Archive

Archive for the ‘Zero Trust’ Category

How to improve risk management using Zero Trust architecture

“Compliance is all about risk management and lessening risk, and the same is true of Zero Trust.”

Abbas Kudrati

What’s risk management and why is it important?

Risk management, the process of developing a strategy for addressing risk throughout its lifecycle, normally involves four phases: risk identification, assessment, response, and monitoring and reporting.

Phases of risk management listed as identification, assessment, response, and monitoring and reporting.

Risk management plays a critical role in helping organizations with their security posture enhancement. Taking insider incidents as an example, they are not only costly to organizations but also time-consuming to be contained. Given the limited resources available, we have seen many organizations often prioritize investment in security controls, which can address the more critical risks. As such, the return on investment (ROI) is maximized in effectively protecting the organizations’ assets as well as ensuring their business operations. Risk management is an ongoing activity. Are the long-established risk management programs in the enterprises staying on top of the evolving digital and threat landscapes?

With trends like digital transformation, cloud migration, and hybrid work, traditional trust boundaries are getting blurred. Perimeter-driven defense is no longer adequate in protecting against the rising attack vectors. More attention has been drawn to the Zero Trust security model that assumes attackers are in the enterprise environment and encourages organizations to always verify explicitly and enforce least-privilege access.

Why is risk management important, noting that an insider incident costs an average of USD11.45 million and takes an average of 77 days to resolve.

How can Zero Trust architecture help with risk management?

Microsoft approaches the following Zero Trust architecture as a reference for customers to defend their digital estates.

Zero Trust architecture design.

Let’s look at how Zero Trust architecture can help an organization effectively manage enterprise risk management practice throughout the four phases:

1. Identification: More thorough asset discovery and risk identification with the six pillars

In the initial step of risk management, organizations need to categorize the system and information processed, stored, and transmitted based on impact analysis. With prioritization, activities of identifying threats and vulnerability to the assets are then performed. The Zero Trust architecture emphasizes the full coverage of organization assets across the entire digital estate, with six pillars specified as identity, endpoint, network, data, application, and infrastructure. Following the reference architecture would allow organizations to obtain a holistic view of their IT landscapes and associated risks.

Some questions for organizations to consider during the asset discovery and risk identification phase:

  • What types of structured and unstructured data do you create, process, and store? Are all data classified, labeled, and encrypted?
  • What applications do you access? Are they in the cloud or on-premises?
  • What types of infrastructure do you manage—in the cloud or on-premises?
  • Who has access to your resources, including network, data, applications, and infrastructure? Are they internal or external stakeholders, human or non-human actors? How are the authentication and authorization of the identities enforced?
  • From which endpoints are access to your resources allowed? Are they owned by a company or individuals? How is device management performed and compliance reviewed?
  • What are the normal and abnormal paths of an identity accessing your resources of any kind?

2. Assessment: Continuous risk assessment as input to access control evaluation and enforcement

Typically, a risk assessment on an information asset is performed periodically or upon major changes. It allows organizations to determine the potential risks and evaluate if the existing processes and controls are sufficient to lower the risks to an acceptable level. In the more dynamic digital world where attacks happen at cloud speed, Zero Trust architecture recommends continuous risk assessment—each request shall be intercepted and verified explicitly by analyzing signals on user, location, device compliance, data sensitivity, and application type. In addition, rich intelligence and analytics can be leveraged to detect and respond to anomalies in real-time, enabling effective risk management at the request level.

In addition, the security controls included in the Zero Trust architecture enable defense-in-depth, which shall be taken into consideration during regular risk assessment at system or organizational levels. With identity being the new first line of defense, strong multifactor authentication helps to determine if the actor is who it claims to be, reducing the likelihood of unauthorized access. Device compliance check then helps to reduce the likelihood of actors using compromised or outdated endpoints to access organization resources. In case of a breach, network micro-segmentation based on least-privilege access principle will minimize the lateral movement of malicious actors, narrowing the attack surface and containing the damage. Encryption of data in transit and at rest renders data unreadable and unusable without decryption keys, further lessening the impact of data breaches.

3. Response: Real-time responsive measures to mitigate risks throughout the request life cycle

Zero Trust architecture can also be aligned with the four general categories of risk response strategies: tolerate, operate, monitor, and improve. By design, it is recommended that telemetry, state information, and risk assessment from threat protection shall all feed into the Zero Trust policy engine to enable automatic response to threats immediately. Upon collection and evaluation of all risk signals from various sources, Zero Trust policies shall be enforced in real-time to allow, deny, restrict, or further authenticate access requests. Such approaches offer great responsiveness to risks detected in real-time throughout a request lifecycle, allowing organizations to address risks in a timely manner.

4. Monitoring and reporting: Visibility at all levels empowering risk monitoring and reporting

Risk monitoring and reporting are also critical components to ensure risk governance and assurance. It is common for organizations to keep risk monitoring and reporting at the system level. With Zero Trust architecture, organizations would benefit from the flexibility of gaining visibility at all levels into risks. At the granular level, risks of a single-user identity or sign-in will be evaluated, logged, and reported. With IT and security tools integrated, other potential breach indicators like a high volume of data access and transfer and malware detection can be associated, allowing the first line of the risk management team to obtain all necessary details for investigation. The rich threat and vulnerability data can be further processed to offer an aggregated view of an organization’s risk posture, making the risk reporting to senior management and auditors more accurate and hassle-free. With the insights generated from risk monitoring and reporting, risk management strategy and policy can be continuously reviewed and improved to stay relevant and effective.

Learn more

Learn more about the Microsoft Zero Trust framework.

Organizations may leverage the free Microsoft Zero Trust Maturity Assessment Quiz to understand their current state of Zero Trust maturity and our recommendations on the next steps. More details of how Microsoft can empower organizations in their Zero Trust journeys can be found in the Zero Trust Essentials eBook.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post How to improve risk management using Zero Trust architecture appeared first on Microsoft Security Blog.

Easy authentication and authorization in Azure Active Directory with No-Code Datawiza

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.

The acceleration of cloud journeys fueled by the pandemic and ever-increasing concerns about data security and information privacy have made access management one of the hottest topics in application security and Zero Trust architecture discussions. Over the last several years, the industry has made tremendous progress on identity and access management, and Microsoft Azure Active Directory (Azure AD), with its focus on Zero Trust comprehensive cloud-based identity services, is a perfect example of this.

Achieving a secure environment is top of mind for both public and private sector organizations, with research firm markets anticipating the global Zero Trust security market will grow from USD19.6 billion in 2020 to USD51.6 billion by 2026. The United States government has mandated a federal Zero Trust architecture strategy, while businesses of every size are working to implement modern identity and access management solutions that support single sign-on (SSO), multifactor authentication, and many other key features, including adaptive and context-aware policies, governance intelligence, and automation.1

To achieve Zero Trust for applications and services, we must ensure people are who they say they are and that only the right people have access to sensitive information. This is the only way to comply with evolving data privacy regulations such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Consequently, companies must create a comprehensive, manageable way to authenticate and authorize every attempt to access data—based on a least-privileged access principle—while still providing users with the secure self-service access they need.

Datawiza, a cloud-delivered, no-code platform for easily implementing both authentication and authorization for all types of applications and APIs, works with Azure AD to help IT accelerate this key area of the journey to Zero Trust and get the most value from their hybrid multicloud environments.

As an access management as a service (AMaaS) platform, Datawiza dramatically reduces the time and engineering costs required to integrate applications with Azure AD, eliminating months of development effort thanks to its no-code approach. Developers don’t have to learn complex modern SSO protocols like OpenID Connect (OIDC), OAuth, and Security Assertions Markup Language (SAML), or use different software development kits (such as .NET, Java, and PHP) to write integration code for each application.

Web client diagram utilizing Datawiza and Microsoft Azure Active Directory.

Leveraging Datawiza with Azure AD supports comprehensive SSO and multifactor authentication across applications, with fine-grained access controls. The application types can include:

  • Homegrown applications that are written in different programming languages such as Java, PHP, and Python. These applications can reside in multicloud environments or on-premises.
  • Legacy applications, such as those from Oracle, that were never designed for the cloud and may still rely on a legacy identity solution, such as Symantec SiteMinder, on-premises Lightweight Directory Access Protocol (LDAP), or custom-built basic authentication. In fact, Datawiza can empower companies to retire their legacy identity solutions.
  • Business-to-business (B2B) multi-tenant applications available to customers using Azure AD, as well as other identity platforms.
  • Open-source tools that would otherwise require expensive enterprise license fees from the vendor to use the SSO feature to connect with Azure AD.

Options for integrating homegrown and legacy applications with Azure AD

Integrating homegrown or legacy applications with Azure AD is imperative. Not doing so leads to critical security gaps. It also causes frustration for users who need to sign into multiple applications, as well as administrators who must constantly update user profiles in multiple locations.

Integrating these applications with Azure AD requires coding and security expertise. And whether you use your developer resources or legacy on-premises gateways, as we hear from our customers, it usually takes more time and resources than anticipated—distracting development and DevOps teams from their strategic tasks. If your organization relies on a hybrid multicloud environment, the challenges are even greater. You may also consider using a free open-source software proxy, such as OAuth2-proxy, but this is still time-consuming, providing little benefit compared to the do-it-yourself approach. Further, with each of these approaches, all the effort that goes into integrating a single application must be repeated for each additional application.

How the Datawiza No-Code platform works

The Datawiza No-Code platform offers a new approach, providing authentication and authorization as a service, so it can be implemented quickly, without the need to deploy any hardware or heavyweight enterprise software, or having to rewrite applications or write new code. Datawiza uses a lightweight, cloud-delivered proxy for connecting any application and service to Azure AD, and it can also integrate across other public and private clouds.

Integrating each application takes only minutes, so the more applications you need to integrate, the more time you save—all with a single Datawiza license. And with security expertise built-in, the Datawiza AMaaS platform eliminates the need to hire an expensive new resource or consultant, while also facilitating improved governance by providing policy-defined, URL-level access controls based on detailed user and device attributes, such as group, role, IP, or browser.

How Datawiza and Azure AD work together

  1. When a user attempts to log into any application, Datawiza intercepts the access request and authenticates it using a built-in connection to Azure AD through OIDC or SAML protocols. 
  2. The user signs in through the Azure AD login page, and the OIDC or SAML message exchanges with Azure AD and Datawiza are automatically completed on behalf of the application. 
  3. Datawiza authorizes the request based on the fine-grained access policies configured in the management console and user attributes from Azure AD. 
  4. Datawiza then sends the correct credentials to the application, which uses the fine-grained access policies configured in the management console to display only the appropriate information.
  5. An IT administrator configures the platform, applications, and access policies using the Datawiza management console, instead of having to deal with the configuration files scattered in hybrid multicloud environments. 
Datawiza’s integration with Microsoft Azure Active Directory.

Datawiza, the no-code path to Zero Trust access management

The Datawiza No-Code platform can accelerate your Azure AD journey to Zero Trust for your applications and APIs by eliminating the need for developers to extend controls to support Zero Trust requirements such as SSO and multifactor authentication. Datawiza authenticates and authorizes every employee, customer, contractor, or partner each time they access an application or API—with fine-grained access controls—and supports every type of application in hybrid multicloud environments. With Datawiza, policy administrators can leverage “change once, propagate everywhere” to keep policies, roles, and permissions updated and synced across hundreds or thousands of datasets. And Datawiza maintains the relationships between applications and Azure AD as the applications are updated, future-proofing your environment.

Learn more

Learn more about Microsoft identity and access management.

The Datawiza Platform is available in the Microsoft Azure Marketplace. More information and a free trial are also available on the Datawiza website.

To learn more about MISA, visit our MISA website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products. 

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1 Why companies are moving to a ‘zero trust’ model of cyber security, Bob Violino. March 3, 2022.

The post Easy authentication and authorization in Azure Active Directory with No-Code Datawiza appeared first on Microsoft Security Blog.

Microsoft best practices for managing IoT security concerns

April 25th, 2022 No comments

The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals’ daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring massive convenience and functionality. IoT is transforming the way businesses function, and more rapidly than ever, industrial IoT, manufacturing, and critical infrastructure are depending on IoT for their operations. However, due to the complicated nature of IoT, when implementing and managing IoT, security must be top of mind. During a thorough survey, organizations were asked about their top security concerns when implementing IoT. Figure 1 identifies such concerns as per the IoT Signals report published in October 2021:

  • Ensuring data privacy (46%).
  • Ensuring network-level security (40%).
  • Security endpoints for each IoT device (39%).
  • Tracking and managing each IoT device (36%).
  • Making sure all existing software is updated (35%).
  • Updating firmware and other software on devices (34%).
  • Performing hardware/software tests and device evaluation (34%).
  • Updating encryption protocols (34%).
  • Conducting comprehensive training programs for employees involved in IoT environment (33%).
  • Securely provisioning devices (33%).
  • Shifting from device-level to identity-level control (29%).
  • Changing default passwords and credentials (29%).
This table is captured from the 2021 Signals repots, which lists the top customer concerns in the IoT security field.

Figure 1: Types of IoT security.

The importance of security for IoT

Rewinding back to 2016, a major Distributed Denial of Service (DDoS) attack took place on a major internet service provider, impacting multiple websites and their customers. Why? Thousands of users failed to change the default passwords on their connected devices, providing an opportunity for attackers to form a botnet attack. Consequences? Detrimental. Fast-forwarding to the more recent years, security in IoT is finally starting to gain attention due to the realization of the impact any attack has on organizations and users. As outlined in Microsoft’s Zero Trust paper, below are some of the many consequences of IoT breaches:

  • Operation and revenue impact due to potential changes in production, quality, and core business.
  • Customer impact due to changes in product and service experience and reputation.
  • Regulation impact due to non-compliance with government and industry-wide regulations.

Design lifecycle and risk diligence

Microsoft provides numerous tools, services, and capabilities that address IoT Security concerns, while also providing effective solutions to mitigate top IoT Security issues.

When designing an IoT solution, it is important to understand the potential threats within the design. This will provide an opportunity to integrate security and risk diligence in each step of the design lifecycle, as well as harden and maintain your solution’s security protocols. First step is understanding how to secure your IoT environment. Second step is identifying and mitigating potential security issues within your design. Third step is maintaining a security maturity model that allows you to track and manage the maturity of your design’s information security management. Finally, fourth step is following Microsoft’s Zero Trust principles to mitigate top security concerns.

Top properties of a highly secured IoT environment (device security)

Building a secure IoT solution is not an easy task. However, following the most studied and recommended principles and practices will provide you with the necessary tools needed to achieve optimal security within the design. Refer to Figure 2 for the top seven properties utilized within all highly secured and connected devices: hardware-based root of trust, small trusted computing base, defense in depth, compartmentalization, certificate-based authentication, renewable security, and failure reporting.

Listed are the top seven properties required in all highly secure devices.

Figure 2: Top properties of highly secure devices.

For a deep dive on each of the seven properties, please read the Seven Properties of Highly Secure Devices.

Threat modeling

When designing an IoT solution, one must understand the potential threats that accompany that solution and identify the best protocols to defend the solution from such threats. Starting the design of a solution with security as a top aspect will help with this process. This is why Microsoft offers the Threat Modeling Tool, which is a key aspect of Microsoft Security Development Lifecycle. The tool encompasses five major steps in the security lifecycle: define, diagram, identify, mitigate, and validate. Additionally, the tool enables users to share information about their systems’ security designs, analyze designs for security issues, and provide mitigation suggestions for the identified issues.

For more details on the Threat Modeling Tool, please visit Microsoft Security Development Lifecycle Threat Modeling.

For information on Microsoft Security Development Lifecycle, please visit Microsoft Security Development Lifecycle.

Security Maturity Model (SMM)

What is SMM and how does it help? Security maturity is the measure of the understanding of the current security level, its necessity, benefits, and cost of its support. It provides a degree of confidence in the effectiveness of security implementation in meeting organizational needs, with an understanding of necessity, benefits, and costs:

  • Builds on existing maturity models, frameworks, and concepts.
  • Provides a holistic solution addressing process, technology, and operations.
  • Provides actionable guidance for specific IoT scenarios.
  • Connects maturity with control frameworks, best practices, and other guidance.
  • Enables IoT providers to invest appropriately in security mechanisms to meet their requirements.

To help prioritize IoT Zero Trust investments, you can use the Industry IoT Consortium’s (IIC) IoT Security Maturity Model to help assess the security risks for your business.

Zero Trust principles and best practices for end-to-end security

When designing an IoT solution, it is extremely important to identify and understand potential threats to that solution. To help with this process, Microsoft established five Zero Trust principles that encourage defense in depth procedures and provide clear guidelines on achieving optimal security within IoT solutions.

Our customers and partners have IoT security-related concerns, such as ensuring data privacy and maintaining a solid process for changing default passwords. To address these concerns, we apply the Zero Trust principles within our products and services. The following sections are linked to our Well-Architectured Framework for IoT security, which expands on many of the Microsoft products and services that provide highly secured protocols for IoT solutions.

Strong identity

The first pillar of Zero Trust principles is having a strong identity for IoT devices. Maintaining a strong identity within your IoT ecosystem can be achieved using a variety of processes and protocols. To name a few, having a hardware root of trust, strong authentication and authorization protocols, and renewable credentials are great steps towards mitigating the top identity concerns.

Least-privileged access

In addition to the strong identity provided by integrated devices and services, Zero Trust requires least-privileged access control to limit any potential blast radius from authenticated identities that may have been compromised or running unapproved workloads. From access control policies and protocols to strong authentication mechanisms, Microsoft has its customers covered with a strong list of services such as Microsoft Azure Sphere, which securely connects microcontroller unit (MCU)-powered devices from the silicon to the cloud, while implementing least-privilege access by default.

Additionally, Microsoft provides a wide variety of training programs and resources to anyone interested in or working in an IoT environment. From Cybersecurity 101 training to Cybersecurity Awareness Month, employees can benefit from Microsoft’s implementations for IoT and operational technology (OT) security. For a full list of Microsoft Security trainings and programs, please read #BeCyberSmart—When we learn together, we’re more secure together.

Device health

Maintaining a device’s health means regularly running scans that provide effective information such as potential threats, vulnerabilities, weakened passwords, and anomalous behaviors. A trusted device must be continuously verified for its health, and such scans will enable such verification and ensure that only trusted and verified devices can access the larger IoT ecosystem. Microsoft tools such as Microsoft Defender for IoT and Microsoft Sentinel will help your organization track and manage its IoT devices and perform the necessary tests and evaluations to understand where your devices’ health stands.

Continual updates

To maintain IoT device health, continuous software and firmware updates are critical. A healthy target state should be identified and met at all times through centralized configuration and compliance management. Azure Device Update for IoT Hub is a great service for deploying over-the-air (OTA) updates to your IoT devices.

Security monitoring and response

Coupled with continuous monitoring for trusted device health, security monitoring and response further hardens the security of IoT devices by quickly identifying threats and providing the best mitigation protocols. Microsoft follows a defense in depth approach and offers IoT services that follow the key Zero Trust capabilities. This includes monitoring and controlling access to public endpoints, running security agents for security monitoring and detection, and incorporating response systems in all IoT devices. Tools and services like the Microsoft Defender for IoT will bring your IoT solutions one step closer to strong security.

Learn More

To learn more about strengthening your IoT security, visit Azure IoT Security.

Explore the Microsoft Zero Trust approach to comprehensive security.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft best practices for managing IoT security concerns appeared first on Microsoft Security Blog.

Categories: cybersecurity, IoT security, Zero Trust Tags:

Discover the anatomy of an external cyberattack surface with new RiskIQ report

April 21st, 2022 No comments

The internet is now part of the network. That might sound like hyperbole, but the massive shift to hybrid and remote work and a multicloud environment means security teams must now defend their entire online ecosystem. Recent ransomware attacks against internet-facing systems have served as a wake-up call. Now that Zero Trust has become the gold standard for enterprise security, it’s critical that organizations gain a complete picture of their attack surface—both external and internal.

Microsoft acquired RiskIQ in 2021 to help organizations assess the security of their entire digital enterprise.1 Powered by the RiskIQ Internet Intelligence Graph, organizations can discover and investigate threats across the components, connections, services, IP-connected devices, and infrastructure that make up their attack surface to create a resilient, scalable defense.2 For security teams, such a task might seem like trying to boil the ocean. So, in this post, I’ll help you put things in perspective with five things to remember when managing external attack surfaces. Learn more in the full RiskIQ report.

Your attack surface grows with the internet

In 2020, the amount of data on the internet hit 40 zettabytes or 40 trillion gigabytes.3 RiskIQ found that every minute, 117,298 hosts and 613 domains are added.4 Each of these web properties contains underlying operating systems, frameworks, third-party applications, plugins, tracking codes, and more, and the potential attack surface increases exponentially.

Some of these threats never traverse the internal network. In the first quarter of 2021, 611,877 unique phishing sites were detected,5 with 32 domain-infringement events and 375 total new threats emerging per minute.4 These types of threats target employees and customers alike with rogue assets and malicious links, all while phishing for sensitive data that can erode brand confidence and harm consumer trust.

Every minute, RiskIQ detects:4

·       15 expired services (susceptible to subdomain takeover)

·       143 open ports

A remote workforce brings new vulnerabilities

The COVID-19 pandemic accelerated digital growth. Almost every organization has expanded its digital footprint to accommodate a remote or hybrid workforce. The result: attackers now have more access points to exploit. The use of remote-access technologies like Remote Desktop Protocol (RDP) and VPN has skyrocketed by 41 percent and 33 percent respectively as the pandemic pushed organizations to adopt a work from home policy.6

Along with the dramatic rise in RDP and VPN usage came dozens of new vulnerabilities giving attackers new footholds. RiskIQ has surfaced thousands of vulnerable instances of the most popular remote access and perimeter devices, and the torrential pace shows no sign of slowing. Overall, the National Institute of Standards and Technology (NIST) reported 18,378 such vulnerabilities in 2021.7

Attack surfaces hide in plain sight

With the rise of human-operated ransomware, security teams have learned to look for smarter, more insidious threats coming from outside the firewall. Headline-grabbing cyberattacks such as the 2020 NOBELIUM attack have shown that the supply chain is especially vulnerable. But threats can also sneak in from third parties, such as business partners or controlled and uncontrolled apps. Most organizations lack a complete view of their internet assets and how they connect to the global attack surface. Contributing to this lack of visibility are three vulnerability factors:

  • Shadow IT: Unmanaged and orphaned assets form an Achilles heel in today’s enterprise security. This aptly named shadow IT leaves your security team in the dark. New RiskIQ customers typically find approximately 30 percent more assets than they thought they had, and RiskIQ detects 15 expired services and 143 open ports every minute.4
  • Mergers and acquisitions (M&A): Ordinary business operations and critical initiatives such as M&A, strategic partnerships, and outsourcing—all of it creates and expands external attack surfaces. Today, less than 10 percent of M&A deals contain cybersecurity due diligence.8
  • Supply chains: Modern supply chains create a complicated web of third-party relationships. Many of these are beyond the purview of security and risk teams. As a result, identifying vulnerable digital assets can be a challenge.

A lack of visibility into these hidden dependencies has made third-party attacks one of the most effective vectors for threat actors. In fact, 53 percent of organizations have experienced at least one data breach caused by a third party.9

Ordinary apps can target organizations and their customers

Americans now spend more time on mobile devices than watching live TV.10 With this demand has come a massive proliferation of mobile apps. Global app store downloads rose to USD230 billion worldwide in 2021.11 These apps act as a double-edged sword—helping to drive business outcomes while creating a significant attack surface beyond the reach of security teams.

Threat actors have been quick to catch on. Seeing an opening, they began to produce rogue apps that mimic well-known brands or pretend to be something they’re not. The massive popularity of rogue flashlight apps is one noteworthy example.12 Once an unsuspecting user downloads the malicious app, threat actors can use it to deploy phishing scams or upload malware to users’ devices. RiskIQ blocklists a malicious mobile app every five minutes.

Adversaries are part of an organization’s attack surface, too

Today’s internet attack surface forms an entwined ecosystem that we’re all part of—good guys and bad guys alike. Threat groups now recycle and share infrastructure (IPs, domains, and certificates) and borrow each other’s tools, such as malware, phish kits, and command and control (C2) components. The rise of crimeware as a service (CaaS) makes it particularly difficult to attribute a crime to a particular individual or group because the means and infrastructure are shared among multiple bad actors.13

More than 560,000 new pieces of malware are detected every day.14 In 2020 alone, the number of detected malware variants rose by 74 percent.15 RiskIQ now detects a Cobalt Strike C2 server every 49 minutes.3 For all these reasons, tracking external threat infrastructure is just as important as tracking your own.

The way forward

The traditional security strategy has been a defense-in-depth approach, starting at the perimeter and layering back to protect internal assets. But in today’s world of ubiquitous connectivity, users—and an increasing amount of digital assets—often reside outside the perimeter. Accordingly, a Zero Trust approach to security is proving to be the most effective strategy for defending today’s decentralized enterprise.

To learn more, read Anatomy of an external attack surface: Five elements organizations should monitor. Stay on top of evolving security issues by visiting Microsoft’s Security Insider for insightful articles, threat reports, and much more.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Microsoft acquired RiskIQ to strengthen cybersecurity of digital transformation and hybrid work, Eric Doerr. July 12, 2021.

2Episode 37, “Uncovering the threat landscape,” Steve Ginty, Director Threat Intelligence at RiskIQ, Ben Ben-Aderet, GRSEE. November 29, 2021.

3How big is the internet, and how do we measure it? HealthIT.

4The 2021 Evil Internet Minute, RiskIQ.

5Number of unique phishing sites detected worldwide from 3rd quarter 2013 to 1st Quarter 2021, Joe Johnson. July 20, 2021.

6RDP and VPN use skyrocketed since coronavirus onset, Catalin Cimpanu. March 29, 2020.

7With 18,378 vulnerabilities reported in 2021, NIST records fifth straight year of record numbers, Jonathan Greig. December 8, 2021.

8Top Five Cyber Risks in Mergers & Acquisitions, Ian McCaw.

9Mitigating Third-Party Cyber Risk with Secure Halo, Secure Halo.

10Americans Now Spend More Time Using Apps Than Watching Live TV, Tyler Lee. January 13, 2021.

11App Annie: Global app stores’ consumer spend up 19% to $170B in 2021, downloads grew 5% to 230B, Sarah Perez. January 12, 2022.

12The Top Ten Mobile Flashlight Applications Are Spying On You. Did You Know? Gary S. Miliefsky. October 1, 2014.

13The Crimeware-as-a-Service model is sweeping over the cybercrime world. Here’s why, Pierluigi Paganini. October 16, 2020.

14Malware Statistics & Trends Report, AV-TEST. April 12, 2022.

15Malware statistics and facts for 2022, Sam Cook. February 18, 2022.

The post Discover the anatomy of an external cyberattack surface with new RiskIQ report appeared first on Microsoft Security Blog.

A clearer lens on Zero Trust security strategy: Part 1

April 14th, 2022 No comments

Today’s world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means.

This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the ground of reality.

An open road with text overlay stating “Honor the past, be honest about the present, and hope for the future.”

We start off with some observations and insights on how people are seeing Zero Trust, then highlight some great work at the National Institute of Standards and Technology (NIST) to make Zero Trust real using products available today, and then highlight work being done at The Open Group to standardize Zero Trust (including an origin story of The Jericho Forum from Steve Whitlock).

Perceptions and scope: How people see Zero Trust

As we talk to customers and partners, it’s become clear that most people see Zero Trust as either a strategic security transformation or as a specific initiative to modernize access control.

Zero Trust strategy chart highlighting multiple modernization initiatives.

While Zero Trust principles are critical to securing access control to the cloud and digital assets, Zero Trust’s scope doesn’t stop there. The urgent need to modernize security beyond the classic perimeter approach extends to:

  • Detecting and responding to threats to your assets in the security operations center (SOC).
  • Protecting data anywhere it goes.
  • Continuously monitoring and improving IT infrastructure security posture.
  • Integrating security into application development processes like development operations (DevOps).
  • Continuously reporting and remediating compliance risks.
  • Extending these capabilities across IoT and operational technology (OT) assets that are frequently targeted by attackers.

The confusion comes because access control is almost always the first priority to solve, whether or not you are planning a major strategic overhaul. As business-critical assets move outside the perimeter to cloud and mobile, the first priority is always to rapidly put in controls to ensure only authorized people can access these business assets. Additional focus is added to this initiative as attackers have learned to reliably get past perimeter access controls with phishing and credential theft attacks.

Access control is urgent but it isn’t the only security problem to solve across this transforming technical estate.

NIST: Zero Trust capabilities available today

The National Cybersecurity Center of Excellence (NCCoE) is bringing many vendors into the lab to implement their solutions for Zero Trust to create actionable guidance. This is creating clarity by implementing the actual technical capabilities of today in a highly transparent process.

I also witnessed how this effort is driving consistency in the industry during my participation as a member of the Microsoft team supporting this effort. I watched many vendors share their vision of Zero Trust to the collective project team during the kickoff (which was like a condensed version of the RSA conference show floor). The only thing I saw in common among these presentations was that each vendor used the NIST Zero Trust diagram (often mapping their solutions to it). While this illustrated how challenging it is to get a common view of Zero Trust, it also showcases how valuable NIST’s efforts are at creating much-needed consistency for Zero Trust.

For more information, read our blog Microsoft and NIST collaborate on EO to drive Zero Trust adoption or visit the NCCoE project page.

The Open Group: Standardizing Zero Trust

The Open Group is well on the path to defining Zero Trust as a global standard, similar to The Open Group Architecture Framework (TOGAF), Open FAIR, and others. This rigorous process is focused on clearly defining the scope of Zero Trust, what it is, what it isn’t, and how to link Zero Trust (and security) to business goals and priorities. This top-down approach complements the NIST technology-up approach to provide additional clarity for Zero Trust.

Some historical context from the Jericho Forum®

The Open Group is no stranger to Zero Trust as they host the (now-retired) Jericho Forum® which is widely recognized as planting the seeds for what became the modern Zero Trust movement. The Open Group’s Zero Trust work builds on this work from almost 20 years ago and focuses on the challenges faced by modern enterprises today.

Before we get into the current work, we thought it would be helpful to do a quick review of the Jericho Forum® origin story. While the world was different back then in many ways, this effort was born of the truth that perimeter approaches were failing to meet security needs even back then.

Steve Whitlock is one of the original Jericho Forum® members and graciously shared this origin story:

The mid to late 1990s—By all measures, security costs were rising but the solutions weren’t actually solving the problems. A few Chief Information Security Officers (CISOs) of large enterprises based in the United Kingdom met periodically to try and figure out what was going on. While their perspective didn’t fit the accepted norm of “protect the network,” these CISOs were not novices. One CISO of a large United Kingdom-based energy company had been among the first professional CISOs in Britain and trained many people who would go on to run information security at other corporations. Another at a European energy company had written an internal document that evolved into the ISO 2700 series of security and risk management standards.

In January of 2004, these four CISOs formed the Jericho Forum® to focus on defining the issue, termed de-perimeterisation, and proposing a way forward. Their efforts quickly attracted other strategic thinkers. In 2005, the first Jericho Forum® conference was held and a visioning white paper was released. This was followed in 2006 by the Jericho Forum® Commandments. This set of strategic principles is designed to enable an organization to survive in a world without traditional perimeters. The Jericho Forum® went on to issue a series of papers on related topics including cloud security, secure collaboration, security protocols, Voice over Internet Protocol (VoIP), wireless, and data security. And a second set of commandments concerning identity, entitlement, and access management was released in 2011.

Later, the Jericho Forum® was fully absorbed into The Open Group, and having laid out its principles for change, formally shut down in 2013. The Jericho Forum® articulated the need for better data protection, including the use of smart data, and one of its founders created a global organization to define the parts of a global digital identity ecosystem. Others from the Jericho Forum® contributed to a cloud security organization’s guidance documents.

The Zero Trust Commandments and beyond

The current work of The Open Group builds upon those hard-won lessons and updates them today with recent best practices, current trends, and expected future trends:

  • This started with the Zero Trust Core Principles that defined Zero Trust, including key drivers and core principles.
  • This continued into the Zero Trust Commandments that updated the original Jericho Forum® Commandments, defining a non-negotiable list of criteria for Zero Trust.
  • Work is now underway in The Open Group to build on these commandments and provide a full technical standard for a Zero Trust reference model.

The Zero Trust commandments are one of the clearest ways available today to identify if something is Zero Trust or not. If you hear a claim of Zero trust, you can ask:

  • Does this action support one or more commandments?
    If yes, it can be part of Zero Trust.
  • Does this action violate a commandment?
    Anything that violates a commandment is not Zero Trust (and is probably counterproductive to business goals, security, or both).

We will dive deeper into the Zero Trust Commandments through several upcoming blogs in this series.

In the meantime, we encourage you to read up on the Zero Trust Commandments and use them to guide your Zero Trust planning and help filter out what is and isn’t actually Zero Trust.

Embrace proactive security with a Zero Trust framework

Join other cybersecurity professionals at the Microsoft Security Summit digital event on May 12, 2022. Get fresh security insights during a live chat Q&A with cyber strategy and threat intelligence experts and discover solutions you can use to lay the foundation for a safer and more innovative future. Register now.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post A clearer lens on Zero Trust security strategy: Part 1 appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

Learn the latest cybersecurity techniques at the Microsoft Security Summit

April 11th, 2022 No comments

In a world marked by change and uncertainty, innovation is more than a nice-to-have—it’s vital to any healthy organization. But fearless innovation becomes impossible when gaps in security can put those ideas at risk.

Many organizations try to increase their defenses by piecing together a patchwork of security solutions over time. Not only is this piecemeal approach costly and difficult to manage, but it also leaves many security administrators wondering, “Did I miss something?”

Safeguard your future with the latest security innovations

On May 12, 2022, at the Microsoft Security Summit digital event, join other cybersecurity professionals in exploring how a comprehensive approach to security can empower organizations to innovate fearlessly—even in the face of evolving cyberthreats.

You’ll also be among the first to hear exciting announcements from Vasu Jakkal, Corporate Vice President of Security, Compliance, Identity, and Management at Microsoft, and engage in energizing conversations with leading cybersecurity experts about the role comprehensive security will play in our collective future.

Register for the Microsoft Security Summit today.

Get up to date on the security trends and projections

The security landscape is constantly evolving as the world continues to embrace a new model of hybrid work and bad actors shift their mode of attack. Cybercriminals are becoming more brazen and more sophisticated. It’s up to the collective security community to learn all we can about these criminals, familiarize ourselves with their techniques, and discover new ways to create better defenses against them.

At Microsoft, we’re doing all we can to help our customers stay ahead of bad actors and respond quickly when attacks occur. This includes informing security professionals about emerging risks and ensuring everyone who seeks to protect their organization is acquainted with the latest technologies.

This digital event is a great opportunity for you to listen in as Microsoft cybersecurity experts and technical researchers discuss the current threat landscape, the future of holistic threat intelligence, and share demos of brand-new security, compliance, identity, and privacy technologies already making waves in the industry. Staying informed is the first step to building a strong, resilient security strategy for your organization. We hope you’ll join us.

Extend protection to the outer limits

Comprehensive security starts with end-to-end coverage. Today’s organizations are moving increasingly more data and resources to the cloud while also working to integrate a growing number of unprotected devices into their security ecosystems. And the pace isn’t slowing.

To defend against sophisticated threats that move laterally across systems and platforms, you need a holistic view of your multicloud environment and a way to centrally manage the protection of your devices.

At this digital event, learn how to achieve least-privilege access across your multicloud, enable seamless information protection, identify critical privacy risks, and empower employees to make smart data handling decisions—without impeding productivity. This is an event you won’t want to miss.

Lay the foundation for a safer, more innovative future

Attend the Microsoft Security Summit on May 12, 2022, to experience the future of comprehensive security and explore the solutions that can get you there. Register to:

  • Learn how to strengthen your organization’s defenses in the face of evolving cyber threats. 
  • Get insights you can act on from defenders on the cybersecurity frontlines on topics like extended detection and response (XDR), proactive threat hunting, Zero Trust, and more.
  • Hear exciting product announcements from leading voices in Microsoft Security.
  • Watch demos of brand-new security, compliance, identity, and privacy technologies.
  • Plus, ask Microsoft cybersecurity and threat intelligence experts all your most pressing questions in a live chat Q&A.

Safeguard your future. Be fearless.

Register now.

Microsoft Security Summit
Digital event | May 12, 2022
9:00 AM to 12:00 PM Pacific Time (UTC-7)

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Learn the latest cybersecurity techniques at the Microsoft Security Summit appeared first on Microsoft Security Blog.

A Leader in multiple Zero Trust security categories: Industry analysts weigh in

March 17th, 2022 No comments

The massive shift toward remote and hybrid work over the last two years has prompted many security professionals to reassess where siloed security may create vulnerabilities.1 For that reason, Zero Trust has become the gold standard for enterprise security. An effective Zero Trust approach requires comprehensive security—a holistic solution that covers all users, devices, and endpoints with central visibility. And any security solution you entrust with protecting your organization should be vetted by trusted industry sources.

There’s a reason Microsoft Security generated more than USD15 billion in revenue during 2021 with 45 percent growth.2 We’re a Leader in four Gartner® Magic Quadrant™ reports,3  eight Forrester Wave™ reports,4 and six IDC MarketScape reports.5 As we head into another year marked by rapid change, Microsoft Security continues to deliver industry-leading protection across Zero Trust pillars, including identity, endpoints, applications, infrastructure, and data. Read on to see how we can help you move forward fearlessly.

Strengthen identity verification

Zero Trust security starts with strong identity verification. That means determining that only those people, devices, and processes you’ve authorized can access resources on your systems. As the cornerstone of Microsoft’s identity solutions, Microsoft Azure Active Directory (Azure AD) provides a single identity control plane with common authentication and authorization for all your apps and services, even many non-Microsoft apps. Built-in conditional access in Azure AD lets you set policies to assess the risk levels for a user, device, sign-in location, or app. Admins can also make point-of-logon decisions and enforce access policies in real-time—blocking access, requiring a password reset, or granting access with an additional authentication factor.

Gartner recognized Microsoft as a 2021 Leader in Gartner Magic Quadrant for Access Management.6 Microsoft was also named as a Leader in the IDC MarketScape: Worldwide Advanced Authentication for Identity Security 2021 Vendor Assessment. From the IDC MarketScape report: “As telemetry is the rocket fuel for AI- and machine learning-infused endpoint security solutions, Microsoft’s breadth and volume are unequaled geographically and across customer segments. With the support of macOS, iOS, and Android, Microsoft’s telemetry pool is expanding and diversifying.”

The difference we’ve experienced in visibility and threat detection since deploying Microsoft Security solutions is like night and day.”—Raoul Van Der Voort, Global Service Owner, Rabobank.

Comprehensive endpoint management

Microsoft Endpoint Manager combines both Microsoft Intune and Microsoft Configuration Manager to enable all user devices and their installed apps (corporate and personal) to meet your security and compliance policies—whether connecting from inside the network perimeter, over a VPN, or from the public internet. We believe this comprehensive coverage led to Microsoft being named a Leader in the 2021 Gartner Magic Quadrant for Unified Endpoint Management Tools,7 including Microsoft 365 Defender with extended detection and response (XDR) capabilities and its easy integration with Microsoft 365 apps.

Endpoint Manager also ranked as a Leader in the 2021 Forrester Wave™: Unified Endpoint Management Q4 2021. As the Forrester report states: “Endpoint Manager excels at helping customers migrate to modern endpoint management, with differentiating features, such as policy analysis, to determine readiness for cloud management, templated group policy migration, and pre-canned reports for co-management eligibility.” In the 2021 IDC MarketScape Vendor Assessments, Microsoft was again named as a Leader in five categories, including Worldwide Modern Endpoint Security for Enterprises8 and Small and Midsize Businesses,9 as well as Worldwide Unified Endpoint Management Software,10 Worldwide Unified Endpoint Management Software for Ruggedized/Internet of Things Deployment,11 and Worldwide Unified Endpoint Management Software for Small and Medium-Sized Businesses.12

“Our team are the enablers for Zero Trust prinicpals at Heineken, so by using the latest security technologies to provide a safe way for our business to innovate—like technology that helps reduce our carbon footprint and save water—we really can brew a better world.”—Marina Marceta, Security Incident Manager, Heineken.

Endpoint security and protection

Microsoft Defender for Endpoint was named Leader in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms,13 as well as being recognized as a Leader in The Forrester Wave™: Endpoint Security Software as a Service, Q2 2021. In the Forrester report, Defender for Endpoint received the highest possible scores in the criteria of control, data security, and mobile security, as well as in the criteria for Zero Trust framework alignment. As Forrester reported: “Third-party labs and customer reference scores both point to continued improvement over antimalware and anti-exploit efficacy where Microsoft frequently outperforms third-party competitors.”

Microsoft 365 Defender again made the top ranks later in the same year, placing as a Leader in The Forrester New Wave™: Extended Detection and Response (XDR), Q4 2021. “[Microsoft 365 Defender] offers robust, native endpoint, identity, cloud, and O365 [Microsoft Office 365] correlation… singular and cross-telemetry detection, investigation, and response for Microsoft’s native offerings in one platform.”

Application usage and management

Knowing which apps are being accessed by the people in your organization is critical to mitigating threats. This is especially true for apps that might be acquired independently for use by individuals or teams, also known as shadow IT. Microsoft Defender for Office 365 was named a Leader in The Forrester Wave™: Enterprise Email Security, Q2 2021, and received the highest possible score in the incident response, threat intelligence, and endpoint detection and response (EDR) solutions integration criteria. Defender for Office 365 also received the highest possible scores in the product strategy, support and customer success, and performance and operations criteria.

Microsoft 365 Defender was again recognized by Forrester as a Leader in The Forrester New Wave™: Extended Detection and Response (XDR), Q4 2021. Forrester found that Defender “offers robust, native endpoint, identity, cloud, and Office 365 correlation… [and] provides singular and cross-telemetry detection, investigation, and response for Microsoft’s native offerings in one platform.” Forrester also stated that Microsoft Defender for Endpoint’s “rich native telemetry yields tailored detection, investigation, response, and mitigation capabilities.”

Microsoft is committed to helping you gain visibility of your cloud apps and protect sensitive information anywhere in the cloud, as well as assess compliance and discover shadow IT. We’re proud to report that Microsoft Defender for Cloud Apps ranked as a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021, receiving the highest score in the strategy category.

Secure your network

Today’s modern architectures span on-premises systems, multiple cloud and hybrid services, VPNs, and more. Microsoft provides the scalable solutions needed to help secure any size network, including our cloud-native Microsoft Azure Firewall and Microsoft Azure DDoS Protection. Our XDR, security information and event management (SIEM), and security orchestration, automation, and response (SOAR) solutions—Microsoft 365 Defender and Microsoft Sentinel—empower your security operations centers (SOCs) to hunt for threats and easily coordinate your response from a single dashboard. 

“The reason Microsoft provides such a powerful security solution is that it seeks to meet your needs holistically. Each security layer talks to everything else, including those data sources you might be using that are external to Microsoft.”—Martin Sloan, Security Director, Drax Group.

On-premises and cloud infrastructure

Accurate infrastructure monitoring is critical for detecting vulnerabilities, attacks, or any anomaly that could leave your organization vulnerable. Staying on top of configuration management and software updates is especially important to meet your security and policy requirements.

Because today’s SOC is tasked with protecting a decentralized digital estate, Microsoft Sentinel was created as a cloud-native SIEM and SOAR solution, designed to protect both on-premises and cloud infrastructure. Only a year after its introduction, Microsoft was named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2020. By using graph-based machine learning and a probabilistic kill chain to produce high-fidelity alerts, Microsoft Sentinel reduces alert fatigue by 90 percent. Forrester reported that customers “note the ease of integration across other Microsoft products like Azure, Microsoft 365, and Defender for Endpoint as a big benefit… [and] call out automation as another strength.”

Limit access to your data

Limiting access to your data means upholding the three pillars of Zero Trust security—verify explicitly, apply least privileged access, and assume breach—across all files, wherever they reside. With Microsoft Information Protection, built-in labeling helps you maintain accurate classification, and machine learning-based trainable classifiers help deliver an exact data match. Microsoft Information Governance provides capabilities to govern your data for compliance or regulatory requirements, and Microsoft Data Loss Prevention empowers you to apply a consistent set of policies across the cloud, on-premises environments, and endpoints to monitor, prevent, and remediate risky activity.

In the field of data protection, Microsoft was named a Leader in the 2022 Gartner Magic Quadrant for Information Archiving,14 as well as a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021. Forrester gave Microsoft the highest score in the strategy category, as well as the highest score possible in APIs and integrations, data security execution roadmap, performance, planned enhancements, Zero Trust enabling partner ecosystem, and eight other criteria.

The comprehensive coverage you need with Microsoft Security

Competing in today’s business environment means being able to move forward without constantly looking over your shoulder for the latest cyber threat. An effective Zero Trust architecture helps make that possible through a combination of comprehensive coverage, easy integration, built-in intelligence, and simplified management. Microsoft Security does all four—integrating more than 40 disparate products for security, compliance, identity, and management across clouds, platforms, endpoints, and devices—so you can move forward—fearless.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Why Security Can’t Live In A Silo, Douglas Albert, Forbes Technology Council, Forbes. October 5, 2020.

2Microsoft beats on earnings and revenue, delivers upbeat forecast for fiscal third quarter, Jordan Novet, CNBC. January 25, 2022.

3Microsoft Security is a Leader in four Gartner® Magic Quadrant™ reports, Microsoft Security.

4Microsoft Security is a Leader in eight Forrester Wave™ categories, Microsoft Security.

5IDC MarketScape: Worldwide Advanced Authentication for Identity Security 2021 Vendor Assessment, Doc # US46178720. July 2021

IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2021 Vendor Assessment, Doc # US48306021. November 2021

IDC MarketScape: Worldwide Modern Endpoint Security for Small and Midsize Businesses 2021 Vendor Assessment, Doc #48304721. November 2021.

IDC MarketScape: Worldwide Unified Endpoint Management Software 2021 Vendor Assessment, Doc # US46957820. January 2021.

IDC MarketScape: Worldwide Unified Endpoint Management Software for Small and Medium-Sized Businesses 2021 Vendor Assessment, Doc # US46965720. January 2021

IDC MarketScape: Worldwide Unified Endpoint Management Software for Ruggedized/Internet of Things Deployment 2021 Vendor Assessment, Doc # US46957920. January 2021

6Gartner, Magic Quadrant for Access Management, Henrique Teixeira, Abhyuday Data, Michael Kelley, 1 November 2021.

7Gartner, Magic Quadrant for Unified Endpoint Management Tools, Dan Wilson, Chris Silva, Tom Cipolla, 16 August 2021.

8IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2021 Vendor Assessment, Michael Suby, IDC. November 2021.

9Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for Enterprise and Small and Midsize Businesses, Rob Lefferts, Microsoft Security Blog, Microsoft. November 18, 2021.

10IDC MarketScape: Worldwide Unified Endpoint Management Software 2021 Vendor Assessment, Phil Hochmuth, IDC. January 2021.

11IDC MarketScape: Worldwide Unified Endpoint Management Software for Ruggedized/Internet of Things Deployment 2021 Vendor Assessment, Phil Hochmuth. January 2021.

12IDC MarketScape: Worldwide Unified Endpoint Management Software for Small and Medium-Sized Businesses 2021 Vendor Assessment, Phil Hochmuth. January 2021.

13Gartner, Magic Quadrant for Endpoint Protection Platforms, Paul Webber, Peter Firstbrook, Rob Smith, Mark Harris, Prateek Bhajanka, Updated 5 January 2022, Published 5 May 2021.

14Gartner, Magic Quadrant for Enterprise Information Archiving, Michael Hoeck, Jeff Vogel, Chandra Mukhyala, 24 January 2022.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post A Leader in multiple Zero Trust security categories: Industry analysts weigh in appeared first on Microsoft Security Blog.

The federal Zero Trust strategy and Microsoft’s deployment guidance for all

February 22nd, 2022 No comments

You’d be forgiven for missing the White House announcement on federal Zero Trust strategy on January 26, 2022.1 After all, on that day alone a Supreme Court Justice announced his intention to retire, the Federal Reserve announced its plan to raise interest rates, and the State Department was busy trying to reduce international tensions.

Even if it didn’t lead the evening news, the security announcement is a crucial milestone for all those that understand the importance of a Zero Trust model and are working hard to implement it. It’s no secret that government support for a technology can turbo-boost adoption—ask anyone who uses GPS, the internet, or electronic medical records.2 US Federal Government support for Zero Trust is similar: the Office of Management and Budget (OMB) has started an accelerated adoption curve for tens of millions of new endpoints.

There are 2.25 million full-time equivalent employees in the US federal executive branch, and 4.3m if you count postal workers and other staff in the judicial, legislative, and uniformed military branches.3 These also include many frontline workers, a critical security topic that I discuss in the blog post Reduce the load on frontline workers with the right management technology. The US Federal Government also sets the tone for technology policy in state and local government, which adds another 19.7 million workers, before we even begin to count federal government suppliers who will be asked to comply.4 Even at a ratio of one employee per endpoint (and the ratio could be higher with personal devices and IoT), not counting the endpoint strategy updates by overseas governments, we’re looking at tens of millions of endpoints that will be managed according to Zero Trust governance principles.   

In full, I encourage you to read the memorandum press release, Office of Management and Budget Releases Federal Strategy to Move the U.S. Government Towards a Zero Trust Architecture.

Here are my three takeaways:

  1. Zero Trust is now relevant to every organization.
  2. Leadership alignment is the biggest obstacle to driving Zero Trust agendas.
  3. Zero Trust architecture requires holistic, integrated thinking.
Laptop with data charts visible in foreground with out of focus C I S O's in the background.

Zero Trust is now relevant to every organization

Hybrid work, cloud migration, and increased threats make Zero Trust now relevant to every organization.

The concept of Zero Trust is not new. The term was first coined by then Forrester analyst John Kindervag in 2010.5 Yet, as the OMB paper says: “The growing threat of sophisticated cyber attacks has underscored that the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data. The Log4j vulnerability is the latest evidence that adversaries will continue to find new opportunities to get their foot in the door.”

Yet, in our 2021 Zero Trust Adoption Report, only 35 percent of organizations claim to have fully implemented their Zero Trust strategy.

Zero Trust is now vitally relevant for every organization for two reasons. First, the shift to remote work and the accompanying cloud migration is here to stay. Gartner® estimates that 47 percent of knowledge workers will work remotely in 2022.6 This is not just a pandemic-era emergency that will reset to perimeter-based solutions once COVID-19 cases decrease. Today, security solutions must start from the fact that endpoints could be outside of a perimeter defense set-up and be tailored accordingly. Second, cyber threats continue to increase. The US Federal Government referenced the Log4j flaw but could equally have mentioned Kaseya, SolarWinds, or other recent disruptions. These disruptions are expensive—a 2021 IBM report put the average total cost of a breach of 1 to 10 million records at USD52 million, with a mega breach of 50 to 65 million records costing companies more than USD400 million.7

The US Federal Government is signaling that Zero Trust is essential for the current times. Zero Trust requires customers to think beyond firewalls and network perimeters and assume breach from within those boundaries.

Adult male C I S O pointing to digital map of the world on large screen.

Leadership alignment is the biggest obstacle to driving Zero Trust agendas

My second takeaway is that leadership alignment is critical to organizations making the proper progress in Zero Trust.

OMB requires that every agency nominate a Zero Trust strategy implementation lead within 30 days. Furthermore, the memorandum states: “Agency Chief Financial Officers, Chief Acquisition Officers, senior agency officials for privacy, and others in agency leadership should work in partnership with their IT and security leadership to deploy and sustain Zero Trust capabilities. It is critical that agency leadership and the entire ‘C-suite’ be aligned and committed to overhauling an agency’s security architecture and operations.” In short, this is not simply a technology problem that can be handed over to IT, never to be thought of again. Zero Trust requires, at a minimum, C-suite engagement and, given the risks involved in a security breach, also warrants board oversight.

Our Zero Trust Adoption Report that explores the barriers to Zero Trust implementation also highlighted leadership alignment. Fifty-three percent mentioned this as a barrier, covering C-suite, stakeholder, or broader organizational support. Other key barriers to adoption included limited resources, such as skills shortages in areas like change management, or the inability to sustain the length of time for implementation. For example, according to a 2020 annual Cybersecurity Workforce Study by (ISC)2, there remains a shortage of 3.1 million cybersecurity workers, including 359,000 in just the US.8 Related to this, budget constraints were mentioned by 4 in 10 survey respondents. Anticipating and proactively addressing leadership alignment, limited resources, and budget are key to the broader rollout of Zero Trust architectures, independent of any technology choices.   

Zero Trust architecture requires holistic, integrated thinking

 Zero Trust architecture thinking is more akin to conducting an orchestra than just flipping a switch. The US Federal Government’s plans encompass identity (including multifactor authentication and user authorization), devices (including endpoint detection and response), networks (including Domain Name System, HTTP, and email traffic encryption), apps and workloads, and data. This is not a project that can be done in silos or quickly. Indeed, the OMB asks federal agencies that Within 60 days of the date of this memorandum, agencies must build upon those plans by incorporating the additional requirements identified in this document and submitting to OMB and Cybersecurity & Infrastructure Security Agency (CISA) an implementation plan for FY22 to FY24 for OMB concurrence, and a budget estimate for FY24.”

Microsoft’s and the US Federal Government’s Zero Trust frameworks are very similar. They overlap into five categories. Microsoft calls out infrastructure separately from networks, while the OMB memo combines the two. When thinking about Zero Trust, any organization needs to consider:

  1. Identities and authentication: Protecting identities against compromise and securing access to resources, including multifactor authentication.
  2. Endpoints and devices: Securing endpoints and allowing only compliant and trusted devices to access data.
  3. Applications: Ensuring applications are available, visible, and securing your important data.
  4. Data: Protecting sensitive data wherever it lives or travels.
  5. Networks: Removing implicit trust from the network and preventing lateral movement.
  6. Infrastructure: Detecting threats and responding to them in real-time.

Underscoring these pillars is centralized visibility, which enables a holistic view. Being able to see how all apps and endpoints are deployed and whether there are security issues is vital to maintaining as well as setting up a Zero Trust posture. An endpoint management solution provides a central repository for security policies and a place to enforce those policies should an endpoint no longer comply. Solutions should enable built-in encryption across all platforms, whether Windows, macOS, iOS, Android, or Linux. Equally, unified endpoint management will make the network journey towards Zero Trust easier, regardless of the type of network. Visibility matters in Zero Trust, and effective endpoint management is a major factor in delivering it.

Picking a starting point

Having a consistent framework for Zero Trust and constant visibility is a good starting point. Nonetheless, it doesn’t answer the question of where and how to start implementing Zero Trust for your organization. The answer will be specific to every organization—there is no one-size-fits-all approach for Zero Trust. Organizations may start at different points, but the Microsoft 365 Zero Trust deployment plan gives all organizations a practical guide to introduce Zero Trust.

The deployment plan has five steps and can help organizations implement a Zero Trust architecture:

  1. Configure Zero Trust identity and device access protection to provide a Zero Trust foundation.
  2. Manage endpoints by enrolling devices into management solutions.
  3. Add Zero Trust identity and device access protection to those devices.
  4. Evaluate, pilot, and deploy Microsoft 365 Defender to automatically collect, correlate, and analyze the signal, threat, and alert data.
  5. Protect and govern sensitive data to discover, classify, and protect sensitive information wherever it lives or travels.

Management of your apps and endpoints plays a vital and foundational role in any Zero Trust deployment. By enrolling devices into management, you can configure compliance policies to ensure devices meet minimum requirements and deploy those configuration profiles to harden devices against threats. With a solid foundation established, you can defend against threats by using device risk signals and ensure compliance using security baselines. In this way, you’re protecting and governing sensitive data, no matter what operating system platform your devices are using.

CISA Director Jen Easterly wrote in the memo’s press release: “As our adversaries continue to pursue innovative ways to breach our infrastructure, we must continue to fundamentally transform our approach to federal cybersecurity.” Zero Trust is a critical US Federal Government priority, which will accelerate mass adoption. If your organization is just starting to implement Zero Trust or further along, I hope the free resources below are helpful.

Learn more

Explore Microsoft’s resources and products to help you implement a Zero Trust strategy:

Read more about the US Federal Government’s Zero Trust strategy announcement:

Additional resources:


1US Government sets forth Zero Trust architecture strategy and requirements, Joy Chik, Microsoft. February 17, 2022.

250 inventions you might not know were funded by the US government, Abby Monteil, Stacker. December 9, 2020.

3Federal Workforce Statistics Sources: OPM and OMB, Congressional Research Service. June 24, 2021.

4Number of state and local government employees in the United States from 1997 to 2020, by full-time/part-time status, Statista.

5Forrester pushes Zero Trust model for security, Dark Reading.

6Gartner, Forecast Analysis: Remote and Hybrid Workers, Worldwide, Ranjit Atwal, Rishi Padhi, Namrata Banerjee, Anna Griffen, 2 June 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

7Cost of a Data Breach Report 2021, IBM.

8Cybersecurity Workforce Study, (ISC)2. 2020.

The post The federal Zero Trust strategy and Microsoft’s deployment guidance for all appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

US Government sets forth Zero Trust architecture strategy and requirements

February 17th, 2022 No comments

To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.1 Section 3 of EO 14028 specifically calls for federal agencies and their suppliers “to modernize [their] approach to cybersecurity” by accelerating the move to secure cloud services and implementing a Zero Trust architecture.

As a company that has embraced Zero Trust ourselves and supports thousands of organizations around the globe on their Zero Trust journey, Microsoft fully supports the shift to Zero Trust architectures that the Cybersecurity EO urgently calls for. We continue to partner closely with the National Institute of Standards and Technology (NIST) to develop implementation guidance by submitting position papers and contributing to communities of interest under the umbrella of the National Cybersecurity Center of Excellence (NCCoE).

Microsoft helps implement Executive Order 14028

The memo clearly describes the government’s strategic goals for Zero Trust security. It advises agencies to prioritize their highest value starting point based on the Zero Trust maturity model developed by the national Cybersecurity & Infrastructure Security Agency (CISA). 

Microsoft’s position aligns with government guidelines. Our maturity model for Zero Trust emphasizes the architecture pillars of identities, endpoints, devices, networks, data, apps, and infrastructure, strengthened by end-to-end governance, visibility, analytics, and automation and orchestration.

Flow chart showcasing identities and endpoints as their authentication and compliance requests are intercepted by the Zero Trust Policy for verification before being granted access to networks and the data, apps, and infrastructure they’re composed of.

To help organizations implement the strategies, tactics, and solutions required for a robust Zero Trust architecture, we have developed the following series of cybersecurity assets:

New capabilities in Azure AD to help meet requirements

A blog by my colleague Sue Bohn, Guidance on using Azure AD to meet Zero Trust Architecture and MFA requirements, provides a great summary of how Azure AD can help organizations meet the requirements outlined in EO 14028. We recently announced two additional capabilities developed in response to customer feedback: cloud-native certificate-based authentication (CBA) and cross-tenant access settings for external collaboration.

Certificate-based authentication

Phishing remains one of the most common threats to organizations. It’s also one of the most critical to defend against. According to our own research, credential phishing was a key tactic used in many of the most damaging attacks in 2021. To help our customers adhere to NIST requirements and effectively counter phishing attacks, we announced the preview of Azure AD cloud-native CBA across our commercial and US Government clouds.

CBA enables customers to use X.509 certificates on their PCs or smart cards to authenticate applications using Azure AD natively. This eliminates the need for additional infrastructure such as Active Directory Federation Services (ADFS) and reduces the risk inherent in using on-premises identity platforms.

Cloud-native CBA demonstrates Microsoft’s commitment to the federal Zero Trust strategy. It helps our government customers implement the most prominent phishing-resistant MFA, certificate-based authentication, in the cloud so they can meet NIST requirements. Read the documentation on Azure AD certificate-based authentication to get started.

Cross-tenant access settings for external collaboration

Our customers have told us they want more control over how external users access apps and resources. Earlier this month, we announced the preview of cross-tenant access settings for external collaboration.

This new capability enables organizations to control how internal users collaborate with external organizations that also use Azure AD. It provides granular inbound and outbound access control settings based on organization, user, group, or application. These settings also make it possible to trust security claims from external Azure AD organizations, including MFA and device claims (compliant claims and hybrid Azure AD joined claims). Consult the documentation on cross-tenant access with Azure AD External Identities to learn more.

More capabilities coming soon

We’re continuing to work on new capabilities to help government organizations meet Zero Trust security requirements:

  • The ability to enforce phishing-resistant authentication for employees, business partners, and vendors for hybrid and multi-cloud environments.
  • Comprehensive phishing-resistant MFA support, including remote desktop protocol (RDP) scenarios.

Resources for your Zero Trust journey

Microsoft is committed to helping the public and private sectors with a comprehensive approach to security that’s end-to-end, best-in-breed, and AI-driven.

To advance your Zero Trust implementation, we offer the following:

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity.

The post US Government sets forth Zero Trust architecture strategy and requirements appeared first on Microsoft Security Blog.

4 best practices to implement a comprehensive Zero Trust security approach

February 17th, 2022 No comments

Today’s threat actors don’t see barriers, they see opportunities. As the old firewalls protecting the corporate network become obsolete amid the rush to adopt a hybrid workspace, implementing Zero Trust security has become an imperative across all sectors, both public and private. During this time of unprecedented change, Microsoft Security is committed to helping you be fearless in pursuing your vision for growth and success.

Because an effective Zero Trust approach needs to operate holistically across your complex digital estate, Microsoft Security solutions function as a unified whole to protect your people, data, and business. We’re uniquely positioned to simplify and strengthen security across your entire enterprise—even integrating easily with your existing third-party products. In this blog, we’ll look at four guidelines for implementing a comprehensive Zero Trust strategy that can help your organization continue to move forward confidently in these uncertain times.

Identities and endpoints as their authentication and compliance requests are intercepted by the Zero Trust Policy for verification before being granted access to networks and the data, apps, and infrastructure they’re composed of.

Figure 1. Microsoft Zero Trust architecture.

1. Build Zero Trust with comprehensive coverage

Despite what the name implies, a Zero Trust approach empowers organizations to grant employees greater freedom across all data, apps, and infrastructure. In a recent Microsoft-commissioned study conducted by Forrester Consulting, The Total Economic Impact™ (TEI) of Zero Trust Solutions From Microsoft, the principal architect at a logistics firm described how Microsoft’s comprehensive Zero Trust implementation allowed them to create a bring your own device (BYOD) program for the company’s seasonal frontline workers, leading to efficiency gains. “Before, our seasonal workers would have to be paired with our full-time employees when [performing field visits]. But now, they can go out on their own.”

The interviewees said that “by implementing Zero Trust architecture, their organizations improved employee experience (EX) and increased productivity.” They also noted, “increased device performance and stability by managing all of their endpoints with Microsoft Endpoint Manager.” This had a bonus effect of reducing the number of agents installed on a user’s device, thereby increasing device stability and performance. “For some organizations, this can reduce boot times from 30 minutes to less than a minute,” the study states. Moreover, shifting to Zero Trust moved the burden of security away from users. Implementing single sign-on (SSO), multifactor authentication (MFA), leveraging passwordless authentication, and eliminating VPN clients all further reduced friction and improved user productivity.

Zero trust solutions and their capabilities, including Microsoft Endpoint Manager, Azure Active Directory, and Microsoft Sentinel.

Figure 2. Microsoft Zero Trust solutions and capabilities.

2. Strengthen Zero Trust with AI and integration

The Forrester study also found that “existing solutions failed to provide the high-fidelity signals, comprehensive visibility, and end-to-end self-healing capabilities needed to defend against today’s sophisticated attackers and volume of cyberthreats.” For the interviewed organizations, “prior solutions could not provide telemetry of a threat’s effect on data, a user’s exact activity on the network, or a timeline for effective remediation.” And because the organizations relied on security solutions from multiple vendors, “consolidating telemetry information for triage and analytical work was difficult and time-consuming.”

Microsoft Sentinel solves the problem of vulnerable security silos by providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. As a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution, Microsoft Sentinel uses AI to eliminate security infrastructure setup and maintenance by automatically scaling to meet user needs. Because Microsoft Sentinel is available out of the box with service-to-service connectors, it’s easy to gain real-time integration with Microsoft 365 Defender, Microsoft Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.

Any truly comprehensive Zero Trust implementation requires functionality across multiple platforms. Microsoft Sentinel also contains 30 new out-of-the-box data connectors for Cisco, Salesforce Service Cloud, Google Workspace, VMware ESXi, Thycotic, and many more. These data connectors include a parser that transforms the ingested data into Microsoft Sentinel normalized format, enabling better correlation for end-to-end outcomes across security monitoring, hunting, incident investigation, and response scenarios. Microsoft Sentinel automates routine tasks—with a 90 percent reduction in alert fatigue—so, your security team can focus on the most critical threats.

For example, by adhering to the values of Zero Trust, the Microsoft security operations center (SOC) assumes that any device or user can be breached. That means we end up scrutinizing roughly 600 billion security events each month. But because we utilize Microsoft Sentinel and our other security tools that leverage machine learning, threat intelligence, and data science, we’re able to filter 600 billion monthly events down to around 10,000 alerts. We also use Microsoft Defender for Endpoint Automated Investigation and Response (AIR) capabilities to find and fix low-level malware instances and other nuisance alerts. Microsoft Defender for Endpoint AIR capabilities can also clean up a device, delete the service, erase the file, and tell us when the problem has been remediated. This reduces noise for our SOC and helps shrink those 10,000 monthly alerts down to a manageable 3,500 cases for investigation. Whittling those numbers down is what helps us—and you—zero in on real threats.

3. Simplify for easier compliance and identity and access management (IAM)

The five organizations in the Forrester study struggled to comply with regulatory requirements because “the complexity of their IT environments made it difficult to audit their environments or effectively implement governance policies.” Sound familiar? Fortunately, Zero Trust requirements can sometimes exceed some compliance requirements; meaning, organizations sometimes find that they’re better off than they had been previously.

As a feature in the Microsoft 365 compliance center, Microsoft Compliance Manager solves this common problem with intuitive management and continuous assessments—from taking inventory of data risks to implementing controls, staying current with regulations and certifications, and reporting to auditors. Compliance Manager’s machine learning and analytics even help sort through relevant data to respond to your legal, regulatory, and internal obligations based on requirements from the International Organization of Standardization (ISO), National Institute of Standards and Technology NIST), Cybersecurity and Infrastructure Security Agency (CISA), and General Data Protection Regulation (GDPR). It automatically measures your progress toward completing necessary actions—providing a compliance score around data protection and regulatory standards—along with workflow capabilities and built-in control mapping to help carry out improvements.

To make compliance even easier, the new Microsoft Sentinel: Zero Trust (TIC 3.0) Workbook features a redesigned user interface, new control card layouts, dozens of new visualizations, and better-together integrations with Microsoft Defender for Cloud to monitor compliance posture deviations across each TIC 3.0 control family. The new workbook also provides a mechanism for viewing log queries, Azure Resource Graph, metrics, and policies aligned to TIC 3.0 controls—enabling governance and compliance teams to design, build, monitor, and respond to Zero Trust requirements across 25 plus Microsoft products.

Microsoft also offers more than 300 pre-built risk assessment templates to help you comply with evolving regulations, as well as integrated workflows to help ensure the right people across security, HR, legal, and compliance can investigate as soon as a risk is identified. The director at a manufacturing firm explained that “Microsoft Secure Score reduced the time it took us to be compliant with the California Consumer Privacy Act (CCPA) and GDPR. And Azure AD and Microsoft 365 E5 really enhance our security capabilities.” Secure Score simplifies your security posture by providing centralized visibility across all your Microsoft 365 workloads. This helps identify potential improvements, as well as benchmark your organization’s status over time. Embedded guidance enables you to evaluate each recommendation and determine which vectors of attack are a priority, and how they can be mitigated.

Organizations in the Forrester study also stated that “Legacy infrastructures made it difficult for IAM teams to meet organizational security requirements and the needs of their users.” Azure Active Directory integration enabled these businesses to streamline sign-in and easily deploy applications companywide, as well as enable SSO and automate user provisioning. These efficiency gains allowed their IAM teams to focus on improving security by implementing additional Zero Trust policies. By adopting Azure AD, the IAM teams also reduced time spent managing IAM infrastructure, provisioning and de-provisioning users, managing vendors, and dealing with application downtime and remediation.

4. Look for best-in-breed protection 

When looking for a Zero Trust solution you can rely on, there’s a confidence that comes from knowing your security provider has seen more than 40 percent year-over-year growth and more than USD10 billion in revenue. As Thomas Mueller-Lynch, Service Owner Lead for Digital Identity at Siemens put it, “There aren’t too many vendors on the planet that can create a solution capable of providing consolidated insights into large, complex environments like ours. That’s why we chose Microsoft.”

Microsoft Security is a leader in five Gartner Magic Quadrants and eight Forrester Wave™ categories and ranked the highest in the MITRE Engenuity® ATT&CK Evaluation. Microsoft was also named a Leader in IDC MarketScape for Modern Endpoint Security. By unifying security, compliance, and identity, we can help you improve productivity and protect your entire environment—from Windows and macOS to Linux, iOS, Android, and Amazon Web Services (AWS). For built-in intelligence, easy integration, and simplified management that addresses all three Zero Trust pillars, Microsoft Security provides the comprehensive solution you need to move forward—fearless. 

Learn more

  • Be fearless—evaluate your security posture today.
  • Explore our Zero Trust approach to comprehensive security.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post 4 best practices to implement a comprehensive Zero Trust security approach appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

Cybersecurity threats are always changing—staying on top of them is vital, getting ahead of them is paramount

February 9th, 2022 No comments

With a 1,070 percent increase in ransomware attacks year-over-year between July 2020 and June 2021, staying on top of attack trends—such as ransomware and supply chain threats—is more important than ever.1 To successfully detect and defend against security threats, we need to come together as a community and share our expertise, research, intelligence, and insights.

Microsoft Security Insider is a site for business leaders focused on cybersecurity to get the latest news, insights, threat intelligence, and perspectives on top-of-mind topics in cybersecurity. As we analyze over 24 trillion threat signals daily and engage with hundreds of thousands of customers, our objective is to share our unique perspective on the threat landscape and the top challenges facing security practitioners and Chief Information Security Officers (CISOs) today. This is the place where you’ll get our insight on the latest threat trends, security intelligence, learn about CISO perspectives, hear from security leaders working behind the scenes, and get actionable guidance and approaches to help you secure your organization. Today on Microsoft Security Insider, you’ll find our recent Cyber Signals report that addresses the dangerous mismatch in identity security controls versus attacks—illuminating identity as the new battleground. You’ll also find reports on the threat landscape and IoT adoption, as well as perspectives from security innovators. Here are a few more highlights:

Preparing for attacks

Change brings opportunity. Exciting technology advances have supported a remote workforce and enabled organizations to remain productive in a changing environment. Unfortunately, increasingly complex digital environments have given cybercriminals new vulnerabilities to exploit. Attempts to trick workers into revealing sensitive information through work-related phishing are on the rise—in fact, you may be surprised to learn that 88 percent of security leaders say phishing attacks have affected their organizations.

Often, it’s a simple error in security fundamentals—like neglecting to enable a certificate—that leads to a security breach. In the CISO Insider report, security leaders share seven security strategy fundamentals, including gaining visibility into their environment, educating users, and managing vulnerabilities. I’d also advise planning and practicing your plan with your team to make sure you’re prepared for a security incident. After all, about 4,000 cybercrime attacks are committed every day in the United States.2 The reality today is that if you can be hacked, there’s a good chance you will be.

Defending the supply chain

An extremely connected and complex supply chain makes it a ripe target for cybercriminals. Open source supply chain attacks are up 650 percent year-over-year from 2020.3 In our public briefing, you’ll find details about the average number of vendors in a company’s supply chain. Hint: it’s probably higher than you think. You’ll also hear from a manufacturing consumer packaged goods CISO who said Zero Trust is “getting a new life” in his industry. My colleague, Rob Lefferts, shares three principles of the Zero Trust security model, which takes a proactive, integrated approach to security, that can help security leaders protect their supply chains.

Addressing the talent shortage

In November 2021, a record 4.5 million people in the US quit their jobs, with a historic rise reported in all four US regions.4 More than 40 percent of employees worldwide are considering quitting their jobs in 2022. You probably have heard of the term used to describe this labor shortage trend—the Great Resignation. Even before the pandemic, cybersecurity was struggling with a labor shortage. CISOs are understandably concerned about affording, finding, and retaining top talent—or attracting new talent if they can’t.

Security leaders must get innovative to address this challenge and some are exploring the concept of “security is everyone’s job.” That means making sure development teams, system administrators, and users all understand security policies and risks. On the Microsoft Security Insider, you’ll read the story of a legal services CISO whose company deputized IT members as security representatives.

Explore Microsoft Security Insider

I always learn something interesting during my conversations with security professionals, researchers, and threat intelligence experts. I’m so thrilled that, now with the Microsoft Security Insider, I can share these insights and behind-the-scenes stories with everyone. Visit Microsoft Security Insider for insights from a community of security experts and get more details on everything I covered here and more.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1How CISOs are preparing to tackle 2022, Vasu Jakkal, Microsoft. January 25, 2022.

2Cyber Security Statistics 2020, William Goddard, IT Chronicles. May 27, 2021.

32021 State of the Software Supply Chain: Open Source Security and Dependency Management Take Center Stage, Matt Howard, Sonatype. September 1, 2021.

4A record 4.5 million people quit their jobs in November, Reuters. January 4, 2022

The post Cybersecurity threats are always changing—staying on top of them is vital, getting ahead of them is paramount appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

Learn about 4 approaches to comprehensive security that help leaders be fearless

January 13th, 2022 No comments

The last 18 months have put unprecedented pressure on organizations to speed up their digital transformation as remote and hybrid work continue to become the new normal. Yet even with all the change and uncertainty, having the right security support system in place means your organization can still move forward confidently to turn your vision into reality. I’ve seen our customers demonstrate this fearlessness every day, and I love learning from them as we stand together against ongoing threats.

According to the Microsoft Zero Trust Adoption report,1 security is the top concern for organizations moving to hybrid work, and it’s the number one reason that security professionals are adopting a Zero Trust approach. According to the report, only 31 percent of organizations that reported being ahead with their Zero Trust implementation were impacted by NOBELIUM, the perpetrators of the SolarWinds attack.2 Compare that to the 75 percent negatively affected by this devastating cyberattack that reported lagging behind in their Zero Trust implementation.

Zero Trust Adoption Report bar chart showcasing the varying levels of Zero Trust adoption across Microsoft Exchange, Zoom Credentials, SolarWinds, Robinhood, Intel, and Fireye.

Figure 1: Negative impacts of cyberattacks in relation to Zero Trust implementation.

Knowing that your organization is protected from such threats, both external and internal, helps build the confidence you need to succeed. Zero Trust is a strategy that will help you get there. At Microsoft Security, we’re embracing the new reality of hybrid work by providing comprehensive security with best-in-breed coverage—driven by AI and simplified for easy management—so you can be fearless in the pursuit of your vision. In this blog, I’ll share some of our customers’ stories and how they’ve empowered their teams to move forward with confidence during this time of unprecedented change.

1. Comprehensive means coverage of your entire environment

Microsoft unifies security, compliance, identity, and management to help you improve productivity and protect your entire digital estate. By providing an end-to-end solution, we’re able to integrate layers of protection across multiple clouds, platforms, endpoints, and devices—Windows, macOS, Linux, iOS, Android, Amazon Web Services (AWS), Workday, Salesforce, and more. This comprehensive approach reduces the risk of data breaches as well as compliance and privacy missteps. Once the user sets the polices, Microsoft solutions provide data governance that can help enact better security.

Flow chart showcasing identities and endpoints as their authentication and compliance requests are intercepted by the Zero Trust Policy for verification before being granted access to Networks and the data/apps/infrastructure they’re composed of.

Figure 2: Microsoft Zero Trust architecture.

More than providing products and services, we collaborate with our customers to understand their environments and build solutions that fit their needs. One such collaboration was with Siemens where they moved from traditional on-premises security to a scalable, flexible solution to fit the company’s complex environment. Having built its reputation for innovation across diverse industries—energy, healthcare, industrial automation, building control systems, and more—research and development continues to play a vital role in the company’s success. For that reason, protecting the company’s staff and intellectual property is always top of mind. And with offices in 200 countries, managing cybersecurity amid a global landscape of shifting compliance and security regulations provides an ongoing challenge.

“There aren’t many vendors on the planet that can create a solution capable of providing consolidated insights into large, complex environments like ours. That’s why we chose Microsoft.”—Thomas Mueller-Lynch, Service Owner Lead, Digital Identity, Siemens.

“The sheer size of Siemens challenges us as to how we provide the best possible security,” explained Peter Stoll, Cybersecurity Officer and Program Lead for Zero Trust at Siemens IT Worldwide. “We like to make sure we get the benefits of emerging technologies.”

When Siemens decided to make the move from on-premises security to a Zero Trust approach, it turned to Microsoft Security. Their IT team implemented a range of security solutions through their Microsoft 365 subscriptions, including Microsoft Azure Active Directory (Azure AD) with Conditional Access as a policy engine, Microsoft Information Protection, Microsoft Defender for Endpoint, Microsoft Defender for Identity, and other solutions—creating a blueprint for ongoing security enhancements. “We chose the best of suite approach with the Microsoft 365 E5 solution,” explained Mueller-Lynch. “Now we have an overview of our environment that helps us react in real-time and defend against attacks proactively.”

2. Comprehensive isn’t just coverage—it’s best-in-breed protection

Today’s organization not only requires security coverage across their threat landscape but also the confidence that comes with knowing that your provider has a proven track record. Microsoft is a leader in five Gartner Magic Quadrants and eight Forrester Wave categories, and we ranked the highest in the MITRE Engenuity® ATT&CK Evaluations. Microsoft was also named a Leader in IDC MarketScape for Modern Endpoint Security. With best-in-breed protection across the Zero Trust security fundamentals shown in Figure 2, Microsoft provides a security safety net that’s not only comprehensive and fully integrated, but durable for the future. Microsoft’s comprehensive solution has innovation at its heart.

Duck Creek Technologies serves the global property and casualty insurance industry by providing cloud-based, software as a service (SaaS) solutions that help insurance carriers operate faster and smarter. When the company’s existing security information and event manager (SIEM) neared the limits of its processing capabilities, Duck Creek needed to upgrade without losing critical data or reducing its ability to detect threats. “Security is a very big part of how we’ve created the relationships we have with our illustrious list of customers,” says John Germain, Vice President and Chief Information Security Officer, Duck Creek Technologies. “I wanted to be sure that the solution we shifted to was best-in-class. Because Microsoft steadily improves its products and solutions to stay ahead of competing offerings, I know we’re in good hands.”

Duck Creek made a quick and painless migration to both Microsoft Defender for Cloud and Microsoft Sentinel. The company also uses Microsoft Endpoint Manager to manage its mobile-device security policies. Combining this functionality, Duck Creek has created single-pane-of-glass visibility for its remote workforce. “We now have incredible visibility across our entire technology stack, all in one place,” says Germain.

3. Integration and AI power Zero Trust security

Like Siemens, shifting from on-premises security to a multi-layered Zero Trust approach required the investment platform company eToro to reassess its infrastructure. As a social investing platform with more than 17 million registered users across more than 100 countries, their IT team has a lot to cover. “When we were operating our traditional third-party antivirus in parallel with our Microsoft solutions, we noticed that Microsoft Defender for Endpoint was acting as our first barrier against attackers. And in 99 percent of incidents, it was the first to detect and act on threats,” says Shay Zakai, Director of Corporate IT, eToro.

That level of protection gave eToro the confidence to remove its third-party antivirus software and rely on Microsoft’s comprehensive, integrated layers for Zero Trust security. That native integration enables Microsoft’s intelligent tools to cut alert volume by 90 percent while automatically remediating up to 97 percent of endpoint attacks. Today, eToro makes ample use of multiple components within Microsoft Defender for Endpoint—threat and vulnerability management, attack surface reduction, endpoint detection and response (EDR), and automatic investigation and remediation—to protect their global operations.

“Microsoft Cloud App Security [Microsoft Defender for Cloud Apps] gives us the ability to analyze and classify information from Google Workspace and our other third-party apps in conjunction with Microsoft’s compliance tools,” Zakai explains. “That level of information gives us the power to restrict activities and enforce regulations as we see fit.”

eToro also integrates Microsoft Intune, a component of Microsoft Endpoint Manager, for their mobile device and mobile application management. By adopting Microsoft’s integrated, AI-driven security, eToro not only automated threat detection and remediation but also increased mobility for employees while reducing their operating costs. “Because of our adoption of Intune and Microsoft Defender for Endpoint, we had virtually no security concerns as we adapted to COVID-19,” says Zakai. “We were more than 90 percent ready to move to a work-from-home model on day one of the crisis.”

4. Simplicity is stronger

Most security professionals agree that security silos bring risks.3 Microsoft enables organizations to simplify and strengthen their security by consolidating up to 50 disparate products—integrating with other tools to streamline investigation and remediation. When MVP Healthcare decided to divest from the numerous redundant security licenses they’d been relying on, it turned to Microsoft Security for a simpler, more easily managed security posture. The company was using roughly 300 different vendor solutions, many of them designed for specialized functions, and Chief Information Officer (CIO) Michael Della Villa wanted to simplify.

After replacing their legacy security solutions with Microsoft Sentinel, Microsoft Defender for Cloud, Azure Firewall, and other Microsoft security solutions, MVP Healthcare’s IT team was freed up to concentrate on crucial tasks that require human attention. “Microsoft offers the cohesive solution we need,” Della Villa says. “We spent so much time trying to maintain the prior system that we weren’t actually using it. Now we easily get very detailed information from Microsoft Sentinel because it’s so well connected across all of our Microsoft solutions. The focus and clarity we’ve gained is a crucial benefit.”

MVP Healthcare also uses Microsoft Defender for Cloud to protect hybrid workloads. “Alerts from Microsoft Defender for Cloud, Microsoft Defender for Cloud Apps, and other solutions are chained together in an actionable way,” adds MVP Healthcare cybersecurity consultant James Greene. “The entire security suite is seamlessly connected. We appreciate that because we can build a comprehensive policy for dealing with security issues in one place.”

As a global leader in technology manufacturing for IoT systems, machine automation, and embedded computing, Advantech found itself the target of a widely publicized ransomware attack in November 2020. The attack was limited to corporate network servers and was quickly mitigated, but it served as a wakeup call. Future threats could affect factory production, delay customer deliveries, lead to theft of sensitive intellectual property, and even result in safety risks.

“We did many proof of concepts (POCs) with many different vendors, but no one met our needs,” says Kevin Lin, IT Manager at Advantech. “We wanted a comprehensive solution to create better efficiency and visibility. We needed security without affecting efficiency on the client side, or requiring specialist installation and configuration by administrators. We decided on Microsoft.”

According to Kevin, Microsoft Security offers a distinct advantage in its holistic approach to services and security. “Other solutions were a little siloed, specialized, and required individual testing—both for the product and support,” he says. “Many didn’t adequately address operational technology (OT) requirements for manufacturing plants, and we recognized that Advantech’s environment called for a comprehensive solution like Microsoft Security, not a collection of solutions.”

Advantech’s security team is now looking to further raise visibility into their IoT and OT risk with agentless, network-layer security provided by Microsoft Defender for IoT—including asset discovery, vulnerability management, and continuous threat monitoring with anomaly detection. “We didn’t have staff dedicated to figuring out our security situation in our manufacturing plants (where IT security isn’t their specialty),” Kevin says. “This attack alerted senior management that they needed to deploy OT security monitoring in our factory networks as well.”

Helping you be fearless

Across the world with organizations of all sizes, from startups to multinational corporations, we see security teams behind the scenes quietly being fearless in achieving their goals. Despite the threats they face daily, these unsung leaders bravely continue the journey of helping their organizations digitally transform. They and you are the reason we want to show up for this important work. By providing not just comprehensive security, but best-in-breed protection with deep intelligence and simplified experiences—Microsoft Security is right there beside you. We want to help you secure everything and be fearless, and turn your vision into reality. To hear from our customers in their own words, visit Customer Stories to learn more. We look forward to our journey together, being fearless, and empowering each other to thrive!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Zero Trust Adoption Report, Microsoft Security, Hypothesis Group 2021. July 2021.

2The hunt for NOBELIUM, the most sophisticated nation-state attack in history, John Lambert, Microsoft Security. 10 November 2021.

3Why Security Can’t Live In A Silo, Douglas Albert, Forbes Technology Council, Forbes. 5 October 2020.

The post Learn about 4 approaches to comprehensive security that help leaders be fearless appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study

January 12th, 2022 No comments

In the last two years, we’ve seen a staggering increase in the adoption of cloud-based services, remote work solutions, bring your own device (BYOD), and IoT devices as organizations digitally transform themselves to enable a hybrid workforce.1 Zero Trust has become the essential security strategy for successfully preventing data breaches and mitigating risk in today’s complex cybersecurity landscape.

Implementing a Zero Trust security strategy, however, is a significant undertaking that requires in-depth planning, cross-company collaboration, and resources. Organizations need solutions that simplify and accelerate the adoption of Zero Trust by offering flexibility, integration, and a meaningful return on investment.

In the commissioned study The Total Economic ImpactTM of Zero Trust solutions from Microsoft, Forrester Consulting reports that adoption of Microsoft solutions to implement a Zero Trust security strategy delivers:

  • A three-year 92 percent return on investment (ROI) with a payback period of fewer than six months.  
  • A 50 percent lower chance of a data breach
  • Numerous efficiency gains of 50 percent or higher across security processes.
Total Economic Impact of implementing Zero Trust with Microsoft shows 92 percent R O I and $11.6 million N P V.

To better understand the benefits, costs, and risks associated with this investment, Forrester Consulting interviewed eight decision-makers with experience using Microsoft Security solutions to implement a Zero Trust security strategy. These customers were able to improve their security posture, reduce costs, achieve greater business agility, and increase efficiency in managing security. 

Improved security posture 

Data breaches can be incredibly costly as organizations work to recover their environment and brand reputation. Forrester found that by adopting Microsoft security solutions for their Zero Trust strategy, organizations were able to reduce not only the risk of a breach but also the potential for regulatory violations. Customers also reported significant improvements in their security postures since beginning their journeys, a reduction of shadow IT, and increased compliance by meeting various regulatory requirements. 

Data breach risk reduced by half.

Enhanced security reduced the risk of a data breach by 50 percent. Improved authentication, network, and endpoint security protocols coupled with increased visibility into the network allowed organizations to better protect themselves from data breaches. And with network segmentation, financial losses were contained in the event of a breach.

“[Implementing strong authentication strategies has] allowed us to provide our employees with a better, more secure environment.”—Principal Architect, Logistics

Reduced cost 

A comprehensive adoption of Zero Trust involves a significant transformation of the entire security strategy—and with it, a restructuring of costs. By eliminating legacy systems and improving processes, organizations uncover significant cost savings opportunities across the entire cybersecurity organization.  

With Microsoft Security solutions, customers were able to simplify their security strategy and retire unnecessary legacy software and infrastructure, resulting in cost savings of over USD7 million. This eliminates redundant security solutions delivered on average a $20 per employee per month savings.

Calls placed to IT and help desk decreased by half.

Process efficiencies also led to cost savings. Calls placed to IT and help desk analysts decreased by 50 percent over a three-year period. The mean time to resolve (MTTR) per inquiry also decreased by 15 percent, leading to a total net present value (NPV) of USD1,773,095 over the three years. In addition, advanced audit and discovery capabilities in the Microsoft solution stack reduced the resources required for audit and compliance management by 25 percent, saving USD2 million NPV.

Greater business agility  

A simplified security architecture through Zero Trust improves business agility. Through efficient system management and user access, organizations can move quickly to pursue business opportunities, and support remote work while managing risk.

80 percent less effort required to secure new infrastructure.

Microsoft Security solutions reduced the effort required to provision and secure new infrastructure by 80 percent through automated provisioning of new systems, from SQL servers to virtual machines for new applications. The time required to provision new infrastructure went from several months to days. Meanwhile, workers improved their productivity through better access. Frontline workers gained efficient access to business-critical applications and systems of record, saving them an average of 30 minutes per week.  

With many of the Microsoft solutions that support Zero Trust available on a software as a service (SaaS) basis, organizations can quickly expand or contract their environment without needing to purchase additional hardware or dedicate resources to implement changes. 

“[Using Microsoft security solutions] has allowed us to focus more on our future as opposed to worrying about infrastructure.”—Identity Engineer, Manufacturing 

Efficient security management  

Most organizations dedicate too much time to triaging, investigating, and remediating alerts. A simplified Zero Trust security framework can reduce management time, both by cutting down the number of security incidents and by improving security response. 

Reduced management time by half due to improved security processes.

Customers that had implemented Microsoft’s Zero Trust security framework reported a 50 percent reduction in management time due to improved security processes. Security teams were able to provision and secure new infrastructure 80 percent more quickly and accelerate the process to set up users on new devices. They were able to more quickly remediate security issues using built-in automation in Microsoft solutions such as Microsoft Sentinel, Microsoft Azure Active Directory (Azure AD), and Microsoft 365 Defender.

“Azure AD has definitely allowed us to become more agile. We can make changes on a dime. Whereas, with our legacy system, product changes were far more cumbersome and painful. With our previous identity and access management (IAM) solution, we often had to write custom code and update our IAM solution across multiple data centers [and] then troubleshoot any problems. With Azure AD, everything is handled by Microsoft. This has allowed us to free up some of our resources and dedicate them to migrating our remaining applications to Azure AD.”—Principal Architect of Technical Services, Logistics Firm

Embrace proactive security with the Microsoft Zero Trust framework 

Zero Trust is the essential security strategy in today’s hybrid work environment. A complicated IT landscape of remote and group office users introduces more digital attack surfaces and risk, as perimeters are increasingly fluid. With security products and services that verify explicitly, grant least privileged access, and assume breaches, the Microsoft Zero Trust framework supports a proactive, integrated approach to security across all layers of the digital estate. We look forward to continuing to serve and protect our customers with a comprehensive Zero Trust strategy and solutions.

Learn more

  • Read our Zero Trust position paper for key insights, an example of a comprehensive security architecture, and a maturity model to help accelerate your adoption. 

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1 New insights on cybersecurity in the age of hybrid work, Bret Arsenault, Microsoft Security, Microsoft. 27 October 2021.

The post Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study

January 12th, 2022 No comments

In the last two years, we’ve seen a staggering increase in the adoption of cloud-based services, remote work solutions, bring your own device (BYOD), and IoT devices as organizations digitally transform themselves to enable a hybrid workforce.1 Zero Trust has become the essential security strategy for successfully preventing data breaches and mitigating risk in today’s complex cybersecurity landscape.

Implementing a Zero Trust security strategy, however, is a significant undertaking that requires in-depth planning, cross-company collaboration, and resources. Organizations need solutions that simplify and accelerate the adoption of Zero Trust by offering flexibility, integration, and a meaningful return on investment.

In the commissioned study The Total Economic ImpactTM of Zero Trust solutions from Microsoft, Forrester Consulting reports that adoption of Microsoft solutions to implement a Zero Trust security strategy delivers:

  • A three-year 92 percent return on investment (ROI) with a payback period of fewer than six months.  
  • A 50 percent lower chance of a data breach
  • Numerous efficiency gains of 50 percent or higher across security processes.
Total Economic Impact of implementing Zero Trust with Microsoft shows 92 percent R O I and $11.6 million N P V.

To better understand the benefits, costs, and risks associated with this investment, Forrester Consulting interviewed eight decision-makers with experience using Microsoft Security solutions to implement a Zero Trust security strategy. These customers were able to improve their security posture, reduce costs, achieve greater business agility, and increase efficiency in managing security. 

Improved security posture 

Data breaches can be incredibly costly as organizations work to recover their environment and brand reputation. Forrester found that by adopting Microsoft security solutions for their Zero Trust strategy, organizations were able to reduce not only the risk of a breach but also the potential for regulatory violations. Customers also reported significant improvements in their security postures since beginning their journeys, a reduction of shadow IT, and increased compliance by meeting various regulatory requirements. 

Data breach risk reduced by half.

Enhanced security reduced the risk of a data breach by 50 percent. Improved authentication, network, and endpoint security protocols coupled with increased visibility into the network allowed organizations to better protect themselves from data breaches. And with network segmentation, financial losses were contained in the event of a breach.

“[Implementing strong authentication strategies has] allowed us to provide our employees with a better, more secure environment.”—Principal Architect, Logistics

Reduced cost 

A comprehensive adoption of Zero Trust involves a significant transformation of the entire security strategy—and with it, a restructuring of costs. By eliminating legacy systems and improving processes, organizations uncover significant cost savings opportunities across the entire cybersecurity organization.  

With Microsoft Security solutions, customers were able to simplify their security strategy and retire unnecessary legacy software and infrastructure, resulting in cost savings of over USD7 million. This eliminates redundant security solutions delivered on average a $20 per employee per month savings.

Calls placed to IT and help desk decreased by half.

Process efficiencies also led to cost savings. Calls placed to IT and help desk analysts decreased by 50 percent over a three-year period. The mean time to resolve (MTTR) per inquiry also decreased by 15 percent, leading to a total net present value (NPV) of USD1,773,095 over the three years. In addition, advanced audit and discovery capabilities in the Microsoft solution stack reduced the resources required for audit and compliance management by 25 percent, saving USD2 million NPV.

Greater business agility  

A simplified security architecture through Zero Trust improves business agility. Through efficient system management and user access, organizations can move quickly to pursue business opportunities, and support remote work while managing risk.

80 percent less effort required to secure new infrastructure.

Microsoft Security solutions reduced the effort required to provision and secure new infrastructure by 80 percent through automated provisioning of new systems, from SQL servers to virtual machines for new applications. The time required to provision new infrastructure went from several months to days. Meanwhile, workers improved their productivity through better access. Frontline workers gained efficient access to business-critical applications and systems of record, saving them an average of 30 minutes per week.  

With many of the Microsoft solutions that support Zero Trust available on a software as a service (SaaS) basis, organizations can quickly expand or contract their environment without needing to purchase additional hardware or dedicate resources to implement changes. 

“[Using Microsoft security solutions] has allowed us to focus more on our future as opposed to worrying about infrastructure.”—Identity Engineer, Manufacturing 

Efficient security management  

Most organizations dedicate too much time to triaging, investigating, and remediating alerts. A simplified Zero Trust security framework can reduce management time, both by cutting down the number of security incidents and by improving security response. 

Reduced management time by half due to improved security processes.

Customers that had implemented Microsoft’s Zero Trust security framework reported a 50 percent reduction in management time due to improved security processes. Security teams were able to provision and secure new infrastructure 80 percent more quickly and accelerate the process to set up users on new devices. They were able to more quickly remediate security issues using built-in automation in Microsoft solutions such as Microsoft Sentinel, Microsoft Azure Active Directory (Azure AD), and Microsoft 365 Defender.

“Azure AD has definitely allowed us to become more agile. We can make changes on a dime. Whereas, with our legacy system, product changes were far more cumbersome and painful. With our previous identity and access management (IAM) solution, we often had to write custom code and update our IAM solution across multiple data centers [and] then troubleshoot any problems. With Azure AD, everything is handled by Microsoft. This has allowed us to free up some of our resources and dedicate them to migrating our remaining applications to Azure AD.”—Principal Architect of Technical Services, Logistics Firm

Embrace proactive security with the Microsoft Zero Trust framework 

Zero Trust is the essential security strategy in today’s hybrid work environment. A complicated IT landscape of remote and group office users introduces more digital attack surfaces and risk, as perimeters are increasingly fluid. With security products and services that verify explicitly, grant least privileged access, and assume breaches, the Microsoft Zero Trust framework supports a proactive, integrated approach to security across all layers of the digital estate. We look forward to continuing to serve and protect our customers with a comprehensive Zero Trust strategy and solutions.

Learn more

  • Read our Zero Trust position paper for key insights, an example of a comprehensive security architecture, and a maturity model to help accelerate your adoption. 

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1 New insights on cybersecurity in the age of hybrid work, Bret Arsenault, Microsoft Security, Microsoft. 27 October 2021.

The post Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

Align your security and network teams to Zero Trust security demands

January 10th, 2022 No comments

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Jennifer Minella, Founder and Principal Advisor on Network Security at Viszen Security about strategies for aligning the security operations center (SOC) and network operations center (NOC) to meet the demands of Zero Trust and protect your enterprise.

Natalia: In your experience, why are there challenges bringing together networking and security teams?

Jennifer: Ultimately, it’s about trust. As someone who’s worked on complex network-based security projects, I’ve had plenty of experience sitting between those two teams. Often the security teams have an objective, which gets translated into specific technical mandates, or even a specific product. As in, we need to achieve X, Y, and Z level security; therefore, the networking team should just go make this product work. That causes friction because sometimes the networking team didn’t get a voice in that.

Sometimes it’s not even the right product or technology for what the actual goal was, but it’s too late at that point because the money is spent. Then it’s the networking team that looks bad when they don’t get it working right. It’s much better to bring people together to collaborate, instead of one team picking a solution.

Natalia: How does misalignment between the SOC and NOC impact the business?

Jennifer: When there’s an erosion of trust and greater friction, it makes everything harder. Projects take longer. Decisions take longer. That lack of collaboration can also introduce security gaps. I have several examples, but I’m going to pick healthcare here. Say the Chief Information Security Officer’s (CISO) team believes that their bio-medical devices are secured a certain way from a network perspective, but that’s not how they’re secured. Meaning, they’re secured at a lower level that would not be sufficient based on how the CISO and the compliance teams were tracking it. So, there’s this misalignment, miscommunication. Not that it’s malicious; nobody is doing it on purpose, but requirements aren’t communicated well. Sometimes there’s a lack of clarity about whose responsibility it is, and what those requirements are. Even within larger organizations, it might not be clear what the actual standards and processes are that support that policy from the perspective of governance, risk, and compliance (GRC).

Natalia: So, what are a few effective ways to align the SOC and NOC?

Jennifer: If you can find somebody that can be a third partysomebody that’s going to come in and help the teams collaborate and build trustit’s invaluable. It can be someone who specializes in organizational health or a technical third party; somebody like me sitting in the middle who says, “I understand what the networking team is saying. I hear you. And I understand what the security requirements are. I get it.” Then you can figure out how to bridge that gap and get both teams collaborating with bi-directional communication, instead of security just mandating that this thing gets done.

It’s also about the culturethe interpersonal relationships involved. It can be a problem if one team is picked (to be in charge) instead of another. Maybe it’s the SOC team versus the NOC team, and the SOC team is put in charge; therefore, the NOC team just gives up. It might be better to go with a neutral internal person instead, like a program manager or a digital-transformation leadersomebody who owns a program or a project but isn’t tied to the specifics of security or network architecture. Building that kind of cross-functional team between departments is a good way to solve problems.

There isn’t a wrong way to do it if everybody is being heard. Emails are not a great way to accomplish communication among teams. But getting people together, outlining what the goal is, and working towards it, that’s preferable to just having discrete decision points and mandates. Here’s the big goalwhat are some ideas to get from point A to point B? That’s something we must do moving into Zero Trust strategies.

Natalia: Speaking of Zero Trust, how does Zero Trust figure into an overarching strategy for a business?

Jennifer: I describe Zero Trust as a concept. It’s more of a mindset, like “defense in depth,” “layered defense,” or “concepts of least privilege.” Trying to put it into a fixed model or framework is what’s leading to a lot of the misconceptions around the Zero Trust strategy. For me, getting from point A to point B with organizations means taking baby stepsidentifying gaps, use cases, and then finding the right solutions.

A lot of people assume Zero Trust is this granular one-to-one relationship of every element on the network. Meaning, every user, every endpoint, every service, and application data set is going to have a granular “allow or deny” policy. That’s not what we’re doing right now. Zero Trust is just a mindset of removing inherent trust. That could mean different things, for example, it could be remote access for employees on a virtual private network (VPN), or it could be dealing with employees with bring your own device (BYOD). It could mean giving contractors or people with elevated privileges access to certain data sets or applications, or we could apply Zero Trust principles to secure workloads from each other.

Natalia: And how does Secure Access Service Edge (SASE) differ from Zero Trust?

Jennifer: Zero Trust is not a product. SASE, on the other hand, is a suite of products and services put together to help meet Zero Trust architecture objectives. SASE is a service-based product offering that has a feature set. It varies depending on the manufacturer, meaning, some will give you these three features and some will give you another five or eight. Some are based on endpoint technology, some are based on software-defined wide area network (SD-WAN) solutions, while some are cloud routed.

Natalia: How does the Zero Trust approach fit with the network access control (NAC) strategy?

Jennifer: I jokingly refer to Zero Trust as “NAC 4.0.” I’ve worked in the NAC space for over 15 years, and it’s just a few new variables. But they’re significant variables. Working with cloud-hosted resources in cloud-routed data paths is fundamentally different than what we’ve been doing in local area network (LAN) based systems. But if you abstract thatthe concepts of privilege, authentication, authorization, and data pathsit’s all the same. I lump the vendors and types of solutions into two different categories: cloud-routed versus traditional on-premises (for a campus environment). The technologies are drastically different between those two use cases. For that reason, the enforcement models are different and will vary with the products. 

Natalia: How do you approach securing remote access with a Zero Trust mindset? Do you have any guidelines or best practices?

Jennifer: It’s alarming how many organizations set up VPN remote access so that users are added onto the network as if they were sitting in their office. For a long time that was accepted because, before the pandemic, there was a limited number of remote users. Now, remote access, in addition to the cloud, is more prevalent. There are many people with personal devices or some type of blended, corporate-managed device. It’s a recipe for disaster.

The threat surface has increased exponentially, so you need to be able to go back in and use a Zero Trust product in a kind of enclave model, which works a lot like a VPN. You set up access at a point (wherever the VPN is) and the users come into that. That’s a great way to start and you can tweak it from there. Your users access an agent or a platform that will stay with them through that process of tweaking and tuning. It’s impactful because users are switching from a VPN client to a kind of a Zero Trust agent. But they don’t know the difference because, on the back end, the access is going to be restricted. They’re not going to miss anything. And there’s lots of modeling engines and discovery that products do to map out who’s accessing what, and what’s anomalous. So, that’s a good starting point for organizations.

Natalia: How should businesses think about telemetry? How can security and networking teams best use it to continue to keep the network secure?

Jennifer: You need to consider the capabilities of visibility, telemetry, and discovery on endpoints. You’re not just looking at what’s on the endpointwe’ve been doing thatbut what is the endpoint talking to on the internet when it’s not behind the traditional perimeter. Things like secure web gateways, or solutions like a cloud access security broker (CASB), which further extends that from an authentication standpoint, data pathing with SD-WAN routing—all of that plays in.

Natalia: What is a common misconception about Zero Trust?

Jennifer: You don’t have to boil the ocean with this. We know from industry reports, analysts, and the National Institute of Standards and Technology (NIST) that there’s not one product that’s going to meet all the Zero Trust requirements. So, it makes sense to chunk things into discrete programs and projects that have boundaries, then find a solution that works for each. Zero Trust is not about rip and replace.

The first step is overcoming that mental hurdle of feeling like you must pick one product that will do everything. If you can aggregate that a bit and find a product that works for two or three, that’s awesome, but it’s not a requirement. A lot of organizations are trying to research everything ad nauseum before they commit to anything. But this is a volatile industry, and it’s likely that with any product’s features, the implementation is going to change drastically over the next 18 months. So, if you’re spending nine months researching something, you’re not going to get the full benefit in longevity. Just start with something small that’s palatable from a resource and cost standpoint.

Natalia: What types of products work best in helping companies take a Zero Trust approach?

Jennifer: A lot of requirements stem from the organization’s technological culture. Meaning, is it on-premises or a cloud environment? I have a friend that was a CISO at a large hospital system, which required having everything on-premises. He’s now a CISO at an organization that has zero on-premises infrastructure; they’re completely in the cloud. It’s a night-and-day change for security. So, you’ve got that, combined with trying to integrate with what’s in the environment currently. Because typically these systems are not greenfield, they’re brownfield—we’ve got users and a little bit of infrastructure and applications, and it’s a matter of upfitting those things. So, it just depends on the organization. One may have a set of requirements and applications that are newer and based on microservices. Another organization might have more on-premises legacy infrastructure architectures, and those aren’t supported in a lot of cloud-native and cloud-routed platforms.

Natalia: So, what do you see as the future for the SOC and NOC?

Jennifer: I think the message moving forward is—we must come together. And it’s not just networking and security; there are application teams to consider as well. It’s the same with IoT. These are transformative technologies. Whether it’s the combination of operational technology (OT) and IT, or the prevalence of IoT in the environment, or Zero Trust initiatives, all of these demand cross-functional teams for trust building and collaboration. That’s the big message.

Learn more

Get key resources from Microsoft Zero Trust strategy decision makers and deployment teams. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Align your security and network teams to Zero Trust security demands appeared first on Microsoft Security Blog.

Microsoft unpacks comprehensive security at Gartner and Forrester virtual events

November 18th, 2021 No comments

Every day, Microsoft is committed to maintaining comprehensive security for all across our interconnected global community. With that purpose in mind, we recently sponsored the 2021 Gartner Security and Risk Summit and 2021 Forester Security and Risk Forum, where we discussed ongoing changes in the security landscape. As a Leader in five Gartner® Magic Quadrant™ reports and eight Forrester Wave™ categories, our team was keen to share insights about new threats, the evolution of Zero Trust security, managing compliance, risk, and privacy, and building tomorrow’s talent.

Comprehensive security

Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance & Identity, speaking with Phil Montgomery, General Manager for Security Product Marketing GTM, at the 2021 Gartner Security and Risk Summit.

Vasu Jakkal, Corporate Vice President (CVP) of Microsoft Security, Compliance, and Identity, sat down with Phil Montgomery, General Manager for Security Product Marketing GTM, at the 2021 Gartner Security and Risk Summit for a wide-ranging fireside chat on the evolving state of cybersecurity. Phil started by addressing the elephant in the room—how the past 18 months have altered the security landscape in ways we’re still trying to understand.

“When the pandemic started, businesses had to become digital overnight,” Vasu points out. “With employees turning to personal devices to get the job done, that meant we had an exponential increase in the amount of digital attack surfaces. We saw an incredible increase in the sophistication and frequency of cyberattacks.” Vasu cites the attack on Colonial Pipeline as an example of how attacks have become more sophisticated and relentless in 2021. She also cites the phenomenon of cybercriminals expanding their operations by offering ransomware as a service. “Organizations are facing new economic challenges along with those brought by hybrid environments—multi-cloud and multi-platform,” she reiterates. “All these factors have come together to increase the complexity we face in cybersecurity.”

“You can’t secure a door and leave a window open. You have to think about your security posture as an interdependent whole—both external and internal threats.”—Vasu Jakkal, CVP of Microsoft Security, Compliance, and Identity

Eliminating complexity is one reason why Microsoft chose to integrate Microsoft Sentinel, our cloud-native SIEM + SOAR solution, and Microsoft Defender, our extended detection and response (XDR) tool. Integrating the two solutions simplifies detection and response by providing a bird’s-eye view of your digital estate, as well as enabling your security operations center (SOC) to investigate and resolve incidents at a granular level. “That kind of visibility and rapid response can really make a difference in the early stages of a ransomware attack,” Vasu stresses. “The reality today is if you’re connected; you’re vulnerable. The only way to protect a remote workforce is to have left-to-right and top-to-bottom security. That means security, compliance, identity, device management, and privacy are all interdependent.”

Beyond the technology, Vasu also points out: “The number one thing every security leader should be doing right now is building and practicing a plan with all essential members of your team. Do you have a great communications plan? Do you have a great response plan?” She also stressed the importance of training and empowering employees at every level of the organization to identify suspicious activity and escalate it.

Zero Trust comes of age in 2021

Nupur Goyal, Microsoft Group Product Marketing Manager for Identity Security & Zero Trust and Microsoft Corporate Vice President of Program Management Alex Simons talking at the 2021 Forrester Security & Risk Forum.

Earlier this month at the 2021 Forrester Security and Risk Forum, Microsoft CVP of Program Management Alex Simons also sat down for another fireside chat with Nupur Goyal, Microsoft Group Product Marketing Manager for Identity Security and Zero Trust. Alex also was struck by the rapid changes in enterprise security over the past 18 months. “If you think about the world we were in before [the pandemic],” he explains, “you were mostly protecting desktop PCs and laptops; most of your apps were on-premise. You didn’t have to worry about nation-state attackers. That’s why it’s important for enterprises to move away from the old perimeter-based security model to a Zero Trust approach.”

“The thing to remember about a Zero Trust approach, as the saying goes: you don’t have to eat the whole elephant at once. Just gradually expand multifactor authentication across your employees, beginning with those that have the access to the most important applications.”—Alex Simons, Microsoft CVP of Program Management

For some organizations, Zero Trust requires a big shift in thinking. It’s a mindset that assumes all activity, even by known users, could be an attempt to breach your systems. Alex cites attackers who are now targeting identities—both through users and the software itself—as a new threat to consider. “You really need a system that can look at what your users and their devices are doing,” he explains. “That includes all the software services that can access your resources. It really has to be a comprehensive approach. The workload identities, the ones that are your software, that’s a new thing. And you want to make sure you have a good plan in place for that.”

Alex recommends organizations begin by applying multifactor authentication to all privileged admin accounts. He also pointed out the importance of making sure that every device accessing your resources is well-managed. “Microsoft Endpoint Manager and Microsoft Defender for Endpoint help achieve that. You want to be sure every device is encrypted and protected with a PIN, but also you want each to be in a clean state from an antivirus standpoint.”

Roughly 76 percent of Microsoft customers have already begun Zero Trust implementation. Because we’re now in a boundary-less world of hybrid work, Zero Trust is exactly the security approach that’s needed. The foundation of Zero Trust is based on the three guiding principles: verify explicitly, use least-privilege access, and assume breach. Microsoft is building an identity platform to simplify and secure all relationships among employees, partners, customers, workloads, and smart devices—whether you’re a developer, an IT administrator, or a user. “There are 579 attacks happening every second,” Vasu adds. “So, effective security has to start with a strong identity foundation. We see identity as the ‘trust fabric’ of this new boundaryless collaboration.”

Managing compliance, risk, and privacy

For organizations across every sector, a tremendous amount of data is accessed, processed, and stored every day. This, along with an ever-growing universe of data regulations, is creating complexity and compliance risk. “We have personal data, which is in movement and in flux all the time,” Vasu explains. “The lines between work and home networks are all blurring. So that creates a lot of pressure about how to protect data, and how to ensure that all regulations are being followed.”

Many organizations use manual processes to discover how much personal data they have stored. There’s often a lack of actionable insights to help mitigate security and privacy risks. That’s why Microsoft recently announced privacy management for Microsoft 365. This new solution helps organizations identify critical privacy risks, automate privacy operations, and empower employees to be smart when they’re handling sensitive data.

For chief information security officers (CISOs) and risk officers, Vasu proposes a four-fold solution for balancing compliance and privacy: First, know your data. “Who’s accessing your data?” she asks. “How is your data moving? Do you have the right label? Do you have the right sensitivities? How are you protecting against insider risk? Do you have the right permissions level?” Second, establish a baseline of activity and measure anomalies to that baseline. You can’t just look at the world through the auditors’ eyes—pass or fail. You need to help your team see how they’re making progress. Third, partner with providers who can help you stay on top of changes in laws and regulations in all markets where you operate. Fourth, establish a collaborative process internally to address the risks when they arise. “It’s not just a security problem; it’s an organizational problem,” she stresses. That means ensuring that HR, legal, compliance, and risk teams are all working with your security operations center.

Zero Trust is not just about outside-in protection; it’s also inside-out. Organizations need to build compliance protections into processes to defend against insider threats. “You can’t secure a door and leave a window open,” is how Vasu sums it up. “You have to think about your security posture as an interdependent whole—both external and internal threats.” Organizations can take an easy first step just by implementing passwordless technologies like Windows Hello for desktops or the Microsoft Authenticator app for mobile devices.

Building tomorrow’s talent

For almost every two cybersecurity jobs in the United States today, a third job is sitting empty because of a shortage of skilled people. That’s why Microsoft is launching a national campaign with United States community colleges to help skill and recruit 250,000 people into the cybersecurity workforce by 2025:

  • Community colleges are everywhere. There are 1,044 community colleges located in every state and territory, and in every setting: urban, suburban, rural, and tribal.
  • Community colleges are more affordable. Tuition averages just $3,770 annually (versus $10,560 for four-year public colleges). Moreover, 59 percent of community college students can access financial aid.
  • Community colleges are diverse. Students at community colleges are 40 percent Black or African American or Hispanic. In addition, 29 percent are among their family’s first generation to attend college, while 20 percent are students with disabilities, and 5 percent are veterans. And 57 percent of students at community colleges are women.

“In March of this year, we announced Microsoft’s Career Connector,” Vasu explains, “a service that will help place 50,000 job seekers skilled by Microsoft’s nonprofit and learning partners in the Microsoft ecosystem over the next three years.” Career Connector has a specific focus on women and underrepresented minorities in technology. “I’m proud to report that our global skills initiative has reached more than 30 million people in 249 countries,” she adds. Microsoft is also extending through the end of 2021 all the free courses and low-cost certifications offered in our global skilling initiative through Microsoft Learn. To help fill talent gaps in compliance, Microsoft also offers certification courses for security, compliance, and identity. “No matter who you are, you can be a defender.”

The attackers in today’s asymmetric cyberwar come from all backgrounds, ethnicities, and regions. For that reason, we as defenders need to be just as diverse. “Along with diversity, inclusion goes hand in hand,” Vasu explains. “It’s important that we commit to hiring from places we may have not thought about before, to build a place where everyone feels like they belong.” She sees solving the talent shortage as a three-step process: get more people aware of cybersecurity; help them build the skills they need; and create spaces where everyone feels they can do their best work. As Vasu sees it: “Ultimately, security is all about humans. Whether you’ve been in the workforce for 30 years and want a change, or you’re just starting your career; either way, there’s a place for you here.”

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft unpacks comprehensive security at Gartner and Forrester virtual events appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

Microsoft is recognized as a Leader in the 2021 Forrester Wave for Unified Endpoint Management

November 9th, 2021 No comments

Microsoft is honored to be recognized as a Leader in The Forrester Wave™: Unified Endpoint Management (UEM), Q4 2021 report for our ability to help customers on their path to modern endpoint management. Microsoft Endpoint Manager—which brings together Microsoft Intune for cloud endpoint management and Microsoft Endpoint Configuration Manager for endpoints on-premises—empowers organizations to protect their apps and devices across platforms for a resilient, productive workforce.

The Forrester report states that Microsoft “excels at helping customers migrate to modern endpoint management” and that its Desktop Analytics offers capabilities that are among the most advanced in the evaluation for enabling advanced automation alongside the cloud-connected Microsoft Graph API.

The Forrester Wave Unified Endpoint Management (UEM), Q4 2021 graphic positioning Microsoft near the top right hand corner under the Leaders position.

Endpoint Manager helps maximize the investments organizations have made in their digital estate through capabilities designed to optimize employee experiences on devices that have become their new workplace for today’s hybrid world. We have worked hard to simplify the path to endpoint cloud management and build capabilities that improve IT productivity as well as mitigate the risk of increasing cybersecurity threats on the expanding endpoint landscape. The Forrester report recognizes that Endpoint Manager continues to grow rapidly with our ability to scale and its inclusion in  Microsoft 365.

Insights help boost digital employee experiences

In the new hybrid world, employees around the globe are increasingly dependent on their devices and apps to keep them connected. We have seen growth in Windows devices under management—up more than 130 percent in the last year. As customers continue to work from home and adapt to the new reality of hybrid work, it’s clear that the endpoint is the new workplace and must be protected and managed. Insights into issues like app health and device boot time that can be addressed remotely by helpdesk or IT teams can improve productivity and reduce frustration. Endpoint analytics in Endpoint Manager brings new capabilities that help with digital employee experiences and has been broadly adopted by our customers for exactly that reason.

Hybrid work accelerates cloud migration

Organizations have been forced to rethink how to enable their workforce to be productive from anywhere, on any device, and that means that the calculus for cloud enablement has also changed. Our approach to cloud enablement keeps customers at the center and meets them where they’re at.  We take deliberate measures with Endpoint Manager to approach our customers’ need to maximize their existing investment of their endpoints on-premises. From refreshing our cloud configuration wizard to driving group policies into our settings catalog, we can extend the value of the cloud to co-managed endpoints, and at the same time continue to invest in helping customers move to cloud management at their own pace.

A cross-platform approach offers flexibility

We see customers continue to use both fully managed and unmanaged devices within their enterprises. Whether they adopt work profiles, mobile application management (MAM), device enrollment, or user enrollment, each of these have their place and Endpoint Manager supports customers for all the models. With Endpoint Manager, administrators can decide if they need the validation provided through Conditional Access protected resources at the device or app level. More than 80 percent of Endpoint Manager devices use Conditional Access with Microsoft Azure Active Directory.

At Microsoft Ignite 2021, we announced that we will soon introduce Linux to the platforms supported in Endpoint Manager. Simply building a management agent for Linux clients isn’t enough. Rather, devices need to be registered, managed, secured, and then they can be used to access Conditional Access protected resources. We are doing this across Microsoft 365 and are seeing a very broad usage of Conditional Access, which is at the very core of our Zero Trust solution. Our product strategy includes adding more capability over time, providing flexibility to check more stats on the device or app, increasing security, and improving productivity—and there’s still so much more to do.

We invite you to read the full Forrester report here.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft is recognized as a Leader in the 2021 Forrester Wave for Unified Endpoint Management appeared first on Microsoft Security Blog.

Evolving Zero Trust—Lessons learned and emerging trends

November 3rd, 2021 No comments

Looking back at the last two years, to say that our security strategies have evolved would be an understatement. Organizations around the world made overnight transitions to remote work models in response to a global pandemic, forcing them to reassess attack surface areas as they underwent an accelerated digital transformation. Meanwhile, cybercriminals seized new opportunities—introducing COVID-19-themed social engineering campaigns and accelerated ransomware attacks. Nation-state actors launched increasingly bold and sophisticated nation-state attacks.1

In this environment, security transformation has become key to survival. The mandate to explicitly verify every access request, focus on least privilege access overall, and constantly assume breach to maintain vigilance was made clear, as exemplified by calls from governments and businesses worldwide to accelerate the adoption of Zero Trust strategies.

Sidebar: Zero Trust is a proactive, integrated approach to security across all layers of the digital estate that explicitly and continuously verifies every transaction, asserts least privilege, and relies on intelligence, advanced detection, and real-time response to threats.

The evolution of Zero Trust

Microsoft has embraced Zero Trust to defend our own estate and as a guiding principle for the development of our products. We have also helped thousands of our customers—including Siemens— deploy Zero Trust strategies, accelerate their digital transformation, and increase frequency of advanced attacks using our Zero Trust architecture.

Microsoft Security's Zero Trust architecture flow chart depicting lessons learned from thousands of Zero Trust deployments.

Figure 1: Learnings across thousands of Zero Trust deployments have informed our Zero Trust architecture, which emphasizes the critical importance of integrating policy enforcement and automation, threat intelligence, and threat protection across security pillars.

Lessons learned and emerging trends

Today, we’re publishing the new whitepaper, Evolving Zero Trust, to share the key lessons we’ve learned by embracing Zero Trust at Microsoft and supporting thousands of organizations in their Zero Trust deployments. This informs our beliefs on Zero Trust implementations needed to evolve to adapt and keep organizations protected. We’re also sharing the evolution of our recommended Zero Trust architecture and maturity model that has been informed by these insights.

Highlights from the paper include:

Cover page of Microsoft Security's new whitepaper, Evolving Zero Trust.

  • Lessons from the most successful organizations: The last couple of years have reinforced the importance of applying Zero Trust comprehensively across the digital estate. Organizations that were furthest along in their journeys were more resilient against sophisticated attacks, improved user experiences, and reduced implementation and management costs. We also saw that successful organizations doubled down on automation and a robust Zero Trust governance strategy—both of which can improve security posture and time to remediation while reducing the workload on scarce security personnel.
  • Emerging industry trends: Zero Trust is a dynamic security model that continues to evolve to meet current threats and business realities. Going forward, we will see deeper integration of Zero Trust across pillars—leading to simplified policy automation, more advanced and intelligent threat detection, and more comprehensive attack mitigation. We also predict a wider adoption of the principles behind Zero Trust—verify explicitly, enforce least privilege access, and assume breach—to include the tools and processes used to develop applications, the hybrid and multi-cloud environments in which they run, as well as the application themselves.
  • A more connected Zero Trust architecture: The learnings highlighted above led us to refine our Zero Trust architecture to more emphasize the critical importance of capturing telemetry from across the environment to inform policy decisions, provide better threat intelligence, measure the user experience, and more. The updated architecture showcases the importance of integrating policy enforcement and automation, threat intelligence, and threat protection across security pillars.

This document showcases the incredible evolution and acceleration in the adoption of Zero Trust security strategies. Just a few years ago, Zero Trust was merely a new buzzword for many organizations. Today, 76 percent of large organizations have adopted a Zero Trust approach. We hope that the lessons, trends, and positions we shared in this document are helpful in the planning and application of your own Zero Trust strategy.

The insights and actionable learnings in this document have been provided by a diverse group of customers, partners, and security-focused individuals working across applications, data, endpoint management, identity, infrastructure, networking, threat protection, and our own internal security organization. I’d like to thank our customers and partners for their expertise and insights, as well as my colleagues for their contributions to this whitepaper, architecture, and maturity model guidance.

Learn More

Get the complete  Zero Trust whitepaper for key insights, Zero Trust architecture, and a maturity model to help accelerate your adoption.

For a repository of technical resources to help accelerate the deployment and integration of Zero Trust across all security pillars, visit the Zero Trust Guidance Center.

Use the Zero Trust Assessment tool to evaluate your Zero Trust security posture, maturity, and receive practical recommendations to help reach key milestones.

Read the 2021 Microsoft Digital Defense Report (MDDR) for in-depth findings about Microsoft’s tracking of nation-state threat groups, specific threat actors, attack methods, and more.

To learn more about Zero Trust, visit Microsoft Security’s Zero Trust website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 


1Microsoft Digital Defense Report shares new insights on nation-state attacks, John Lambert, Microsoft. 25 October 2021.

The post Evolving Zero Trust—Lessons learned and emerging trends appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags:

New insights on cybersecurity in the age of hybrid work

October 27th, 2021 No comments

As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the move toward a hybrid workplace, with 31 percent of those surveyed already fully adopted. As the public and private sectors continue to enable hybrid work, the attack surface for cyber threats has expanded, and threat actors have been quick to exploit any vulnerabilities. In response, organizations have enforced various security controls to revamp their security postures. For example, the number of Microsoft Azure Active Directory (Azure AD) Conditional Access policies deployed has more than doubled over the last year.

Timeline showing the transition from Global pre-Covid onsite work for Microsoft employees beginning at around 100,000 employees entering Microsoft buildings in January 2020 and falling to around 30,000 employees by August of 2021.

Figure 1: Rate of onsite versus remote work at Microsoft (Jan 2020 to Aug 2021).

Organizations that don’t maintain basic security hygiene practices in the new workplace—applying updates, turning on multifactor authentication (MFA)—are placing their data, reputation, and employees’ privacy at much greater risk. On October 7, 2021, we published the 2021 Microsoft Digital Defense Report (MDDR) with input from thousands of security experts spanning 77 countries. In the report, we examine the current state of hybrid work and recent trends in cybercrime. You’ll also get actionable insights for strengthening defenses across your entire organization.

Hybrid work requires a Zero Trust strategy

Along with basic security hygiene, adopting a Zero Trust security strategy protects your digital estate by applying a “never trust, always verify” approach. The prevalence of cloud-based services, IoT, and the use of personal devices (also known as bring your own device or BYOD) in hybrid work environments has changed the landscape for today’s enterprise. Unfortunately, security architectures that rely on network firewalls and virtual private networks (VPNs) to isolate and restrict access to resources won’t cut it for a workforce that operates beyond traditional network boundaries.

There is no one-size-fits-all approach to Zero Trust implementation, and that’s a good thing. It means you’re free to start anywhere. Organizations of all sizes begin in different areas, based on their immediate needs and available resources. Most organizations approach Zero Trust as an end-to-end strategy that can be completed over time.

Graph showing Zero Trust implementation across areas of Identity, Endpoints, Apps, Network, Infrastructure, Data, and Automation & Orchestration.

Figure 2: Zero Trust implementation areas (from the Microsoft Security Zero Trust Adoption Report).

6 pillars for securing your hybrid workforce

Zero Trust controls and technologies are deployed across six technology pillars. Each pillar in a control plane is interconnected by automated enforcement of security policy, correlation of signal and security automation, and orchestration:

1. Identities

Identities can represent people, services, or IoT devices. As companies adapt for a hybrid workforce, we’ve seen more than a 220 percent increase in strong authentication usage (like MFA) in the last 18 months. Still, in Azure AD for the calendar year to date, we’re observing 61 million password attacks daily. Strong authentication can protect against 99.9 percent of identity attacks, but even better is passwordless authentication, which can provide the most usable and secure authentication experience. Legacy protocols, such as IMAP, SMTP, POP, and MAPI, are another major source of compromise. These older protocols do not support MFA; for that reason, 99 percent of password spray and 97 percent of credential-stuffing attacks exploit legacy authentication.

2. Endpoints

Once an identity has been granted access, data can flow to different endpoints—from IoT devices to smartphones, BYOD to partner-managed devices, on-premises workloads to cloud-hosted servers—creating a massive attack surface. With the Zero Trust model, enterprises can reduce provisioning costs and avoid additional hardware purchases for work-from-home use. For example, an administrator can grant access only to verified and compliant devices while blocking access from a personal device that’s been rooted or jailbroken (modified to remove manufacturer or operator restrictions) to ensure that enterprise applications aren’t exposed to known vulnerabilities.

3. Applications

Modernized applications and services require users to be authenticated prior to having access. However, thousands of applications and services still remain heavily reliant on network firewalls and VPNs to restrict access. These traditional architectures built for legacy applications were designed for lateral connectivity (CorpNet) rather than micro-segmentation. They violate the fundamental Zero Trust principle of “least-privilege access” and are more vulnerable to lateral movement across the network by an adversary. To modernize your applications, deploy one of these three solutions:

4. Network

Microsoft Azure Firewall blocks millions of attempted exploits daily. Our signals show that attackers most commonly used malware, phishing, web applications, and mobile malware in their attempts at network attacks during July 2021. Also in July, there was a significant uptick in the use of coin miners, a type of malware that uses the network to mine cryptocurrency. Protocols leveraged most often in attacks were HTTP, TCP, and DNS, since these are open to the internet. A Zero Trust approach assumes your network is always under attack; therefore, you need to be prepared with a segmented layout that minimizes the blast radius.

Graph showing the top 10 network threats with malware attacks accounting for 40 percent of threats as of July 2021.

Figure 3: Top 10 network threats (July 2021).

Distributed denial of service (DDoS) attacks on internet-facing endpoints ramped up significantly this year. Compared to the latter part of 2020, the average daily number of attack mitigations in the first half of 2021 increased by 25 percent while the average attack bandwidth per public IP increased by 30 percent. Microsoft Azure DDoS Protection mitigated 1,200 to 1,400 unique DDoS attacks every day in the first half of 2021. Europe, Asia, and the United States remain the most attacked regions because of the concentration of financial services and gaming industries in those regions. Over 96 percent of the attacks were of short duration—less than four hours. To get our latest research on DDoS attacks, download the 2021 MDDR.

Circle graph showing Distributed Denial of Service Acts with the United states accounting for 56 percent of attacks.

Figure 4: DDoS attack destination regions.

5. Infrastructure

Infrastructure—whether on-premises, cloud-based, virtual machines (VMs), containers, or micro-services—represents a critical threat vector. As the move to the cloud enables a more secure hybrid workforce, organizations are also increasing their dependency on cloud storage, requiring effective threat protection, mitigation strategies, and tools to manage access. Azure Defender treats data-centric services, such as cloud storage accounts and big data analytics platforms, as part of the security perimeter and provides prioritization and mitigation of threats. We’ve produced a threat matrix for storage to help organizations identify gaps in their defenses, with the expectation that the matrix will evolve as more threats are discovered and cloud infrastructures constantly progress toward securing their services.

6. Data

With the rise of hybrid work, it’s especially important that data remain protected even if it leaves the devices, apps, infrastructure, and networks your organization controls. While classification, labeling, encryption, and data loss prevention remain core data security components, organizations that effectively manage the lifecycle and flow of their sensitive data as part of their business operations make it much easier for data security and compliance teams to reduce exposure and manage risk. Reducing that risk means reevaluating how your organization conducts business with sensitive data to ensure its proper storage, access, flow, and lifecycle.

Picture advising the audience to know, govern, protect and control your data to reduce sensitive data risks.

Figure 5. The cumulative impact of unified data governance and security on sensitive data risk.

Actionable insights

As we adapt to a hybrid work world, Microsoft is aware of cybersecurity paradigm shifts that will support the evolution of work in a way that centers on the inclusivity of people and data.

Practice digital empathy

By applying empathy to digital solutions, we can make them more inclusive toward people with diverse perspectives and varied abilities. Factoring in digital empathy leads to the inclusion of security professionals with a broader range of abilities, skill sets, and perspectives—increasing the effectiveness of cybersecurity solutions. It also means developing technology that can forgive mistakes. Whether as an organization or an individual, our ability to be empathetic will help us to adapt during this time of constant change.

Don’t wait to start your Zero Trust journey

As we look past the pandemic to a time when workforces and budgets finally rebound, Zero Trust will become the biggest area of investment for cybersecurity. This means that right now, every one of us is on a Zero Trust journey—whether we know it or not. As shown in Figure 2, it doesn’t matter whether you start in endpoints, applications, or infrastructure, all that matters is that you get started now. Something as simple as enabling MFA (free with Microsoft Security solutions) can prevent 99 percent of credential theft.  To see where you are at in your Zero Trust journey, take the Zero Trust Assessment.

Diversity of data sources matters

Microsoft processes over 24 trillion daily security signals across a diverse set of endpoints, products, services, and feeds from around the globe. We were able to identify and block new COVID-19-themed threats—sometimes in a fraction of a second—before they reached customers. Our rich diversity of data allowed Microsoft cyber defenders to understand COVID-19-themed attacks in a broader context—determining that attackers were primarily adding new pandemic-themed lures to familiar malware. This is just one example of how the diversity of data and the power of the cloud deliver a clear advantage in combating threats.

Cyber resilience equals business resilience

The latest cyberattacks are deliberately targeting core business systems to maximize destructive impact and increase the likelihood of a ransomware payout. Knowing this, it’s imperative that a comprehensive approach to operational resilience includes cyber-resilience. At Microsoft, our strategy focuses on four basic threat scenarios: events we can plan for, such as extreme weather; unforeseen natural events, such as earthquakes; legal events, such as cyberattacks; and deadly pandemics, such as COVID-19. Cloud technology, due to its scalability and agility, helps organizations develop a comprehensive cyber-resilience strategy and makes preparing for contingencies less complicated.

Focus on integrated security

Recent attacks by nation-state actors against Microsoft Exchange, Colonial Pipeline, and JBS USA brought into stark reality the agility and callousness of our adversaries. To uncover shifting attack techniques and stop them before they do serious damage, organizations need to have complete visibility across their own applications, endpoints, network, and users. To do this, while simplifying and reducing costs, businesses can adopt the security capabilities built into the cloud and productivity platforms they’re already using. Security tools that are fully integrated help improve efficacy and provide the end-to-end visibility today’s organization needs.

While digital acceleration will continue to drive these paradigm shifts, one thing remains the same: security technology is about improving productivity and collaboration through secure and inclusive user experiences. By practicing security for all, Microsoft is committed to making cybersecurity empowering for your organization every day.

Learn more

Hybrid work is the new normal, and organizations need the latest data on how to defend themselves in a constantly evolving threat landscape. To get 100 plus pages of insights gathered across more than 23 billion daily security signals across the Microsoft cloud, endpoints, and intelligent edge, download the 2021 Microsoft Digital Defense Report. Also, see our past blog posts providing information for each themed week of Cybersecurity Awareness Month 2021. Read our latest posts:

Be sure to visit our  Cybersecurity Awareness Month page for more resources and information on protecting your organization year-round. Do your part. #BeCyberSmart

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post New insights on cybersecurity in the age of hybrid work appeared first on Microsoft Security Blog.

Categories: cybersecurity, NCSAM, Zero Trust Tags:

How Microsoft is partnering with vendors to provide Zero Trust solutions

October 21st, 2021 No comments

As workplaces around the world embrace hybrid work, Zero Trust provides the guiding strategy that keeps companies secure. However, no two organizations are alike. The Zero Trust journey will look unique for every organization that implements it. This means we must work together to create solutions that support the varied workplaces that exist today.

At Microsoft, our mission is to create an amazing Zero Trust platform that protects our customers no matter what solutions they use. We realize that our customers use products that work well for them, and so we strive to meet them where they are. Our solutions are from Microsoft, but not just for Microsoft.

To this end, we have established integrations with a wide variety of service providers and applications to support varied solutions and environments. For example, in addition to Microsoft apps, Microsoft Azure Active Directory (Azure AD) supports third-party and on-premises apps which are incredibly impactful for our customers. Our recent analysis of the usage of the Azure AD app gallery showed that some of the fastest-growing applications are security tools like Citrix ADC, Palo Alto Networks Prisma Access, and Zscaler Private Access, which help employees securely access any application regardless of location. These integrations have been key for our customers as they secure remote access to applications and resources from anywhere.

Additionally, Azure Sentinel has added many built-in data connectors with leading security providers so our customers can easily deploy these solutions. Once Microsoft engineering teams validate these integrations, we feature these third-party solutions as part of the Microsoft Intelligent Security Association (MISA), which now includes over 175 independent software vendor (ISV) members and 250 integrations. Our joint integrations offer security solutions that meet the full breadth of our customers’ needs.

Descriptive graphic showing the three levels of MISA membership, noting more than 175 ISV members, more than 250 app integrations, and more than 250 offers in Azure Marketplace.

We’re also approaching partners and providing integration guidance to take the lead in solving our customers’ problems. Our goal is to be transparent and helpful so that partners know how they can integrate with us to extend their own solutions. That’s why we recently published Zero Trust partner integration guidance, which covers a wide range of integration opportunities with Microsoft products that support Zero Trust for our customers. We recognize that security is a team sport. These integrations will help our customers maximize their Microsoft investments as well as the investments they’ve already made in existing solutions.

Microsoft is proud to recognize a diverse slate of global companies with cybersecurity solutions that enhance support for our customers as they move towards an end-to-end Zero Trust security posture. The infographic below illustrates the range of additive offers for each of the core pillars of Zero Trust, supporting integrations across a wide variety of products and partners.

Logos of participating vendors who contribute to a Zero Trust approach as part of the MISA program. The list includes: vendors Yubico, SailPoint, Thales and Imprivata for Identity solutions; Jamf, MobileIron, IBM, Lookout and Pradeo for Endpoints; Adobe, Secude, Box and Netskope for Data; HasiCorp; Check Point; Akamai and NGINX for Apps; Baracuda, Qualys, Imperva and Tenable for Infrastructure; and Zscaler, Citrix, F5, and NetFoundry as Network vendors.

These integrated solutions provide real value for our customers. For example, when all its employees transitioned to work from home, Johnson Controls’ VPN solution for remote employee access was overwhelmed. To address this, they deployed an integration between Azure AD and Zscaler Private Access to strengthen their Zero Trust posture and improve employee experience. Dimitar Zlatarev, a Senior Manager on the Identity and Access Management (IAM) Team at Johnson Controls, explained that deploying the integration was simple, with 50,000 employees onboarded by the third week. It improved their security posture and “When employees learned how convenient it was, they asked to be enabled.”

Learn more

We have resources for you to get started finding a solution and to see the kinds of integrations we support. Our security partners page includes links for finding security solution provides and ISVs, as well as how to become a partner. In addition, our Zero Trust integration guidance explains how ISVs can integrate with Microsoft to create Zero Trust solutions. With these integrations, we provide solutions for the broad diversity of our customers.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post How Microsoft is partnering with vendors to provide Zero Trust solutions appeared first on Microsoft Security Blog.

Categories: cybersecurity, Zero Trust Tags: