust of the device using device hygiene insights. Our joint customers use that information to create robust access policies that are enforced before granting access to applications both on-premises and in the cloud.

How Duo helps protect Microsoft Applications: Duo + Microsoft Partnership Page

Learn more: Duo Security – Azure Active Directory 

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post The world is your authentication and identity oyster appeared first on Microsoft Security.

Barracuda and Microsoft: Securing applications in public cloud

June 18th, 2020 No comments

This blog was written by a MISA partner. To learn more about MISA, visit our website.

Barracuda Cloud Application Protection (CAP) platform features integrations with Microsoft Azure Active Directory (Azure AD) and Azure Security Center. A component of CAP, Barracuda WAF-as-a-Service is built on Microsoft Azure and provides advanced WAF capabilities in an easy to deploy and manage solution.

In our last blog, I spoke about how Barracuda and Microsoft are working together to remove barriers to faster public cloud adoption. The post focused on remote access, networks, and secure connectivity to public cloud. The topic of this blog post is to share some thoughts on how web applications in public cloud are secured. 

Accelerating digital transformation

As I mentioned last time, digital transformation is fundamentally changing today’s enterprises, making digital assets—data and applications—key to doing business. Organizations are increasingly competing based on their digital agility, and of course web applications are central to how digital businesses operate today.

In order to develop and update applications faster, organizations are deploying DevOps processes and agile methodologies, and they are moving their infrastructure to the cloud. However, while applications are developed and deployed faster than ever, secure coding practices have not kept pace, resulting in a constantly growing number of open vulnerabilities that can be exploited.

At the same time, the threat environment is continuously evolving and becoming more challenging. Hackers are getting more sophisticated; they are now professional criminals or even nation states. In addition to manual hacking attacks, bots and botnets are increasingly used to attack enterprise infrastructures through web applications. These automated exploits are often executed as Distributed Denial of Service (or DDoS) attacks, at both network and application layer. And of course, malware is constantly getting more advanced. The growth in the number of unprotected application vulnerabilities, coupled with the increase in hacking and malware, has resulted in a perfect storm of data breaches. So, application security is a key requirement for successful digital transformation. A recent Microsoft Build 2020 blog post focused on how Microsoft is helping developers build more secure applications.

Is the latest health crisis going to slow down the digital transformation process? In fact, it appears the opposite is occurring—it is acting as a catalyst. In the last blog, we discussed how the sudden increase in remote work is accelerating the network evolution. In addition, similar changes are occurring in the applications landscape.

As people stay at home due to government orders, they are increasingly transacting online. Brick-and-mortar stores are closed, and to stay in business retailers and other businesses are shifting all their operations online.

Leveraging public cloud for web applications

Such rapid scaling of online operations is difficult and expensive to achieve using traditional datacenters. Fortunately, public cloud providers such as Microsoft Azure provide robust platforms that allow customers to quickly scale up application infrastructure—now things can be completed in days or even hours, instead of weeks or months. And of course, the flexibility that comes with public cloud deployments is especially valuable now, as there is a lot of uncertainty about how long lockdowns will continue and whether online capacity would need to be reduced in the future.

We have seen a significant increase in hacking, DDoS, and bot attacks during the last couple of months, so in addition to scaling up online capacity, it is critically important to ensure security and availability. Using a complete application security platform is the best way to protect applications from all attack vectors, including hacking, DDoS, bots, and even API attacks.

Types and number of online threats in the public cloud.

In the new report, Future shock: the cloud is the new network,1 published in February, Barracuda surveyed 750 IT decision makers responsible for their organizations’ cloud infrastructure. We learned that organizations are well on their way to moving their infrastructure to public cloud, with 45 percent of IT infrastructure already running in the cloud today and rising to an estimated 76 percent in 5 years.

At the same time, the top concern restricting an even faster adoption of public cloud is security, with 70 percent of the respondents indicating that security concerns restrict their organizations’ adoption of public cloud.

If you look at the type of security issues that are the biggest blockers to public cloud adoption, the top two are sophisticated hackers and open vulnerabilities in applications. Also on the list are DDoS attacks and advanced bots/botnets, and from conversations with both customers and analysts since the onset of COVID-19, it appears that both DDoS attacks and bot attacks have spiked up even higher.

Barracuda Cloud Application Protection (CAP) platform is a comprehensive, scalable and easy-to-deploy platform that secures applications wherever they reside.

 

About Barracuda

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 150,000 organizations worldwide trust Barracuda to protect them—in ways they may not even know they are at risk—so they can focus on taking their business to the next level. For more information, visit barracuda.com.

View our integration videos

For more information on Microsoft Security Solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 


1Future shock: the cloud is the new network, Barracuda, February 2020

The post Barracuda and Microsoft: Securing applications in public cloud appeared first on Microsoft Security.

Barracuda and Microsoft: Removing security barriers to faster public cloud adoption

June 11th, 2020 No comments

Barracuda’s CloudGen Firewall is tightly integrated with Microsoft Azure Virtual WAN, Azure Active Directory (Azure AD), Azure Security Center, and Azure Sentinel. Integrated into Azure, Barracuda’s networking and security capabilities enable customers’ secure infrastructure migrations and the use of public cloud for additional security solutions such as scalable remote access.

As I write this blog, people in many areas around the world continue to stay home due to lockdowns and shelter-in-place orders, while some countries and states are starting to gradually relax restrictions to get at least some businesses and operations re-opened. These are unprecedented times, and a lot of uncertainty remains. Will most people go back to commuting and working mostly from their offices? Or will the world substantially shift to working from home? How will our recent experiences affect key technology trends such as digital transformation and IT infrastructure migration to public cloud?

Accelerating digital transformation

Digital transformation is fundamentally changing today’s enterprises, making digital assets—data and applications—key to doing business. As more value shifts from physical to digital assets, businesses increasingly compete based on how quickly they can ramp up and manage their digital assets; in effect, they are becoming digital businesses. DevOps processes, agile methodologies, and the move to cloud help enterprises to develop and update their digital assets faster.

By their nature, in order to generate value, digital assets need to be networked and available. These assets need to be protected from threats that are continuously evolving and becoming more challenging. Hackers are getting more sophisticated and malware is constantly getting more advanced. So, security is a critical requirement for successful digital transformation.

In speaking with customers and partners, we at Barracuda are hearing one consistent theme: It appears that the crisis and the resulting changes in work patterns are accelerating digital transformation. In many parts of the world, for example, where working from home has not been common and the infrastructure was not built to support it, IT professionals are evaluating how to enable it. In places where electronic signatures have not yet gone mainstream, there is a strong push for wider acceptance. Industries and geographies relying on brick-and-mortar stores are quickly moving operations online.

Leveraging public cloud for remote access

Public cloud adoption and cloud connectivity are key long-term trends that are getting an additional boost from the latest crisis. As lockdowns and restrictions went into effect, we at Barracuda got a major increase in customer requests for scaling up remote access functionality. IT departments were asked to very quickly ramp up remote access capabilities.

This is one example where public cloud can be quickly leveraged to expand remote access capacity. While an on-premises firewall or VPN gateway may not be sized to provide remote access to the entire employee population now working from home, it may be a complicated and lengthy process to expand that capacity. A quicker option is to stand up a remote access service in public cloud and connect it back to the on-premises firewall. This solution can be acquired from the Microsoft Azure Marketplace on a pay-as-you-go basis, for example, and set up within hours. All remote workers are given a new website to connect, and VPN and security processing are offloaded to the cloud. The entire system can be quickly and easily scaled up when shelter-in-place restrictions go into effect and scaled down when employees go back to working in the office.

Public cloud and SD-WAN

Remote access is, of course, just one example of the fact that traditional network and security infrastructures are inflexible—they cannot effectively accommodate digital transformation requirements. The health crisis just brought this into the spotlight. The move to public cloud is already broadly under way, and networks need to catch up.

Image of a graph show the percentage of IT infrastructure in the public cloud.

In the new report, Future shock: the cloud is the new network,* that was published in February, Barracuda surveyed 750 IT decision makers responsible for their organizations’ cloud infrastructure. We learned that organizations are well on their way to moving their infrastructure to public cloud, with 45 percent of IT infrastructure already running in the cloud today and rising to an estimated 76 percent in five years.

A graph showing “Future shock: the cloud is the new network."

At the same time, companies need to re-evaluate their security strategies as they move to public cloud, with 70 percent of respondents indicating that security concerns restrict their organizations’ adoption of public cloud. And their solution of choice for optimizing and securing access to public cloud is a fully integrated secure SD-WAN, with 56 percent of respondents having already deployed or are in the process of deploying it.

About Barracuda

At Barracuda, we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 150,000 organizations worldwide trust Barracuda to protect them—in ways they may not even know they are at risk—so they can focus on taking their business to the next level. For more information, visit barracuda.com.

View our integration videos:

For more information on Microsoft Security Solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

*Future shock: the cloud is the new network, Barracuda, February 2020

The post Barracuda and Microsoft: Removing security barriers to faster public cloud adoption appeared first on Microsoft Security.

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

May 6th, 2020 No comments

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here.

Whether you’re a security team of one or a dozen, detecting and stopping threats around the clock is a challenge. Security incidents don’t happen exclusively during business hours: attackers often wait until the late hours of the night to breach an environment.

At Red Canary, we work with security teams of all shapes and sizes to improve detection and response capabilities. Our Security Operations Team investigates threats in customer environments 24/7/365, removes false positives, and delivers confirmed threats with context. We’ve seen teams run into a wide range of issues when trying to establish after-hours coverage on their own, including:

  • For global enterprises, around-the-clock monitoring can significantly increase the pressure on a U.S.–based security team. If you have personnel around the world, a security team in a single time zone isn’t sufficient to cover the times that computing assets are used in those environments.
  • In smaller companies that don’t have global operations, the security team is more likely to be understaffed and unable to handle 24/7 security monitoring without stressful on-call schedules.
  • For the security teams of one, being “out of office” is a foreign concept. You’re always on. And you need to set up some way to monitor the enterprise while you’re away.

Microsoft Defender Advanced Threat Protection (ATP) is an industry leading endpoint security solution that’s built into Windows with extended capabilities to Mac and Linux servers. Red Canary unlocks the telemetry delivered from Microsoft Defender ATP and investigates every alert, enabling you to immediately increase your detection coverage and waste no time with false positives.

Here’s how those who haven’t started with Red Canary yet can answer the question, “How can I support my 24/7 security needs with Microsoft Defender ATP?”

No matter how big your security team is, the most important first step is notifying the right people based on an on-call schedule. In this post, we’ll describe two different ways of getting Microsoft Defender ATP alerts to your team 24×7 and how Red Canary has implemented this for our customers.

Basic 24/7 via email

Microsoft Defender Security Center allows you to send all Microsoft Defender ATP alerts to an email address. You can set up email alerts under Settings → Alert notifications.

MISA1

Email notification settings in Microsoft Defender Security Center.

These emails will be sent to your team and should be monitored for high severity situations after-hours.

If sent to a ticketing system, these emails can trigger tickets or after-hours pages to be created for your security team. We recommend limiting the alerts to medium and high severity so that you won’t be bothered for informational or low alerts.

MISA2

Setting up alert emails in Microsoft Defender ATP to be sent to a ticketing system.

Now any future alerts will create a new ticket in your ticketing system where you can assign security team members to on-call rotations and notify on-call personnel of new alerts (if supported). Once the notification is received by on-call personnel, they would then log into Microsoft Defender’s Security Center for further investigation and triage. 

Enhanced 24/7 via APIs

What if you want to ingest alerts to a system that doesn’t use email? You can do this by using the Microsoft Defender ATP APIs. First, you’ll need to have an authentication token. You can get the token like we do here:

MISA3

API call to retrieve authentication token.

Once you’ve stored the authentication token you can use it to poll the Microsoft Defender ATP API and retrieve alerts from Microsoft Defender ATP. Here’s an example of the code to pull new alerts.

MISA4

API call to retrieve alerts from Microsoft Defender ATP.

The API only returns a subset of the data associated with each alert. Here’s an example of what you might receive.

MISA5

Example of a Microsoft Defender ATP alert returned from the API.

You can then take this data and ingest it into any of your internal tools. You can learn more about how to access Microsoft Defender ATP APIs in the documentation. Please note, the limited information included in an alert email or API response is not enough to triage the behavior. You will still need to log into the Microsoft Defender Security Center to find out what happened and take appropriate action.

24/7 with Red Canary

By enabling Red Canary, you supercharge your Microsoft Defender ATP deployment by adding a proven 24×7 security operations team who are masters at finding and stopping threats, and an automation platform to quickly remediate and get back to business.

Red Canary continuously ingests all of the raw telemetry generated from your instance of Microsoft Defender ATP as the foundation for our service. We also ingest and monitor Microsoft Defender ATP alerts. We then apply thousands of our own proprietary analytics to identify potential threats that are sent 24/7 to a Red Canary detection engineer for review.

Here’s an overview of the process (to go behind the scenes of these operations check out our detection engineering blog series):

MISA6

Managed detection and response with Red Canary.

Red Canary is monitoring your Microsoft Defender ATP telemetry and alerts. If anything is a confirmed threat, our team creates a detection and sends it to you using a built-in automation framework that supports email, SMS, phone, Microsoft Teams/Slack, and more. Below is an example of what one of those detections might look like.

MISA7

Red Canary confirms threats and prioritizes them so you know what to focus on.

At the top of the detection timeline you’ll receive a short description of what happened. The threat has already been examined by a team of detection engineers from Red Canary’s Cyber Incident Response Team (CIRT), so you don’t have to worry about triage or investigation. As you scroll down, you can quickly see the results of the investigation that Red Canary’s senior detection engineers have done on your behalf, including detailed notes that provide context to what’s happening in your environment:

MISA8

Notes from Red Canary senior detection engineers (in light blue) provide valuable context.

You’re only notified of true threats and not false positives. This means you can focus on responding rather than digging through data to figure out what happened.

What if you don’t want to be woken up, you’re truly unavailable, or you just want bad stuff immediately dealt with? Use Red Canary’s automation to handle remediation on the fly. You and your team can create playbooks in your Red Canary portal to respond to threats immediately, even if you’re unavailable.

MISA9

Red Canary automation playbook.

This playbook allows you to isolate the endpoint (using the Machine Action resource type in the Microsoft Defender ATP APIs) if Red Canary identifies suspicious activity. You also have the option to set up Automate playbooks that depend on an hourly schedule. For example, you may want to approve endpoint isolation during normal work hours, but use automatic isolation overnight:

MISA10

Red Canary Automate playbook to automatically remediate a detection.

Getting started with Red Canary

Whether you’ve been using Microsoft Defender ATP since it’s preview releases or if you’re just getting started, Red Canary is the fastest way to accelerate your security operations program. Immediate onboarding, increased detection coverage, and a 24/7 CIRT team are all at your fingertips.

Terence Jackson, CISO at Thycotic and Microsoft Defender ATP user, describes what it’s like working with Red Canary:

“I have a small team that has to protect a pretty large footprint. I know the importance of detecting, preventing, and stopping problems at the entry point, which is typically the endpoint. We have our corporate users but then we also have SaaS customers we have to protect. Currently my team tackles both, so for me it’s simply having a trusted partner that can take the day-to-day hunting/triage/elimination of false positives and only provide actionable alerts/intel, which frees my team up to do other critical stuff.”

Red Canary is the fastest way to enhance your detection coverage from Microsoft Defender ATP so you know exactly when and where to respond.

Contact us to see a demo and learn more.

The post How to gain 24/7 detection and response coverage with Microsoft Defender ATP appeared first on Microsoft Security.

Empower Firstline Workers with Azure AD and YubiKey passwordless authentication

March 12th, 2020 No comments

At the end of February, Microsoft announced the FIDO2 passwordless support for hybrid environments. The integration of FIDO2-based YubiKeys and Azure Active Directory (Azure AD) is a game changer. It combines the ubiquity of Azure AD, the usability of YubiKey, and the security of both solutions to put us on the path to eliminate passwords in the enterprise. Think about that for a moment. Imagine never being asked to change your password again, no more password spreadsheets or vault apps. No more phishing and password spray! Would it be too much to compare it to the moon landing? Probably. But it’s at least as monumental to security as the introduction of passwords themselves. Now think about how much passwordless authentication will improve everyday work for Firstline Workers. Today I’ll share why usability and user experience are so important and how you can modernize work (and security) while reducing costs for Firstline Workers. I’ll also provide advice on transitioning your hybrid environment to passwordless.

User experience matters

Do you want to know why attackers have been so successful? Because they’ve paid attention to user experience. The tools they use to trick users to hand over passwords have been carefully updated to feel legitimate to users. One tool even has a Help Desk, if you can believe that! And it’s working. Many users don’t even realize they’ve given up their password. Bad actors can focus on usability because the economics of hacking are cheap. They don’t have to be present to interrupt a sign-in, and they only need one password to gain access and move laterally to increase privileges. They don’t need a high success rate to achieve a good payoff, which allows them to take the time to get it right. They use that time to research companies for good targets and improving the user experience of their phishing attempts.

Yubico understands the importance of usability and makes security tools accessible and easy to use. Our flagship product, YubiKey, was designed with these principles in mind. The YubiKey is a hardware token with a cryptographic element that supports FIDO2 standards. It is not a password storage device, nor does it contain any personal information. With traditional passwords, the server requests a password, and if the user hands over the password, the server has no way to validate if that user should have that password. With a YubiKey, the server sends a challenge to the user. The user plugs the key in and touches it to sign the challenge. It requires the user to be physically present, so it eliminates remote takeovers of accounts. The ability to work from anywhere in the world is what enables cybercrime.

 

Equally important is its simplicity. Users don’t need to find a code on a separate device or remember complicated passwords or a PIN. The same key can be used across all their devices and accounts, and you can attach it to a keychain. (Take a look at this video to see it in action.)

Transform the Firstline Worker experience, securely

The biggest opportunity for the Azure AD and YubiKey integration to make a real difference is with Firstline Workers. Firstline Workers are more than 2 billion people worldwide who work in service- or task-oriented roles across industries such as retail, hospitality, travel, and manufacturing. They are often mobile, and many serve as the first touchpoint with your customers. Incredibly important to your business, they have been underserved by the cloud revolution. Firstline Workers typically aren’t issued a computer, and the computers they do use may not have a lot of connectivity. This makes it difficult to stay connected to corporate communications or interact digitally with coworkers. It can also prevent them from efficiently doing their jobs. For example, it can be challenging to serve customers if an employee needs to sign into an available computer to answer a question.

One call center reduced the steps to sign in from 13 steps to six—that’s a 60 percent reduction.

There are a lot of hidden costs to password resets. To reduce this time, Firstline Worker passwords often never change. They have developed the same familiar bad habits as office workers: they write down passwords or reuse the same one across multiple sites. Lurking in the wings are the bad actors who just need one password to infiltrate your organization.

YubiKey reduces that risk and empowers your Firstline Workers. With a YubiKey users can easily move from device to device. This can dramatically improve the work experience. It also drives better business outcomes. One call center that implemented YubiKey authentication cut its sign-in process from 13 steps to six—that’s a 60 percent reduction. Reducing time spent signing in can drive huge costs reductions.

The Azure AD and YubiKey integration can support your digital transformation goals in the field. Firstline Workers will easily access the information they need whether that is for customer service or building new products—with significantly less risk of an account takeover.

Transition your hybrid environment to passwordless

YubiKey is a good fit for companies who are invested in Microsoft technology because the device includes several generations of solutions. It works with legacy applications (we can protect anything from Windows XP on up) and cloud solutions like Azure and Office 365. It can support one-time passwords (OTP) with Active Directory or smart card capabilities. If you use Active Directory Federation Services to authenticate, there is a plugin that integrates with on-premises. It’s also compatible with cloud-based authentication, and we are working with Microsoft on integration with Azure Active Directory. Our latest YubiKey 5 Series supports the following authentication technologies:

  • FIDO2
  • U2F
  • PIV
  • Yubico OTP
  • OATH HOTP

As a first step towards passwordless, no matter your environment, start by implementing multi-factor authentication (MFA) everywhere, using the YubiKey as a hardware-based backup to a username and password.

Learn more

Yubico is committed to developing new technology to help users trust what they are doing online. We are working with Microsoft to build the latest and greatest into Azure AD. Join us at one of our co-hosted workshops with Microsoft where we will walk you through how you can plan your journey towards eliminating passwords.

Read Alex Simons’ blog announcement about Azure Active Directory support for FIDO2 security keys.   For more information on Microsoft Security solutions, visit https://www.microsoft.com/en-us/security/business.

The post Empower Firstline Workers with Azure AD and YubiKey passwordless authentication appeared first on Microsoft Security.