Archive

Archive for the ‘Microsoft Intelligent Security Association (MISA)’ Category

Combat attacks with security solutions from Trustwave and Microsoft

September 9th, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog seriesLearn more about MISA.

In 2021, cyberattacks and instances of ransomware demands against companies, agencies, and institutions have dominated the headlines. These kinds of attacks are on the rise and often have long-reaching impacts that can spill over across supply chains. In just the first half of the year, there have been several high-profile cyberattacks in the United States including Colonial Pipeline1, JBS (the world’s largest meat supplier)2, the Washington, D.C. Police Department3, and the MTA of New York City4, to name a few.

The SolarWinds cybersecurity breach5 opened US government networks and private companies’ security systems around the world to threat actors in late 2020. This breach allowed access to confidential government data and intel before being discovered. The innovative bad actors attached their malware to a software update from SolarWinds’ Orion software in March through June of 2019, which led to tens of thousands of customers’ security being compromised. SolarWinds serves as an unfortunate example of how organizations around the world operate under the perpetual threat of becoming a target of a cyberattack or the victim of a cybercrime, even from a trusted partner.

Some believe the escalation in attacks and data breaches in the past year likely originated with new remote working environments, which exponentially increased the number of endpoints that required protection putting strain on already over-extended IT resources6.

Take a proactive approach to your security

To identify, contain, and eradicate these relentless threats properly, security operations must include effective platforms, processes, and people. With attacks on the rise and bad actors only becoming more sophisticated, security that meets the minimum is no longer effective, and organizations need to consider a more proactive approach. Microsoft Defender for Endpoint is a holistic, cloud-delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavior-based next-generation protection, rich APIs, and unified security management.

Microsoft security solutions have native capability designed to work cohesively to provide integrated threat detection and response capabilities, but technology alone is not enough. The benefits derived from leveraging best-in-breed tools can mean the difference in capturing a threat or letting it linger, unnoticed in your environment indefinitely. Partnering with a Managed Detection and Response (MDR) team/Managed Security Services Provider (MSSP) who is a trusted Microsoft technology partner can help you operationalize these transformations and derive the most value from your existing technology investments.

Trustwave removes the complexity and burden of threat detection and response with an entire portfolio of cybersecurity solutions that work with existing Microsoft investments to fight cybercrime, protect data, and reduce risk. Knowing what to look for in your security partners is crucial, especially among the noise of an industry saturated with providers claiming to be the “best.” Search for partners that can offer:

  • All-day monitoring/notification, incident response, and remediation.
  • Data forensics and investigation response (DFIR).
  • Proactive, human-led threat hunting.

With organizations facing overwhelmed security teams and resource limitations, finding the time and staff to properly protect their environments—on-premises, in the cloud, or a hybrid of both—is a constant challenge. Implementing proactive endpoint detection and response (EDR) and MDR solutions can relieve your teams, prevent breaches, and appease your stakeholders. For real examples of how effective the EDR plus MDR combination can be when aligned to create a layered security posture, view Trustwave’s case study on the GoldenSpy malware or view their industry accolades showcasing the industry expertise their teams have worked to earn for the safety of organizations like yours.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 


1Colonial Pipeline Attack Spotlights the Importance of Ransomware Preparedness, Trustwave, 11 May 2021.

2JBS: Cyber-attack hits world’s largest meat supplier, BBC News, 02 June 2021.

3D.C. Police Department Data Is Leaked in a Cyberattack, The New York Times, 27 April 2021.

4MTA breached by hackers with reported ties to China, Kevin Duggan, MSN, 03 June 2021.

5A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack, Dina Temple-Raston, Monika Evstatieva, NPR, 16 April 2021.

6How Your Security Testing Mindset Should Change After COVID-19, Mark Whitehead, Trustwave, 04 May 2021.

The post Combat attacks with security solutions from Trustwave and Microsoft appeared first on Microsoft Security Blog.

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365

September 1st, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog seriesLearn more about MISA.

Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for years, but their breadth and sophistication today pose a formidable threat. According to the FBI, fraudulent emails sent under the guise of their own domains cost companies over $13 billion between 2016 and 2020.1

Microsoft has industry-leading solutions for protecting customers from such attacks. Recently, Microsoft was named a leader in the 2021 Enterprise Email Security Wave2, with Microsoft Defender for Office 365 receiving the highest possible scores in categories like incident response, threat intelligence, endpoint detection and response (EDR) integration, product strategy, and customer success. This acknowledgment is the latest testament to Microsoft’s continued innovation as a best-of-breed solution for email and collaboration security.

Valimail joined the Microsoft Intelligence Security Association3 (MISA) to transform Domain-based Message Authentication, Reporting, and Conformance (DMARC), one of the most reliable—yet often incredibly complex—ways to successfully strengthen email security. Valimail Authenticate, the first true DMARC-as-a-service offering, gives Microsoft Office 365 users free visibility into every service sending emails under their domains, plus additional tools to achieve DMARC enforcement faster than with any other solution.

Instead of struggling to set up DMARC or hiring expensive consultants to reach enforcement, Microsoft customers can use Valimail Authenticate to automate the process of DMARC enforcement using simple, guided workflows.

The combined power and deep integration of these two technologies is in the results: Microsoft users, such as the MLB, Uber, Citgo, Nestle, and the Department of Transportation currently reduce email fraud, increase deliverability across every domain, and protect their brands’ reputations.

DMARC-as-a-service: A new approach to email security

For those who have only heard of DMARC in passing or not at all, it might sound like just another enterprise email acronym. However, DMARC enforcement has already proven to be a valuable protector of enterprise email. According to Gartner®, DMARC is one of the top 1o security projects4, based on Gartner forecasts and adjusted for the impact of COVID-19. The problem with most approaches to DMARC, however, has been in the tenuous implementation.

Here is some quick context on what DMARC is, and how many cycles IT has had to spend working with it in the past. At its most simple definition, DMARC is a way to tell other email servers that messages coming from your domains are legitimate. Typically, IT would insert a line of code in a text record under DNS settings for each domain, which triggers recipient servers to send a report of every IP address claiming to be valid senders from your organization.

v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email

Someone would then need to read through sender lists in XML, confirm that each IP address is connected to an approved service, set up DomainKeys Identified Mail (DKIM) and Send Policy Framework (SPF) individually for each, and check back regularly to see if new suspicious senders have appeared.

This process can be tedious. That’s why many companies are genuinely concerned about email fraud and deliverability never finish the DMARC projects they start. Last year alone 53,000 companies added a DMARC record, with only 10 percent successfully getting themselves to enforcement. Valimail Authenticate removes the significant manual upkeep from email security workflows, making the whole process seamless for Microsoft Office 365 users. Microsoft Office 365 users can get free visibility into their environment and turn on Valimail Authenticate with a single click.

How Microsoft Office 365 and Valimail Authenticate work together

Microsoft launched Office 365 to drive an industry-wide shift toward cloud-based services and API-driven integrations. As cloud became the norm for even the most security-conscious enterprises, companies authorized more and more vendors to send an email on their behalfs—such as Salesforce, Marketo, Splunk, Workday, DocuSign, Twilio SendGrid, and more.

Valimail built Authenticate to address this new, cloud-connected landscape. By automating the identification of email senders and the subsequent policy-setting needed to keep domains protected, Valimail Authenticate offers users a modern, efficient path to DMARC enforcement. Native integration to Microsoft Office 365 ensures Microsoft customers don’t have to worry about configurations, manually identifying senders, or pulling in extra resources to get DMARC done right.

Here’s how Microsoft Office 365 customers can get started with Authenticate and reach DMARC enforcement in just a few minutes:

Image demonstrating process to start utilizing Valimail Authenticate.

Figure 1. Microsoft users can get started with one click. Authenticate configures DNS settings for DKIM and SPF automatically behind the scenes.

You’ll then run through a few steps that help Authenticate enforce your DMARC policy. First, Authenticate will automatically match all your known email senders with its existing catalog—you won’t see IP addresses, you’ll see the names of services you know.

Image demonstrating visibility of services sending email under your domain.

Figure 2. Get free visibility into the services sending email under your domain.

For unrecognizable or possibly fraudulent services, quickly mark them to be blocked or quarantined. You’ll be notified if any new ones are found later, so you’ll never wonder if you’ve caught everything.

Image demonstrating intuitive workflow of Valimail Authenticate’s tasks.

Figure 3. Guided task lists make Authenticate easy for anyone to use; work through each task to authenticate domain services in a simple, intuitive workflow.

Authenticate will ensure your SPF and DKIM records stay up to date. If you ever need to check the logs or do a technical deep-dive, you can access detailed information on your DMARC settings whenever you wish.

Image demonstrating Valimail Authenticate’s ability to display activity in every domain and service at every stage of the process.

Figure 4. Authenticate shows you what’s happening for every domain and service at every stage of the process.

Together, Microsoft’s unparalleled protection through Microsoft 365, coupled with Valimail Authenticate, makes protecting your domain globally as easy as 1, 2, 3. It starts with Microsoft 365 users getting free visibility into DMARC enforcement, plus a free trial of all the features of Valimail Authenticate. Get started today.

About Valimail

Valimail is the global leader in Zero Trust email security. The company’s full line of cloud-native solutions authenticate sender identity to stop phishing, protect brands, and ensure compliance; they are used by organizations ranging from neighborhood shops to some of the world’s largest organizations, including Uber, Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the US Federal Aviation Administration. Valimail is the fastest-growing DMARC solution with the largest global market share and is the premier DMARC partner for Microsoft 365 environments. For more information visit their website.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 


1Internet Crime Report, Internet Crime Complaint Center (IC3), Federal Bureau of Investigation, 2020.

2Forrester names Microsoft a Leader in the 2021 Enterprise Email Security Wave, Rob Lefferts, Microsoft 365 Security, 6 May 2021.

3Valimail Joins Microsoft Intelligent Security Association, Cision, PR Newswire, 25 September 2018.

4Smarter with Gartner, Gartner Top 10 Security Projects for 2020-2021, Kasey Panetta, September 15, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365 appeared first on Microsoft Security Blog.

How to protect your CAD data files with MIP and HALOCAD

July 22nd, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.

Computer-aided design (CAD) files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files contain confidential information and form their core intellectual property (IP).

Loss of such proprietary information to an outsider or a competitor can have disastrous effects leading to a loss in sales, market share, and reduced profit margins. However, such industries often collaborate with other design partners or vendors or they share their design parts with smaller manufacturers. Product blueprints and designs are regularly exchanged, both within and outside the organization’s network boundaries. In such cases, there is a high possibility of a data leak.

Data loss or theft can occur in any one of the following ways:

  1. Every time you send a file to another person, a copy is usually made and stored online. Once the file leaves the organization there is no guarantee that it is safe unless it is adequately protected.
  2. Storing and transferring the file to another system.
  3. A malicious insider may have a copy of the file and the ability to share the information with an outsider, even after leaving the organization.

Microsoft Information Protection works where perimeter security fails

Organizations may use encryption programs, secure file transfer protocol, and other access control methods to prevent data leaks and data theft. However, once these files leave their original repository it is very difficult to keep track of their usage.

To solve this problem, organizations have invested in Microsoft Information Protection (MIP) an intelligent, unified, and extensible solution to protect sensitive data across your enterprise—in Microsoft 365 cloud services, on-premises, third-party software as a service (SaaS) applications, and more. MIP provides a unified set of capabilities to know your data, protect your data, and help prevent data loss across Microsoft 365 apps (such as Word, PowerPoint, Excel, and Outlook) and services (such as Teams, SharePoint, and Exchange).

Microsoft Information Protection capabilities.

When you have already invested in an excellent information protection system, it isn’t a prudent decision to go in for another information protection system. But what can be done to solve the above problem?

MIP and HALOCAD for secured digital collaboration at a global scale

SECUDE has integrated their HALOCAD solution with Microsoft’s MIP SDK which extends the data protection beyond the organization’s IT perimeter. HALOCAD not only integrates as a MIP SDK add-in into the content authoring environment but also works as an add-on into the content repository and implements information protection policies across supported repositories.

HALOCAD solution architectural diagram 1

With over two decades of experience in the data security field, SECUDE has a track record of adding value to the MIP capabilities to SAP environments, especially when exporting sensitive information from SAP environments. HALOCAD helps to seamlessly leverage MIP labeling templates for CAD files and does so simply and cost-effectively. It also applies the label to the content repository where the engineering processes for storing and sharing CAD files are kept.

Let us look at a hypothetical scenario on how data collaboration happens between the engineering team and the external third party vendors and suppliers with HALOCAD and MIP:

HALOCAD solution architectural diagram 2

In the above scenario, the design files move seamlessly across the supply chain with MIP sensitivity labels applied automatically and user privileges as defined by the organization.

Scenario 1 (Designer):

The user is the designer who owns the design files. Based on the user privilege defined, the designer can view, edit, copy, print, and export the files

Scenario 2 (Engineer):

The user is an engineer who consumes the design file shared with them by the engineering team. The engineer can view and edit the files. They can make modifications to the original file and share it. They do not have the privilege to copy, print, export, and use the snipping tool to make a copy.

Scenario 3 (Partner who has SECUDE solution):

In a typical manufacturing environment, the CAD drawings are shared with a lot of third-party partners and vendors across the supply chain for day-to-day operations. In this scenario, the partner who has purchased the SECUDE solution can only view the CAD files per the set privilege enforcement.

Scenario 4 (Unauthorized user):

If an unauthorized user outside of the organization tries to open the CAD drawings, the files are encrypted, and he will not be able to open the file.

Benefits of SECUDE’s HALOCAD

  1. HALOCAD extends the security templates provided by MIP to sensitive CAD files throughout the design lifecycle.
  2. HALOCAD applies sensitivity labels automatically during the check-out process without user engagement.
  3. HALOCAD preserves the extension of the file, allowing users to not see the difference and the workflow is not disrupted.
  4. An unauthorized user using an AutoCAD application without the HALOCAD extension tries to open a document, they will not be able to open the file through the extension is *.dwg.
  5. HALOCAD currently supports the following CAD applications:
    • Autodesk Inventor and AutoCAD
    • PTC Creo
    • Siemens NX and Solid Edge
  1. HALOCAD also supports the following PLM applications:
    • PTC Windchill
    • Siemens Teamcenter
    • SAP PLM/ECTR

For more information about the HALOCAD solution, please visit the SECUDE HALOCAD website. You can also find HALOCAD in Azure Marketplace.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Reference

The post How to protect your CAD data files with MIP and HALOCAD appeared first on Microsoft Security Blog.

MISA expands portfolio and looks ahead during Microsoft Inspire

July 14th, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog seriesLearn more about MISA.

Welcome to fiscal year 2022 (FY22) and my first official blog as the MISA Lead. It’s been a whirlwind couple of months getting up to speed with all things MISA—closing out FY21 while continuing to build on the great foundation my predecessor laid out as I strategize where to go from here. More to come on that, but first let’s take a moment to reflect and celebrate what MISA and our members have accomplished over the past year and take a sneak peek into what’s next.

MISA saw fantastic growth in FY21, having grown to more than 246 member companies, including 176 independent software vendors (ISVs) creating 259 integrations. We expanded to include managed security service providers (MSSPs) and now have 67 MSSP members providing 165 managed service offers. We also expanded the MISA product portfolio to include five new compliance products, increasing our footprint across more Microsoft technologies. And we’re excited to be bringing two more products into our portfolio, which we will discuss a little later in this blog. MISA’s growth is proof of the value we bring in helping customers better defend against increasingly sophisticated threats, and it demonstrates the value Microsoft Security sees in our partner community.

Have you seen the new look and feel of Microsoft Security? No? Yes? Well, be on the lookout—you’ll start to notice that MISA branding will be refreshed to align with the new look of Microsoft Security, emphasizing the strength of integrated solutions for a seamless user experience.

Exciting offer for MISA members

If you missed our last MISA office hours, MISA members can view the recording or the presentation available to the public. MISA members can request exam certification vouchers as part of their member benefits. Vouchers are only redeemable for Security, Compliance, and Identity (SCI) Fundamentals and Advanced Role Based (ARB) exams. MISA members can request vouchers per quarter, totaling four exam requests per Microsoft financial year.

MISA members, please email us for more information. Don’t miss the first quarter request deadline on July 20, 2021.

Bulletproof wins Microsoft Security Partner of the Year Award 2021

We are thrilled to announce that MISA member Bulletproof has been selected as the 2021 Security Partner of the Year. The Security Partner of the Year Award (POTYA) recognizes a partner who is doing an exceptional job of providing customers with end-to-end security solutions (versus one-point solutions) based on Microsoft Security, Compliance, and Identity capabilities in Microsoft 365 and Microsoft Azure Security. With only one Security category for Partner of the Year, Bulletproof rose to the top among a field of more than 160 entries.

Headquartered in Canada, Bulletproof is an award-winning Gold Microsoft Partner with 12 Gold competencies and was recently inducted to MISA. Additionally, Bulletproof has achieved Microsoft’s Advanced Specialization in Threat Protection. The company has offices across Canada, the US, Europe, the Middle East, and Africa (EMEA) with users on six continents who trust Bulletproof to secure their identities, networks, data, and devices.

Bulletproof does an exceptional job of fostering trust in a Zero Trust world by providing customers with end-to-end solutions based on Microsoft security and compliance capabilities in Microsoft 365 and Microsoft Azure. Their family of managed services includes Bulletproof 365 Enterprise (B365E), which combines Microsoft 365 Security, the strength of Azure Security, and Bulletproof’s security pedigree to provide a Zero Trust framework with two levels of all-day monitored security vigilance—proactive protection that stops threats before they happen and responsive security that automatically contains threats when they occur.

B365E enables customers to modernize and improve their security posture with cost-effective, seamless, and intelligent managed security and automated threat containment that doesn’t slow productivity. Bulletproof 365 Workplace integrates the power of Microsoft 365 cloud productivity solutions—wrapped with advanced cloud app security, unmatched employee education, and all-day IT support. The company’s latest addition, Bulletproof 365 Compliance, adds a managed information protection service to the company’s offerings.

A key differentiator for Bulletproof is their Microsoft SWAT Team, experts who meet with customers to directly handle questions about the technical details of proposed products and offerings, accelerating each customer’s journey to improved security. Tight alignment with Microsoft recently helped Bulletproof on a competitive win with a global real estate company looking for a best-of-breed solution.

“We’re still pinching ourselves to be perfectly honest,” said Chris Johnston, Bulletproof CEO. “Being recognized with the Security 2021 Microsoft Partner of the Year Award at the global level is an incredible honor that truly validates the significant impact Bulletproof’s end-to-end security solutions are having in driving value (and peace of mind) for Microsoft customers. Thank you, Microsoft, for your ongoing collaboration, inspiration and support, and this exciting and entirely humbling recognition. And to all the 2021 award winners, finalists, and partners at large who enabled and supported customers through the accelerated digital transformation we have seen this past year, we applaud you.”

Listen to the conversation with Chris Johnston, CEO of Bulletproof, and Phil Montgomery the new General Manager, Microsoft Security GTM.

Expanding the MISA product portfolio

We’re excited to share that we’ll be extending Azure Defender for IoT to include our managed security service providers (MSSPs). We’re also welcoming MSSPs supporting Microsoft Defender for Office 365.

Azure Defender for IoT to include MSSPs

Azure Defender for IoT provides agentless asset discovery, vulnerability management, and threat monitoring for IoT and Operation Technology (OT) environments, with flexible deployment options including fully on-premises, cloud-connected, or hybrid. It is tightly integrated with Azure Sentinel and supports third-party security operation center (SOC) tools including Splunk, IBM QRadar, and ServiceNow.

“Operational Technology is integral to many sectors and critical to those that support public services. By leveraging Defender for IoT and integrating it into the Microsoft Security ecosystem, we’re able to provide threat detection across the IT and OT boundaries without interrupting production systems. Bringing OT into the SOC allows work with our customers to protect their existing OT environments and help them embrace the cloud transformation, knowing that the services are secure and managed end-to-end. We are happy that Azure Defender for IoT has been extended to MSSPs in MISA, so we can gain product insights to extend solution capabilities of our managed services.”—Martin Riley, Director, Managed Security Services, Bridewell Consulting

Microsoft Defender for Office 365 to include MSSPs

Microsoft Defender for Office 365 provides integrated threat protection for all of Office 365, helping protect customers and their email and collaboration tools against advanced threats like business email compromise and credential phishing. MSSPs’ managed services for Microsoft Defender for Office 365 are now supported in MISA, streamlining the involvement of in-house security teams.

“Limited resources and rapidly evolving threats can create operational gaps for our clients. Optiv managed services provide outcome-based services across the security capabilities built into Microsoft 365 to protect vulnerable attack vectors. Incorporating Microsoft Defender for Office 365 in our solutions helps protect against email compromise, credential phishing, and more, so we can protect our clients’ businesses. We are pleased that Defender for Office 365 has joined the MISA family and look forward to increased visibility and co-marketing opportunities for our managed services.”—Justin Staffel, Director, Microsoft Alliance, Optiv Security, Inc.

Security, compliance, and identity at Microsoft Inspire

Microsoft Inspire kicks off today, and the security team will be there in full force. This year’s event will deliver a cross-cloud narrative embracing five themes:

  1. Microsoft cloud enables digital transformation across industries.
  2. Drive business growth with the most partner-focused business platform.
  3. Evolving Microsoft cloud for a new world of work.
  4. Innovate from cloud to edge on your terms.
  5. Build a foundation of trust and security.

Security, compliance, identity, and management will be a key focal point of the event highlighted in the “Build on a foundation of trust and security” theme. Throughout the two-day event, we’ll demonstrate how our partners can grow their business by offering comprehensive solutions and earn customers’ trust by partnering with the leading security company.

Security, compliance, identity, and management sessions:

  • One theme session.
  • Four breakout sessions airing separately in both US and EMEA time zones.
  • Eight “Ask the Experts” sessions are accompanied by a corresponding live Q&A session to be delivered immediately following.
  • Three on-demand sessions: Each will become available July 14, 2021, at 10 AM following the delivery of the Day one keynote and can be watched at any time during or after the event.

Check out Corporate Vice President (CVP) Vasu Jakkal’s security, compliance, and identity blog to find out more.

Be sure to visit the Microsoft Inspire website and bookmark the following sessions:

 

Session ID Session Title Speaker
TS03-R1
Session 1   Session 2
Build on a foundation of trust and security Vasu JakkalCVP, Security, Compliance, and Identity
Rodney ClarkeCVP, Global Channel Sales
Lucas JoppaChief Environmental Officer
Jenny Lay-FlurrieChief Accessibility Officer
BRK121
Session 1   Session 2
Modernize security and defend against threats Scott WoodgateSr. Director, Product Marketing
BRK123
Session 1   Session 2
Accelerate customer transformation with cloud security solutions from Microsoft  Adwait (AJ) JoshiDirector, Product Marketing
BRK124    Session 1   Session 2 Build your business by managing risk and securing customer information Alym RayaniGM SCI Compliance
BRK122
Session 1   Session 2
Identity and endpoint management—a strong foundation for Zero Trust and profitability Irina NechaevaSr. Director, Product Marketing
Gideon BibliowiczDirector of Product Marketing
OD122 Build a business around helping customers drive towards a Zero Trust framework Cedric DepaepeSecurity Architect/Partner Marketing Manager
OD121 Building a business around providing modern security operating center services to customers Mandana JavaheriGlobal Director, SCI Business Development
Mayank KapurSr. Partner Marketing Manager
OD123 Going to market with Microsoft. Learn how to maximize Microsoft’s channel investments this coming year Nomi NazeerSr. Partner Marketing Manager
ATEBRK121-R1 Ask the Experts: Modernize security and defend against threats (R1) Carissa BroadbentProduct Marketing Manager
Jeff ChinIncubation Security Specialist
Cristhofer Romeo MuñozProgram Manager
ATEBRK121   Ask the Experts: Modernize security and defend against threats Zvi Ben ShefferPrincipal PM Manager
Scott WoodgateSr. Director Product Marketing
Nomi NazeerSr. Partner Marketing Manager
ATEBRK123-R1 Ask the Experts: Accelerate customer transformation with cloud security solutions from Microsoft (R1) Albert ChewSr. Product Marketing Manager
Tom JanetscheckSr. Program Manager, Azure Security Center CxE
Adam JungSr. Product Marketing Manager
Nomi NazeerSr. Partner Marketing Manager
John LewisProgram Manager
ATEBRK123   Ask the Experts: Accelerate customer transformation with cloud security solutions from Microsoft Nathalia BittarSr. Product Marketing Manager Yuri DiogenesPrincipal Program Manager Adwait (AJ) JoshiDirector, Product Marketing
Caroline LeeProgram Manager
John LewisProgram Manager
ATEBRK124-R1 Ask the Experts: Build your business by managing risk and securing customer information
Jim BanachArchitect
Shilpa BothraProduct Marketing Manager
Raman KalyanDirector, Product Marketing
Jenny LiProgram Manager
Nomi NazeerSr. Partner Marketing Manager
Eric OuelletSr. Product Marketing Manager
François Van HemertCompliance Architect/Partner
ATEBRK124  Ask the Experts: Build your business by managing risk and securing customer information Shilpa BothraProduct Marketing Manager
Raman KalyanDirector, Product Marketing
Jenny LiProgram Manager
Nomi NazeerSr. Partner Marketing Manager
Eric OuelletSr. Product Marketing Manager
ATEBRK122 Ask the Experts: Identity and endpoint management—a strong foundation for Zero Trust and profitability  Gideon BibliowiczDirector of Product
Cedric DepaepeSecurity Architect/Partner
Adam HarbourProduct marketing Manager
Irina NechaevaSr. Director, Product Marketing
Patrick PayetteSr. Partner Marketing Manager
ATEBRK122-R1 Ask the Experts: Identity and endpoint management—a strong foundation for Zero Trust and profitability (R1) Harish AitharajuPrincipal Program Manager
Cedric DepaepeSecurity Architect/Partner
Adam HarbourProduct Marketing Manager
Gideon BibliowiczDirector of Product Marketing
Irina NechaevaSr. Director, Product Marketing
Patrick PayetteSr. Partner Marketing Manager

Learn more

To learn more about MISA, watch this two-minute video or visit our website where you can find out more about the MISA program, product integrations, and locate MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post MISA expands portfolio and looks ahead during Microsoft Inspire appeared first on Microsoft Security Blog.

Improve your threat detection and response with Microsoft and Wortell

June 17th, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog seriesLearn more about MISA.

The way of working is changing rapidly. Many workloads are moving to the cloud and the pandemic accelerated organizations to provide infrastructure to aid employees working from anywhere (or mostly from home) at any time and, when possible, from any device (corporate or private). The security team needs to keep up with an increased workload on top of their often already stretched budget, resources, and focus. Working through many alerts from ever-changing situations is challenging: how can they prioritize? And how can they handle them with only a finite number of people?

Keeping up and reviewing these alerts is challenging enough for most security teams let alone investigating and responding to these alerts around the clock. This means that a critical alert can be missed, and incidents can follow soon after disrupting the productivity of a colleague (in a best-case scenario) or disrupting the entire business at great expense (in a worst-case scenario).

Threat actors don’t work standard business hours and often an attack consists of several smaller incidents that can lead up to a major event, such as loss of productivity, data loss with a high cost of recovery, and time lost. To see the bigger picture, you need to make sure you see every piece of the puzzle without creating alert fatigue. This is where Wortell managed services can help.

How Wortell helps reduce alert fatigue

The number of alerts that are generated by an organization depends on multiple factors. These can be the type of organization as well as the number of employees and the complexity of the workloads. If these are not properly triaged, then a lot of time can be spent on false positive alerts that take precious time away from security professionals. In fact, an average of 90 percent of alerts can be resolved automatically, thus reducing the amount of false-positive alerts.

Reducing the number of false-positive alerts is key in effective managed detection and response. Investigating false notifications costs time and money. That is money that your organization could have spent elsewhere. Security, by design, is key in providing cost-effective managed detection and response. By providing the right configuration of tools and workloads, you can reduce the number of alerts. Wortell provides full service from baseline configuration to managed services with their security professionals and Managed Detection and Response (MDR) team.

  1. Baseline configuration: They provide their knowledge and expertise when configuring identity protection as a baseline for security. Then they configure and deploy endpoint security baseline to start detecting.
  2. Automated response: After receiving the first signals from your endpoints they can start setting up automated responses. This is a combination of the experience of Wortell best practices as well as customer-specific use cases.
  3. Managed services: Alerts are monitored and investigated at all times by a dedicated MDR team.

With Wortell MDR services, you as a customer can focus on your main business and they make sure that incidents are stopped before they become a threat.

Wortell provides threat protection with Microsoft Defender and Microsoft Azure Sentinel to collect those individual alerts in a single dashboard. This allows them to get insights across the platform and discover the individual puzzle pieces of an attack before they become a threat.

They provide added value with their Vidara™ platform by providing automation of alerts and triage. The combination of the Microsoft products and the services from Wortell make up their MDR for around-the-clock threat protection.

Managed Detection and Response: The reinvented security operation center

Setting up a security operation center is complex. It requires infrastructure in place and can take up months to get fully deployed. MDR is cloud-native and only takes days to set up instead of months. The benefits don’t stop there. On the detection side, you gain proactive threat hunting and the ability to detect and mitigate zero-day attacks, insider and malware threats where the traditional solution would only have been able to re-actively detect incidents and known vulnerabilities.

This means that the return of investment is result-driven and starts providing value right from the start without a lengthy implementation time and associated costs. The managed part means that you as a customer can pay-per-user and don’t need to make a big investment upfront. Wortell will discuss the key performance indicators and provide you with a service level agreement, and then they are ready to start detecting alerts and keeping your environment safe.

Use case: Crisis averted

To share an example of an anonymous customer scenario, their MDR team detected unusual behavior within the environment of their customer. The behavior alone did not raise any flags, but the combination of alerts showed a different story. A ransomware attack was unfolding and a battle for control started—a worst-case scenario for any organization—that proved a real crisis internally.

“During this crisis, Wortell did not only provide the standard MDR services but also helped us to shape crisis management (such as structuring, setting priorities, take immediate actions based on vigilance). In doing so, they took full responsibility for keeping the environment under control. Wortell is our most crucial security partner. Their around the clock MDR services prevented a ransomware attack last month.”—Anonymous organization in the chemical industry

The security specialists worked closely with the Microsoft DART team and demonstrated excellent performance. Wortell highly appreciates such a partner in their security ecosystem. Because of the early signals and correlations across the different services, the threat was detected before it became a problem and was mitigated before it could enact control over the environment. Crisis averted.

How Wortell works

By defining a solid baseline for security, Wortell can reduce the number of alerts by design. The alerts that are left can largely be automated by defining the right use cases with the customer and providing the insight and experience of the Wortell MDR team. The alerts that are left are triaged by the MDR team and in case of an incident, they provide the customer with the right choices to resolve the incident and mitigate the risk.

By mapping the MITRE ATT&CK Framework to their use cases, they can detect indicators of compromise before they become a threat or automatically isolate those threats for remediation. This allows all their customers to benefit from any new use cases that are added to their platform from day one.

Their security analyst team in the Nederlands then provides around-the-clock coverage with eyes on the screen to provide response on incidents in real-time. The combination of automation, standardization, and the human factor allows for the management of multiple organizations at once and providing scalable and affordable MDR for their customers.

Architectural diagram of Wortell’s Managed Detection and Response for two anonymous customers.

Figure 1: Architectural diagram of Wortell’s MDR for two anonymous customers.

Supercharging with the Vidara™ platform

Every action inside of an IT environment can be logged and can be part of an attack. To discover if an action is part of a larger attack, they need to make sure the right alerts are triaged, explored, and when needed, mitigated.

Wortell uses an in-house developed machine learning-driven platform called Vidara™ to extend the detection possibilities of the Microsoft platform. This neural network can detect and respond to the most complex security incidents at high speed.

Key features of Vidara™ include:

  • Organizational tailored threat intelligence.
  • Extending detection by providing a use case library.
  • Automated responses.

Start detecting today

Eager to find out what Wortell can do for you? They provide a no-cure no-pay solution, where the first month of detection and response is free if they cannot add value to your organization. That is how confident they are in their services.

See why Wortell won the MS@WORK award for inclusion in the workplace.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Improve your threat detection and response with Microsoft and Wortell appeared first on Microsoft Security Blog.

Improve your threat detection and response with Microsoft and Wortell

June 17th, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog seriesLearn more about MISA.

The way of working is changing rapidly. Many workloads are moving to the cloud and the pandemic accelerated organizations to provide infrastructure to aid employees working from anywhere (or mostly from home) at any time and, when possible, from any device (corporate or private). The security team needs to keep up with an increased workload on top of their often already stretched budget, resources, and focus. Working through many alerts from ever-changing situations is challenging: how can they prioritize? And how can they handle them with only a finite number of people?

Keeping up and reviewing these alerts is challenging enough for most security teams let alone investigating and responding to these alerts around the clock. This means that a critical alert can be missed, and incidents can follow soon after disrupting the productivity of a colleague (in a best-case scenario) or disrupting the entire business at great expense (in a worst-case scenario).

Threat actors don’t work standard business hours and often an attack consists of several smaller incidents that can lead up to a major event, such as loss of productivity, data loss with a high cost of recovery, and time lost. To see the bigger picture, you need to make sure you see every piece of the puzzle without creating alert fatigue. This is where Wortell managed services can help.

How Wortell helps reduce alert fatigue

The number of alerts that are generated by an organization depends on multiple factors. These can be the type of organization as well as the number of employees and the complexity of the workloads. If these are not properly triaged, then a lot of time can be spent on false positive alerts that take precious time away from security professionals. In fact, an average of 90 percent of alerts can be resolved automatically, thus reducing the amount of false-positive alerts.

Reducing the number of false-positive alerts is key in effective managed detection and response. Investigating false notifications costs time and money. That is money that your organization could have spent elsewhere. Security, by design, is key in providing cost-effective managed detection and response. By providing the right configuration of tools and workloads, you can reduce the number of alerts. Wortell provides full service from baseline configuration to managed services with their security professionals and Managed Detection and Response (MDR) team.

  1. Baseline configuration: They provide their knowledge and expertise when configuring identity protection as a baseline for security. Then they configure and deploy endpoint security baseline to start detecting.
  2. Automated response: After receiving the first signals from your endpoints they can start setting up automated responses. This is a combination of the experience of Wortell best practices as well as customer-specific use cases.
  3. Managed services: Alerts are monitored and investigated at all times by a dedicated MDR team.

With Wortell MDR services, you as a customer can focus on your main business and they make sure that incidents are stopped before they become a threat.

Wortell provides threat protection with Microsoft Defender and Microsoft Azure Sentinel to collect those individual alerts in a single dashboard. This allows them to get insights across the platform and discover the individual puzzle pieces of an attack before they become a threat.

They provide added value with their Vidara™ platform by providing automation of alerts and triage. The combination of the Microsoft products and the services from Wortell make up their MDR for around-the-clock threat protection.

Managed Detection and Response: The reinvented security operation center

Setting up a security operation center is complex. It requires infrastructure in place and can take up months to get fully deployed. MDR is cloud-native and only takes days to set up instead of months. The benefits don’t stop there. On the detection side, you gain proactive threat hunting and the ability to detect and mitigate zero-day attacks, insider and malware threats where the traditional solution would only have been able to re-actively detect incidents and known vulnerabilities.

This means that the return of investment is result-driven and starts providing value right from the start without a lengthy implementation time and associated costs. The managed part means that you as a customer can pay-per-user and don’t need to make a big investment upfront. Wortell will discuss the key performance indicators and provide you with a service level agreement, and then they are ready to start detecting alerts and keeping your environment safe.

Use case: Crisis averted

To share an example of an anonymous customer scenario, their MDR team detected unusual behavior within the environment of their customer. The behavior alone did not raise any flags, but the combination of alerts showed a different story. A ransomware attack was unfolding and a battle for control started—a worst-case scenario for any organization—that proved a real crisis internally.

“During this crisis, Wortell did not only provide the standard MDR services but also helped us to shape crisis management (such as structuring, setting priorities, take immediate actions based on vigilance). In doing so, they took full responsibility for keeping the environment under control. Wortell is our most crucial security partner. Their around the clock MDR services prevented a ransomware attack last month.”—Anonymous organization in the chemical industry

The security specialists worked closely with the Microsoft DART team and demonstrated excellent performance. Wortell highly appreciates such a partner in their security ecosystem. Because of the early signals and correlations across the different services, the threat was detected before it became a problem and was mitigated before it could enact control over the environment. Crisis averted.

How Wortell works

By defining a solid baseline for security, Wortell can reduce the number of alerts by design. The alerts that are left can largely be automated by defining the right use cases with the customer and providing the insight and experience of the Wortell MDR team. The alerts that are left are triaged by the MDR team and in case of an incident, they provide the customer with the right choices to resolve the incident and mitigate the risk.

By mapping the MITRE ATT&CK Framework to their use cases, they can detect indicators of compromise before they become a threat or automatically isolate those threats for remediation. This allows all their customers to benefit from any new use cases that are added to their platform from day one.

Their security analyst team in the Nederlands then provides around-the-clock coverage with eyes on the screen to provide response on incidents in real-time. The combination of automation, standardization, and the human factor allows for the management of multiple organizations at once and providing scalable and affordable MDR for their customers.

Architectural diagram of Wortell’s Managed Detection and Response for two anonymous customers.

Figure 1: Architectural diagram of Wortell’s MDR for two anonymous customers.

Supercharging with the Vidara™ platform

Every action inside of an IT environment can be logged and can be part of an attack. To discover if an action is part of a larger attack, they need to make sure the right alerts are triaged, explored, and when needed, mitigated.

Wortell uses an in-house developed machine learning-driven platform called Vidara™ to extend the detection possibilities of the Microsoft platform. This neural network can detect and respond to the most complex security incidents at high speed.

Key features of Vidara™ include:

  • Organizational tailored threat intelligence.
  • Extending detection by providing a use case library.
  • Automated responses.

Start detecting today

Eager to find out what Wortell can do for you? They provide a no-cure no-pay solution, where the first month of detection and response is free if they cannot add value to your organization. That is how confident they are in their services.

See why Wortell won the MS@WORK award for inclusion in the workplace.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Improve your threat detection and response with Microsoft and Wortell appeared first on Microsoft Security Blog.

odix and Microsoft: Protecting users against malware attacks with free FileWall license

June 2nd, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog seriesLearn more about MISA.

The fight against malware has become the epic battle of our generation, placing businesses of all sizes against a never-ending stream of hackers and zero-day attacks bent on compromising security perimeters. The recent SolarWinds breach¹ illustrates how much is currently at stake.

According to the Verizon 2020 Data Breach Investigations Report2, an estimated 94 percent of malware is delivered via email with 90 percent of malware hidden in common file types such as PDF, Word, Excel, and Zip.

What is Content Disarm and Reconstruction (CDR)?

CDR describes the process of creating a safe copy of an original file by including only the safe elements from the original file. The process offers a detection-less and streamlined solution that is notably different from common  sandbox-based antimalware tools in the market.

On a granular level, CDR focuses on verifying the validity of the file structure on the binary level and disarms both known and unknown threats.

With CDR, most malware forms–including zero-days, which are maliciously embedded in transit files–are sanitized and purged of malicious content. This ensures the end-user can access only malware-free content, while still maintaining maximum file functionality.

odix, an Israel-based cybersecurity company leading the way in content disarm and reconstruction technology, has developed a range of solutions to fully complement and strengthen existing Microsoft security systems. Through the addition of FileWall, a Microsoft certified Cloud Solution Provider (CSP) can easily improve email security within a few clicks.

FileWall’s granular type filter optimizes administrator’s malware protection capabilities, allowing them to easily ensure only necessary file types can get through to the end-user, according to their varying file access permissions. The FileWall type filter ideally leverages CDR technology to purge embedded and nested files. By adding the CDR process to Microsoft’s existing sandbox-based protections, users are better prepared to defend against the threats of unknown malware.

How FileWall  integrates with Microsoft security technology

odix’s FileWall solution was created from square one to fully integrate with the Microsoft Graph Security API, Microsoft Azure Sentinel, and Exchange Online. As a result of odix’s native level integration with many of Microsoft’s core security mechanisms, FileWall’s deep file inspection capabilities don’t impact latency or compromise Microsoft’s native security protection. FileWall’s integration enables simultaneous reporting of malicious events and embedded suspicious content discovered within files to Microsoft Azure Sentinel.

For the user in complex file scenarios, such as nested files, password-protected attachments where traditional sandbox methods could miss or result in lengthy-time delays, and disruption of business processes, FileWall relies upon a detection-less process to remove unknown malware and block malicious elements embedded in files. FileWall provides near-instant sanitization and reconstruction of files with simple click deployment.

FileWall provides maximum security cooperation and allows for greater visibility of incoming files and triggers an automated response from Microsoft Exchange Online to mitigate the impact of malware accordingly.

Microsoft 365 and Exchange Online administrators can get a free license of FileWall here.

Architectural diagram displaying odix integrating with the Graph Security API, Exchange Online, and Microsoft Azure Sentinel.

Protecting emails: FileWall’s granular type filter

The FileWall file type filter allows the Microsoft 365 system admin to define which file types are permitted to enter the organization and which should be blocked. This minimizes the attack surface the organization is exposing via email by eliminating the threat vectors available in certain file types.

Screenshot of FileWall’s Content Disarm Control.

The type filter has three main controls:

  1. On/Off: Enabling or disabling the filter functionality on all file types.
  2. Work mode (Whitelist/Blacklist): The ability to create pre-set lists of permitted and non-permitted file types for specific users within the organization.
  3. Default settings: Suggested default policy by FileWall which includes 204 file types categorized as dangerous [including executable files (exe)], windows batch files (bat), windows links (lnk), and others.

The sandbox can manage executables and active content. This allows the sandbox to work only on files that were not treated by FileWall. As most organizational traffic consists of non-executable documents, this method can reduce sandbox load by 90 to 95 percent, lowering the total costs and improving the average latency.

Screenshot of FileWall’s File Type Filter.

FileWall complements Exchange Online security capabilities

As a native-level security add-on within Microsoft Exchange Online, with no SMTP relay required, FileWall doesn’t harm productivity. Consequently, all FileWall’s settings have been configured to complement existing security protocols. FileWall’s speed in processing files is near-instantaneous for common file types.

Architectural diagram displaying FileWall delivering malware-free attachments.

Learn more

odix is an industry leader in developing and optimizing CDR technology for the enterprise and small and medium business markets. odix’s flagship CDR add-on, FileWall, is available for direct purchase in the Microsoft marketplaces.

FileWall has already proven its worth in the field, providing best-in-class email protection in a broad range of IT and industrial settings. Clariter, a global clean-tech company, was seeking an additional security layer to enhance its email security systems and found FileWall the ideal solution. Read the full case study here.

To learn more about FileWall, visit our listing in the Azure Marketplace.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 


¹SolarWinds hack was ‘largest and most sophisticated attack’ ever: Microsoft president, The Associated Press, February 14, 2021.

22020 Data Breach Investigations Report, Verizon Business, May 19, 2020.

The post odix and Microsoft: Protecting users against malware attacks with free FileWall license appeared first on Microsoft Security.

BlueVoyant optimizes customer security with Microsoft security services

April 1st, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA.

What a year it has been.

The rapid and unexpected transition to work from home is one of the biggest issues affecting companies of all sizes and industries in 2020. As companies now take a brief pause after the mad rush during the first half of the year, they must take an honest look at their security posture to ensure that their intellectual property, employee and customer data, applications, and infrastructure are all being protected and that plans are in place to continue doing so in the future, given many companies will operate very differently going forward.

Security teams are facing challenges they have never experienced before

The exponential growth in remote users, combined with accelerated digital transformation efforts involving migration of applications and data to the cloud, has changed and expanded the attack surface for today’s organizations. Attacks and breaches have continued to be a danger to companies throughout the pandemic. Security teams are challenged to piece together solutions to detect and eradicate threats across multiple types of environments with solutions made up of technologies from multiple vendors, many of which were only designed to operate in legacy environments preceding the cloud era. Integration complexities, a lack of qualified security resources, and an unrelenting wave of attacks from cybercriminals make securing the organization a seemingly unattainable goal.

Today’s security reality is less than ideal in many cases

BlueVoyant speaks with a lot of companies about their security technology deployment. One of the main trends found is that they have accumulated a bunch of hardware and software over the years and are trying to make use of it somehow, but at the end of the day, they struggle to get it all to work together properly. Research has shown that this situation (commonly known as “tech sprawl”) can oftentimes result in a company being more exposed to attack than it realizes, as failing to correctly integrate various pieces of hardware and software can create gaps that allow cyber attackers to get in.

In addition to dealing with tech sprawl, IT and security teams are being asked to participate in digital transformation initiatives at their companies. These initiatives almost always involve moving large amounts of applications and data to the cloud to reap the benefits of lower infrastructure costs, greater flexibility, and on-demand scalability. Legacy security technologies simply don’t work in these new cloud environments.

How do you solve this problem?

What is the solution to eliminating the pain associated with tech sprawl while also providing the security your company needs in a cloud-first world? We believe that a cloud-native, fully integrated security solution is what companies need to operate safely in today’s dangerous cyber environment. To bring our vision to life, we are adopting Microsoft security technologies to build managed solutions that extend detection and threat eradication capabilities across a customer’s entire ecosystem, leveraging tools and integrations already included with a customer’s Microsoft 365 license. Our Managed Microsoft Security Services combine the design, deployment, 24x7x365 threat detection, and over 500 proprietary detection rules—designed and built on Microsoft-powered security technology—to provide the business and technology outcomes needed by our customers.

How does integrated Microsoft security technology work?

Architectural diagram displaying integrated Microsoft security technology.

Here is an example of the integrated Microsoft security technology working together to successfully detect and eradicate a cyber threat:

  1. A phishing email is received by a user on a managed endpoint.
  2. Office 365 Security and Compliance Center provides visibility into the phishing attempt, and Defender for Office 365 Safe Links evaluates the link at the time-of-delivery to search for malicious or suspicious content. It finds nothing out of the ordinary and allows the message to be delivered to the user’s inbox. The end user opens the email and clicks the link. Defender for Office 365 again scans the link using Safe Links and finds a malicious file on the page that is linked. The user is presented with a webpage, warning them that the site may be malicious.
  3. Since the user believes the email came from someone they know, they bypass the warning message and visit the link where malware gets downloaded to their machine in the background, causing a compromise that allows for elevated access on the endpoint.
  4. Defender for Endpoint detects this and quarantines the file based on zero-day and runtime detections. It surfaces alerts that include insights into the threat and detailed information about events happening on the machine to the security team in the security operations center (SOC) dashboards.
  5. Azure Active Directory Identity Protection sends additional compromise/threat escalation data to Microsoft Cloud App Security. Threat aggregation is calculated against machine learning normalization to assess threat severity.
  6. Azure Sentinel conducts additional correlation analysis and follows a remediation playbook based on severity and aggregated threat calculation.
  7. Remediation workflows revoke the user’s multi-factor authentication (MFA) token, triggering unified endpoint management (UEM) device compliance failure to revoke access grants in Conditional Access.
  8. SOC analysts and end user compute staff confirm remediations before restoring access.

Who is BlueVoyant

BlueVoyant was co-founded in 2017 and is led by several former Fortune 500 executives and government intelligence leaders. We recruit and retain top talent from the FBI, NSA, Unit 8200, GCHQ, and from leading private sector security firms. While we’re still a young company, our expertise in delivering Managed Microsoft Security Services to our customers is already well established. For example, in the recent “Forrester Wave: Midsize Managed Security Services Providers, Q3 2020” report, we were the only company highlighted for our experience in working with Azure Sentinel.

In addition to the existing portfolio of security services we offer today, we are always on the lookout for new ways to provide increased value to our customers who prefer Microsoft-powered security services. We are excited to announce that we acquired Managed Sentinel, a company specializing in Azure Sentinel and Microsoft 365 Defender deployments. By acquiring Managed Sentinel, BlueVoyant strengthens its ability to serve Microsoft customers globally. This allows Managed Sentinel to leverage BlueVoyant’s threat intelligence and managed detection and response (MDR) capabilities, enabling both BlueVoyant and Managed Sentinel to deliver full-service offerings for Microsoft security technologies from customized deployments, ongoing maintenance, to 24/7 security operations.

According to Mandana Javaheri, Director of Business Strategy, CSG Business Development, Microsoft, “The Managed Sentinel acquisition by BlueVoyant further expands their cybersecurity services capabilities to provide customers the consultative, advisory, and implementation expertise needed to fully maximize the value and adoption of Microsoft’s security product portfolio.”

BlueVoyant is an MSSP pilot member of the Microsoft Intelligent Security Association. For more information about our extensive consulting portfolio, implementation, and managed security services, please visit our website.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post BlueVoyant optimizes customer security with Microsoft security services appeared first on Microsoft Security.

Finalists announced in second annual Microsoft Security 20/20 awards

March 11th, 2021 No comments

2020 was a transformational year. Seemingly overnight, COVID-19 reshaped our perspective on work, home life, and security. Setting up home offices and powering through online presentations in our pajama bottoms (with cameos by pets and children), our industry rose to the challenge. All that challenging work kept firstline workers, students, medical professionals, and the rest of us connected and secure through a dark year. Now as we approach a full year, we will again celebrate our colleagues in security, compliance, and identity at the second annual Microsoft Security 20/20 awards ceremony on May 12, 2021.

“The past 12 months have reshaped our industry. We’ve all been pushed to reach new heights—creating integrated security, compliance, and identity solutions that work across platforms and cloud environments. We want to recognize the partners who helped get us there by creating their own game-changing Microsoft-based solutions and services.” —Vasu Jakkal, CVP Microsoft Security, Compliance & Identity

Perspective

According to the American Optometric Association: “20/20 vision does not necessarily mean you have perfect vision, it only indicates the sharpness or clarity of vision at a distance.” Last year’s theme of “Vision and Clarity” focused on shaping Microsoft’s vision for the security ecosystem alongside our partners, but the past year has prompted all of us to have a new perspective. The last 12 months have, in a way, forced us all to step back and reexamine the solutions we offer. Our industry burned the midnight oil, retooling products to better support a new remote workplace. The Microsoft Security 20/20 awards ceremony will acknowledge our new reality and shifted viewpoint with the theme of “Perspective—Through the looking glass.”

Unlike the online meetings we all know too well, this awards show will be an immersive, digital experience, ripe with dazzling visuals and soundscapes. We’re going all-in to celebrate our finalists and winners across 18 award categories honoring the best in the security, compliance, and identity ecosystem. We promise to engage all five of your senses to get you out of that office chair (figuratively, anyway), traveling through lush forests, bright meadows, and along a breezy beach.

Everyone is welcome. In this short-but-sweet awards show, we’ll skip the speeches and double down on creativity and fun. You’re invited to watch the 90-minute event and engage with us on social media. Feel free to invite your spouse, fur baby, or favorite houseplant. Just don’t forget to snap a selfie and share it with the hashtag: #MSFTSecurity2020.

Click to register for the Microsoft Security 20/20 awards!

Security for all

Microsoft is committed to building solutions that safeguard your entire organization—delivering integrated security, compliance, identity, and management across platforms and cloud environments. We want to help our customers prioritize risks using unified management tools and strategic guidance that maximize the human experience. The Microsoft Security 20/20 awards honor partners who align with Microsoft’s focus on customer obsession and have developed innovative, integrated solutions during the past year—helping us realize our vision of security for all.

This year’s finalists

The award categories and finalists were selected by a cross-functional group within Microsoft for their excellence in innovation, integration, and customer implementation. This year, winners will be voted on by members of the Microsoft Intelligent Security Association (MISA), making this truly a celebration among peers. Each MISA member company will get one vote and winners will be announced at the event (finalists, you’ll have to watch to find out if you won!).

Security Trailblazer

Partners who drive major security-related initiatives and educate the market on how to be more secure.

Most Transformative Integration Partner

Partners that are actively building integration across the Microsoft Security portfolio, along with demonstrating leadership in driving new, differentiated integrations.

Compliance Trailblazer

Partners who further major compliance-related initiatives and educate the market on compliance risks.

Microsoft Security System Integrator of the Year

System Integrators that work closely with field sellers to close deals, integrate, and deploy Microsoft Security into customers’ environments.

Identity Trailblazer

Partners who drive major identity-related initiatives and educate the market on how to protect identities.

Microsoft Security GTM partner of the Year

Partners who complete the largest number of workshops with the highest degree of excellence.

Microsoft 365 Security Deployment Partner of the Year

Service providers that increase usage and adoption rates for Microsoft 365 security products.

SCI Advisory of the Year

Security advisory firms that are building core competencies on top of Microsoft Security solutions and acting as a trusted advisor to Microsoft customers.

Microsoft Azure Security Deployment Partner of the Year

Service providers that increase usage and adoption rates for Azure security products.

The Security Industry Changemaker

Individuals that make a standout contribution to improve the security community.

Zero Trust Champion – ISV (Independent Software Vendors)

Software vendors that increase usage and adoption rates with solutions aligned with Microsoft’s Zero Trust strategy.

Top MDR (Managed Detection and Response) Team

Managed Detection and Response teams that provide incident responses for the world’s largest customers and partner with Microsoft Security to continually improve customer security.

Zero Trust Champion – SI (Systems Integrators)

System Integrators that accelerate secure remote work and help customers accelerate their Zero Trust strategy.

Top Managed SOC (Security Operations Centers)

Security Operations Centers that provide managed security services to the world’s largest customers and partner with Microsoft to continually improve customer security.

Emerging Security ISV Disruptor

Independent Software Vendors who show growth potential and have innovative emerging capabilities.

Microsoft Security Customer Impact

Partners who have driven a significant number of customers wins and have a proven track record for customer satisfaction.

Compliance Services Innovator of the Year

Service partners that demonstrate leadership and innovation in managed compliance service scenarios.

Security ISV of the Year

Independent Software Vendors that have shown innovation and the ability to drive revenue.

Our partners in the security, compliance, and identity ecosystem continually inspire us to create stronger, more integrated solutions. Please join us in celebrating their achievements at the Microsoft Security 20/20 awards, May 12, 2021—we look forward to seeing you there!

Click to register for the Microsoft Security 20/20 awards!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Finalists announced in second annual Microsoft Security 20/20 awards appeared first on Microsoft Security.

Compliance joins Microsoft Intelligent Security Association (MISA)

March 3rd, 2021 No comments

Like many of you, I’m thrilled to have my 2020 calendar safely in the recycling pile. During that time though, you too might have noticed how, perhaps unknowingly, you were able to turn some of last year’s lemons into lemonade. Maybe you developed a deeper appreciation for everyday moments and the people in your life, gaining a new perspective on what matters most.

For my team, seeing the Microsoft Intelligent Security Association (MISA) grow to 190 partner companies has been a bright spot in a dark year. To date, MISA members have created 215 product integrations, and I’m pleased to announce that our pilot program for adding managed security service providers (MSSPs) has formally transitioned. MISA now includes 39 MSSP members who have created 76 MSSP offers since the beginning of the fiscal year.

“Microsoft Security integrates with a broad ecosystem of platforms and cloud providers, so they work with the things you already have in your environment; whether those things are from Microsoft, or not. Our partners are key to helping facilitate this integration.”Vasu Jakkal, CVP, Security, Compliance and Identity

“Adding managed security service providers promises to increase the ecosystem’s value even more by offering an extra layer of threat protection—reducing the day-to-day involvement of in-house security teams. It’s another important step in strengthening and simplifying security at a time when risk mitigation is one of IT’s highest priorities.”Shawn O’Grady, Senior Vice President and General Manager, Cloud + Data Center Transformation at Insight

Because Microsoft’s footprint extends across many technologies, we have an advantage in creating holistic solutions that encompass the full breadth of security, compliance, and identity. In keeping with that end-to-end approach, we’ve expanded MISA to include 5 new compliance products, growing the MISA product portfolio to 18.

“The explosion of data from digital transformation and remote work make the integration of security and compliance tools across internal and external ecosystems more critical than ever. Together with the deep expertise of our MISA members, we can help our customers address their complex, evolving security and compliance needs.”Alym Rayani, General Manager, Microsoft Compliance

Compliance comes to MISA

Microsoft compliance products help our customers assess their compliance risk, protect their sensitive data, and govern it according to regulatory requirements. Through MISA, members get support in building managed services and integrations that:

  1. Protect and govern data wherever it lives.
  2. Identify and take actions on critical insider risks.
  3. Simplify compliance and reducing risk.
  4. Investigate and respond with relevant data.

“TeleMessage is excited to bring our Mobile Communication Archiving products to be a part of Microsoft’s security solutions. Being a MISA member allows us to work closely with the Microsoft teams and allows us to provide seamless, secure, and compliant integrations delivering all popular forms of mobile communication.”—Guy Levit, CEO at TeleMessage

Microsoft Information Protection has been part of MISA since the association began in 2018, providing broad coverage across devices, apps, cloud services, and on-premises systems. This year, we’re continuing to develop our holistic partner community across security, compliance, and identity by adding five additional Microsoft compliance products to our portfolio:

  • Microsoft Information Governance: Keep what you need and delete what you don’t. Apply compliance solutions and a deletion workflow for email, documents, instant messages, social media, document collaboration platforms, and more.
  • Microsoft Data Loss Prevention: Help users stay compliant without interrupting their workflow—prevent the accidental sharing of sensitive information across Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, and desktop versions of Excel, PowerPoint, and Microsoft Word.
  • Microsoft 365 Insider Risk Management: Identify critical insider risks and take the appropriate action. With built-in privacy controls, use native and third-party signals to identify, investigate, and remediate malicious and inadvertent activities in your organization.
  • Microsoft Advanced eDiscovery: Gain an end-to-end workflow to collect, analyze, preserve, and export content that’s responsive to your organization’s internal and external investigations. Identify persons of interest and their data sources, then manage the legal-hold communication process.
  • Microsoft Compliance Manager: Get help throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.

“Joining MISA enhances our relationship with Microsoft and our commitment to being an information governance and compliance leader providing solutions for organizations to bring third-party data into Microsoft 365 archive,” said Charles Weeden, Managing Partner of 17a-4, LCC. “DataParser’s connectors will allow Microsoft 365 Compliance users to ingest content from various sources, such as Bloomberg, Slack, Symphony, Webex Teams and many others.”

Connectors and APIs to extend compliance capabilities

Organizations today face an intimidating amount of data to protect across disparate systems, both on-premises and in the cloud. That’s why Microsoft compliance solutions span information protection and governance, data-loss prevention, insider risk, eDiscovery, audit, and compliance management—including your non-Microsoft data.

Microsoft 365 compliance enables organizations to extend, integrate, accelerate, and support their compliance solutions with three key building blocks:

All of these new capabilities exist within Microsoft’s integrated compliance platform. Meaning, customers only need to set compliance policies a single time, regardless of the data source.

“The Veritas Merge1 connector platform integration with M365 allows our joint customers to configure, connect, and capture a vast number of data sources from within the M365 compliance center. The integration makes it easy to quickly identify which data sources need to be captured, to configure connectivity to those data sources and to pull data into M365 all from within the Azure infrastructure. Our development teams have worked closely together for over 12 months to make sure the workflow is simple and the capabilities are robust. With the increase in global regulations over the past several years, our goal is to simplify compliance, and we believe we have achieved that by working together with Microsoft.”David Scott, Sr. Director, Digital Compliance at Veritas Technologies

Microsoft Security lights the way

As the global pandemic forced millions into remote work last year, hackers took advantage and upped their game, as seen with the recent Solorigate attack. Many organizations saw their sensitive data created, viewed, and distributed across multiple fragmented platforms that increased the potential attack surface. Because we view security as part of the common good, we chose to take a proactive approach; shifting cybersecurity away from the shadows and into a place of innovation and empowerment.

“MISA has helped us promote successful integrations with Azure Security Graph API and Azure Active Directory, both now deeply embedded in Barracuda security solutions.”Tim Jefferson, SVP Data, Networking, and Applications, Barracuda Networks

During Microsoft Ignite, March 2-4, 2021, you’ll see added investment in our security, compliance, and identity portfolio as we continue to innovate and create holistic solutions that support cultures of security for our customers and partners, based on four basic principles:

  • Protect everything: Safeguard your entire organization with integrated security, compliance, and identity solutions built to work across platforms and cloud environments.
  • Simplify the complex: Prioritize risks with unified management tools and strategic guidance created to maximize the human expertise inside your company.
  • Catch what others miss: Enable AI, automation, and human expertise to help you detect threats quickly, respond effectively, and fortify your security posture.
  • Grow your future: Gain the peace of mind that comes with a comprehensive security solution, empowering you to grow, create, and innovate across your business.

To learn more about upcoming big announcements at Microsoft Ignite this week, visit our latest blog posts:

To learn more about Microsoft Security solutions, visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Compliance joins Microsoft Intelligent Security Association (MISA) appeared first on Microsoft Security.

What we like about Microsoft Defender for Endpoint

February 22nd, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA 

It’s no secret that the security industry generally likes Microsoft Defender for Endpoint. After a few months of using and integrating it with our platform here at Expel, we feel the same.

On Expel’s EXE Blog, we regularly share our thought process on how we think about security operations at scale at Expel and the decision support (or additional context) we provide our analysts through automation.

In short, Defender for Endpoint makes it easy for us to achieve our standard of investigative quality and response time, but it doesn’t require a heavy lift from our analysts. And that’s good news both for our customers and for us.

So, what is Microsoft Defender for Endpoint?

Defender for Endpoint is an enterprise endpoint security product that supports Mac, Linux, and Windows operating systems, along with Android and iOS. There are lots of cool things that Defender for Endpoint does at an administrative level (such as attack surface reduction and configurable remediation). However, from our vantage point, we know it best for its detection and response capabilities.

Defender for Endpoint is unique because not only does it combine an Endpoint Detection and Response (EDR) and AV detection engine into the same product, but for Windows 10 hosts, this functionality is built into the operating system, removing the need to install an endpoint agent.

With an appropriate Microsoft license, Defender for Endpoint and Windows 10 provide out-of-the-box protection without the need to mass-deploy software or provision sensors across your fleet.

How EDR tools help us as an XDR vendor

When we integrate with an EDR product like Defender for Endpoint in support of our customers, our goal is to predict the investigative questions that an analyst will ask and then automate the action of getting the necessary data from that tool.

This frees up our analysts to make the decision—versus making them spend time extracting the right data.

We think Defender for Endpoint provides the right toolset that helps us reach that goal—and removes some burden from our analysts—thanks to its APIs.

Thanks to Defender for Endpoint’s robust APIs, we augmented its capability to provide upfront decision support to our analysts. As a result, we’re able to arm them with the answers to the basic investigative questions we ask ourselves with every alert.

To find these answers, there are a few specific capabilities of Defender for Endpoint we use that allow us to pull this information into each alert:

  • Advanced hunting database.
  • Prevalence information.
  • Detailed process logging.
  • AV actions.

This way, our analysts don’t need to worry about fiddling with the tool but instead focus on analyzing the rich data it provides.

Check out a real-life example of how Expel analysts use Defender for Endpoint to triage an alert on behalf of a customer.

Defender for Endpoint helps reduce our alert-to-fix time

The decision support—or additional context about an alert—that Defender for Endpoint enables us to generate is powerful because it allows us to become specialists at analysis rather than specialists of a specific technology.

Defender for Endpoint provides a platform that allows our analysts to quickly and accurately answer important questions during an investigation.

Most importantly, though, having these capabilities emulated in the API allowed us to build on top of the Defender for Endpoint platform to be more efficient in providing high-quality detection and response.

And that’s a win-win for both Expel and our customers.

Learn more

To learn more about Expel, visit our listing on the Azure Marketplace.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post What we like about Microsoft Defender for Endpoint appeared first on Microsoft Security.

Automating and operationalizing data protection with Dataguise and Microsoft Information Protection

February 4th, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA

In technical literature, the terms data discovery, classification, and tagging are sometimes used interchangeably, but there are real differences in what they actually mean—and each plays a critical role in an enterprise data protection strategy.

Data discovery is the process of reporting information about the sensitivity of a data object. The granularity of reporting typically includes what type of sensitive information is found, exactly where it is found, along with the exact cardinality of sensitive data elements. Data classification is the association of a label, which typically has some business value, to an object (file or a table). Classification is often stored as metadata in a separate system or an external data catalog and enables downstream usage of a data object based on security or privacy policies. Data tagging (labeling) is the application of an actual label (or classification) to the associated object.

The important thing to note here is that data discovery is always foundational to a data protection strategy. Classification and tagging depend on accurate discovery to drive the appropriate method of protection, which will ultimately depend on the consumption or utilization and privacy requirements for the data. The more comprehensive and efficient (automated and integrated) the data discovery, the more effective and cost-effective the data protection.

Dataguise and Microsoft Information Protection: Better together

 Now, you probably know that Microsoft Information Protection is a comprehensive suite of services and features that Microsoft offers for its customers to classify, label, and protect data. Microsoft Information Protection forms the core of many enterprise data protection strategies.

Dataguise is a sensitive data discovery and protection software that now integrates with Microsoft Information Protection. More specifically, it performs context-aware discovery of structured, unstructured, and semi-structured data, and can use the results of that discovery to report on data classification, tag data with Microsoft Information Protection-readable labels, and protect sensitive data either natively—via innumerable methods of masking, encryption, and monitoring—or by integrating with Microsoft Information Protection or a third-party data protection solution. It’s a highly scalable solution that relies on machine learning and other heuristics to allow for efficient, accurate data discovery in multi-petabyte, hybrid environments.

With Dataguise, discovery can be done at several levels to meet various risk, compliance, or data governance goals; but there are two kinds of discovery that are of particular interest here, and it’s important to distinguish them:

  1. Discovery of personal information and other sensitive data: This is the process of finding and reporting data governed by PII, PCI, PHI, and any similar policy, where all sensitive data needs to be discovered but not associated with an individual. Such requirements are typically driven by industry security standards or regulations.
  2. Identity-based data discovery: This is the process of finding and reporting data specifically related to an individual. The contents of the report may or may not be useful for directly identifying the associated individual, but the entirety of a report constitutes the breadth of information that an enterprise possesses about the given data subject. Identity-based discovery is typically driven by recent data privacy laws like GDPR in the EU, CCPA in California, and LGPD in Brazil.

A data protection strategy that takes both types of discovery into account and incorporates technologies to perform them accurately, efficiently, and comprehensively—can add value not only for information security or privacy teams but for risk, compliance, governance, analytics, marketing, and IT operations teams as well. When you think of all the ways an organization collects, uses, shares, and stores data across the enterprise, more granular visibility leads to more precise control and, therefore, greater business flexibility and agility to maximize data value.

Ultimately, Dataguise complements Microsoft Information Protection capabilities, making the combination extremely useful for the customer.

The discovery synergy: Dataguise augments Microsoft Information Protection scanning capabilities

Dataguise’s real strength lies in the fact that it can discover and report sensitive and personal data across relational databases, NoSQL databases, Hadoop, file shares, cloud stores like ADLS, S3, and GCS, and over 200 different cloud-based applications. Therefore, Dataguise primarily can extend Microsoft Information Protection’s scanning coverage to structured and unstructured data stored outside Microsoft products to the ones mentioned above. This is a game-changer, as Microsoft Information Protection can now be used to tag all co-located sensitive and personal data on all co-located platforms.

The protection synergy: Dataguise enhances downstream data protection capabilities for Microsoft Information Protection

 Dataguise uses Microsoft Information Protection’s SDK to seamlessly integrate discovery with Microsoft Information Protection’s tagging capability. Whether the tags power DLP, access control, or encryption and decryption solutions, Dataguise can either natively or by leveraging a third-party solution, team up with Microsoft Information Protection to create an end-to-end data protection strategy and automated implementation.

So how does this all work?

The integration is seamless and starts with defining the tags in Microsoft Information Protection. Then, there is a mapping of these tags to one or a combination of sensitive elements, out-of-the-box or custom in Dataguise. As Dataguise runs its discovery scans, it is using that mapping to report tags corresponding to each file that it has scanned. Now, using the Microsoft Information Protection SDK, these tags are applied to the corresponding file. Dataguise discovery uses context-aware discovery based on machine learning, which benefits Microsoft Information Protection by tagging files accurately and at scale. The figure below shows the flow:

An infographic that shows the flow of context-aware discovery based on machine learning.

Dataguise and Microsoft Information Protection bring a powerful combination of capabilities to any data protection strategy and implementation. The joint value of this integration lies in the fact that Dataguise can cover a broad range of platforms for discovery, and then leverage Microsoft Information Protection labeling to enable downstream data protection. Intelligent and context-aware data discovery is foundational to data protection, and with accurate optics, enterprise-wide implementation of comprehensive and automated data protection policies can be achieved.

For more information about the Dataguise Sensitive Data Discovery and Protection solution, please visit www.dataguise.com. You can also find Dataguise on the Azure Marketplace.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Automating and operationalizing data protection with Dataguise and Microsoft Information Protection appeared first on Microsoft Security.

Blue Cedar partners with Microsoft to combat BYOD issues

January 21st, 2021 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.  

Bring Your Own Device (BYOD) has been a divisive topic within corporations for years. Employees wanted the convenience of working on their own smart devices, and business decision-makers recognized the cost and productivity benefits. IT teams knew unmanaged devices would result in more work and security holes. 

As you know, the business side won out. The line-of-business (LOB) mobile app market exploded, and BYOD became the rule rather than the exception. Today, corporate IT teams manage hundreds of mobile LOBs ranging from apps developed in house to Microsoft 365, with more on the horizon. There is one thing that everyone can agree on, however: Employers should not manage their employees’ personal devices. 

Establishing data boundaries

IT teams constantly struggle to walk the delicate line of managing corporate data without impinging on personal data. The Microsoft Intune and Microsoft Office 365 teams set out to solve the problem together. The teams worked together to develop app protection policies (APPs) for what would become Microsoft Endpoint Manager (MEM). The APP places restrictions on how Office 365 data can be used on a completely managed or completely unmanaged device. Specifically:  

  • Data can only be shared between managed Office 365 apps. 
  • Users cannot forward it or save it to a non-Office 365 resource. 

Blue Cedar’s solution for Microsoft

IT and security teams have been searching for a solution to accommodate BYOD that won’t compromise network security. The Blue Cedar Platform is a no-code Integration service that enables new capabilities to be added to Mobile apps post-build without requiring a developer. With a couple of clicks, you can add Intune MAM, Azure Active Directory Authentication, and other SDKs into your compiled mobile app. The platform works with native apps or apps written using a mobile framework and integrates into your existing app delivery workflow. Built-in integrations with GitHub and the Intune cloud allow you to build seamless workflows that add new app capabilities and skip manual operations.  

Feature highlights: 

  • Add Microsoft Endpoint Manager App Protection Policy capabilities.  
  • Add new app authentication flows include the use of the Microsoft authenticator app. 
  • Keep corporate data separate from personal data. 
  • Allow users to BYOD without creating security vulnerabilities. 
  • Maintains end-user privacy. 

Secure VPN connections to on-premises resources

There is one last thing I’d like to tell you about today—and it’s a potential gamechanger for many organizations. Many companies still maintain critical data on-prem, meaning employees can’t easily access it from their mobile devices. Utilizing our patented No-code integration technology, VPN capabilities can be added to mobile apps allowing them to attach to the corporate network. 

Our in-app VPN functionality enables users to automatically connect to on-premises and in-cloud networks without requiring device management or complex VPN configuration. Our VPN connectivity is transparent and secured via a multi-factor authentication backed by Azure AD 

Infographic showing Secure VPN connections to on-premises resources using Blue Cedar

Secure VPN feature highlights: 

  • Extends network availability to on-prem networks. 
  • Permits login with Azure AD credentials. 
  • Separates corporate data from personal data.
  • Improves productivity. 

The Blue Cedar platform is also the only way to securely connect Intune-enabled apps to both cloud and on-premises databases for a single sign-on (SSO) experience without bringing the devices under management. 

Better BYOD for your organization

BYOD is here to stay; the Blue Cedar collaboration with Microsoft will save you time, resources, and budget while providing secure mobile access to your on-prem or cloud-based resources.  

To learn more about Blue Cedar Platform, visit the Blue Cedar listing in the Azure Marketplace or visit our web page about Blue Cedar’s no-code integration service. 

To learn more about the Microsoft Intelligent Security Association (MISA), visit the MISA website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.  

The post Blue Cedar partners with Microsoft to combat BYOD issues appeared first on Microsoft Security.

Forcepoint and Microsoft: Risk-based access control for the remote workforce

January 4th, 2021 No comments

This blog post is part of the Microsoft Intelligence Security Association (MISA) guest blog series. Learn more about MISA here.

Adopting cloud-based services as part of an organization’s digital transformation strategy is no longer optional, it’s a necessity. Last year, only 18 percent of the workforce worked remotely full-time. Today, companies have been forced to accelerate their digital transformation efforts to ensure the safety and well-being of employees. At the same time, organizations cannot afford to sacrifice productivity for the sake of security. With the massive move to online experiences and remote working, comes a new set of challenges—how do you ensure your data, your network, and your employees stay secure, wherever they are?

Forcepoint has integrated with Azure Active Directory (Azure AD) to enhance existing Conditional Access capabilities by orchestrating change in authentication policies dynamically so that every user authenticates with steps aligned to their risk score. Active sessions can be terminated upon risk score increase so that users must re-authenticate using an enhanced sequence of challenges, and users can be temporarily blocked in the case of high risk. Forcepoint risk scores, combined with Azure AD risk, are calculated based on the user’s context, such as location or IP, to help automatically and accurately prioritize the riskiest users. The joint solution enables administrators to protect critical data and leverage the power of automation to prevent data compromise and exfiltration from occurring. By combining the power of Azure AD with Forcepoint security solutions, organizations can scale a risk-adaptive approach to identity and access management and cloud application access without changing their existing infrastructure.

People are the perimeter

Before COVID-19, in our 2020 Forcepoint Cybersecurity Predictions and Trends report, we detailed the shifting emphasis to a “cloud-first” posture by public and private sector organizations alike. There was, and still is, a clear need for organizations to expand their view of network security and begin to understand that their people are the new perimeter. Today, more than ever, it is imperative for businesses to comprehend and to manage the interaction between their two most valuable assets—their people and their data.

Human-centric cybersecurity is about focusing on not just individuals, but how their behaviors evolve over time. Forcepoint risk scores are designed to continuously calculate the level of risk associated with individual behavior in the past, present, and future. Most organizations today will adopt blanket policies to improve their security posture. Even though policies for individuals may have some level of flexibility, most tend to apply policies to all users within a group—regardless of the individual risk profile. This results in unnecessarily complicated steps for low-risk users accessing common applications, and weak authentication challenges for privileged users logging into critical systems. In short, these implementations are likely frustrating your low-risk users by creating barriers to productivity and allowing high-risk users to fly under the radar.

Forcepoint’s mission is to provide enterprises with the tools needed to understand and quickly assess the risk levels of human behavior across their networks and endpoints and take automated action by implementing risk adaptive protection. We offer a portfolio of security solutions designed to quickly and continuously assess the potential of compromised user risk and automatically apply the appropriate protective measures.

Forcepoint + Azure Active Directory = Better together

Forcepoint has partnered with the Azure Active Directory team on a series of integrations designed to provide remote workers secure access to their cloud and legacy on-premise applications. Together, our integrated solutions combine the risk score calculated by Forcepoint’s Cloud Access Security Broker (CASB)—with Azure AD—to apply the appropriate conditional access policies tailored to each individual user risk.

integrated solutions combine the risk score calculated by Forcepoint’s CASB - with Azure AD- to apply the appropriate conditional access policies tailored to each individual user risk.

Learn more about the Forcepoint products that integrate with Microsoft Azure, including the technical implementation and demonstrations of how Forcepoint risk adaptive protection influences the conditional access policies of a potentially compromised user:

Give your organization the control it needs to protect critical assets and data by combining Forcepoint with the power of Azure AD today.

About Forcepoint

Forcepoint is a leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with networks, data, and systems. Forcepoint provides secure access solutions without compromising employee productivity. For more information, visit forcepoint.com.

Forcepoint is a member of the Microsoft Intelligent Security Association.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Forcepoint and Microsoft: Risk-based access control for the remote workforce appeared first on Microsoft Security.

A breakthrough year for passwordless technology

December 17th, 2020 No comments

As 2020 draws to a close, most of us are looking forward to putting this year in the rearview mirror. Since we depend even more on getting online for everything in our lives, we’re more than ready to be done with passwords. Passwords are a hassle to use, and they present security risks for users and organizations of all sizes, with an average of one in every 250 corporate accounts compromised each month. According to the Gartner Group, 20 to 50 percent of all help desk calls are for password resets. The World Economic Forum (WEF) estimates that cybercrime costs the global economy $2.9 million every minute, with roughly 80 percent of those attacks directed at passwords.

In November 2019 at Microsoft Ignite, we shared that more than 100 million people were already using Microsoft’s passwordless sign-in each month. In May of 2020, just in time for World Password Day, that number had already grown to more than 150 million people, and the use of biometrics to access work accounts is now almost double what it was then. We’ve drawn strength from our customers’ determination this year and are set to make passwordless access a reality for all our customers in 2021.

2020: A banner year for passwordless technology

Infograph describing the passwordless technology achievements in 2020

February: We announced a preview of Azure Active Directory support for FIDO2 security keys in hybrid environments. The Fast Identity Online (FIDO) Alliance is a “cross-industry consortia providing standards, certifications, and market adoption programs to replace passwords with simpler, stronger authentication.” Following the latest FIDO spec, FIDO2, we enabled users with security keys to access their Hybrid Azure Active Directory (Azure AD) Windows 10 devices with seamless sign-in, providing secure access to on-premises and cloud resources using a strong hardware-backed public and private-key credential. This expansion of Microsoft’s passwordless capabilities followed 2019’s preview of FIDO2 support for Azure Active Directory joined devices and browser sign-ins.

June: I gave a keynote speech at Identiverse Virtual 2020 where I got to talk about how Microsoft’s FIDO2 implementation highlights the importance of industry standards in implementing Zero Trust security and is crucial to enabling secure ongoing remote work across industries. Nitika Gupta, Principal Program Manager of Identity Security in our team, showed how Zero Trust is more important than ever for securing data and resources and provided actionable steps that organizations can take to start their Zero Trust journey.

September: At Microsoft Ignite, the company revealed the new passwordless wizard available through the Microsoft 365 Admin Center. Delivering a streamlined user sign-in experience in Windows 10, Windows Hello for Business replaces passwords by combining strong MFA for an enrolled device with a PIN or user biometric (fingerprint or facial recognition). This approach gives you, our customers, the ability to deliver great user experiences for your employees, customers, and partners without compromising your security posture.

November: Authenticate 2020, “the first conference dedicated to who, what, why and how of user authentication,” featured my boss, Joy Chik, CVP of Identity at Microsoft, as the keynote speaker. Joy talked about how FIDO2 is a critical part of Microsoft’s passwordless vision, and the importance of the whole industry working toward great user experiences, interoperability, and having apps everywhere support passwordless authentication. November also saw Microsoft once again recognized by Gartner as a “Leader” in identity and access management (IAM).

MISA members lead the way

The Microsoft Intelligent Security Association (MISA) is an ecosystem of security partners who have integrated their solutions with Microsoft to better defend against increasingly sophisticated cyber threats. Four MISA members—YubiKey, HID Global, Trustkey, and AuthenTrend—stood out this year for their efforts in driving passwordless technology adoption across industries.

Yubico created the passwordless YubiKey hardware to help businesses achieve the highest level of security at scale.

“We’re providing users with a convenient, simple, authentication solution for Azure Active Directory.”—Derek Hanson, VP of Solutions Architecture and Alliances, Yubico

HID Global engineered the HID Crescendo family of FIDO-enabled smart cards and USB keys to streamline access for IT and physical workspaces—enabling passwordless authentication anywhere.

“Organizations can now secure access to laptops and cloud apps with the same credentials employees use to open the door to their office.”—Julian Lovelock, VP of Global Business Segment Identity and Access Management Solutions, HID

TrustKey provides FIDO2 hardware and software solutions for enterprises who want to deploy passwordless authentication with Azure Active Directory because: “Users often find innovative ways to circumvent difficult policies,” comments Andrew Jun, VP of Product Development at TrustKey, “which inadvertently creates security holes.”

AuthenTrend applied fingerprint-authentication technology to the FIDO2 security key and aspires to replace all passwords with biometrics to help people take back ownership of their credentials.

Next steps for passwordless in 2021

Our team has been working hard this year to join these partners in making passwords a thing of the past. Along with new UX and APIs for managing FIDO2 security keys enabling customers to develop custom solutions and tools, we plan to release a converged registration portal in 2021, where all users can seamlessly manage passwordless credentials via the My Apps portal.

We’re excited about the metrics we tracked in 2020, which show a growing acceptance of passwordless among organizations and users:

  • Passwordless usage in Azure Active Directory is up by more than 50 percent for Windows Hello for Business, passwordless phone sign-in with Microsoft Authenticator, and FIDO2 security keys.
  • More than 150 million total passwordless users across Azure Active Directory and Microsoft consumer accounts.
  • The number of consumers using Windows Hello to sign in to Windows 10 devices instead of a password grew to 84.7 percent from 69.4 percent in 2019.

We’re all hoping the coming year will bring a return to normal and that passwordless access will at least make our online lives a little easier.

Learn more about Microsoft’s passwordless story. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post A breakthrough year for passwordless technology appeared first on Microsoft Security.

Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security

December 8th, 2020 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. You can learn more about MISA here

Cybercriminals have ramped up their initial compromises through phishing and pharming attacks using a variety of tools and tactics that, while numerous, are simple and often go undetected. One technique that attackers continue to leverage to obfuscate their activity and remain undetected is dwell time.

Dwell is the time between the initial compromise and the point when the attack campaign is identified. While industry reports offer differing averages for dwell time, I have yet to see reporting that presents an average below the 50 to 60-day range. Read more about advanced endpoint protection and dwell time.

Bolster Your Advanced Endpoint Protection (AEP)

Download the Digital Defense white paper here.

While dwell times have slightly decreased as attackers become less patient, they are still significant enough to evade the plethora of security tools that exist today. The challenge with these tools is their inability to piece together attacker activity over long periods. By the time enough indicators of compromise (IoC) reveal themselves to be detected, it is often too late to prevent a breach. Most monitoring solutions look for attacker activity to identify a potential indicator of compromise. However, the best way to combat dwell time is to identify and eradicate dormant or nascent malware that stays well-hidden before they periodically activate.

A layered Solution

Frontline Active Threat Sweep™ (Frontline ATS™), integrated with Microsoft Defender for Endpoint, identifies malware designed to actively evade EDR solutions. Frontline ATS™ is part of the Digital Defense Frontline.Cloud platform providing on-demand agentless threat detection that proactively analyzes assets for indications of a malware infection before other agent-based security tools can be deployed. When integrated, Frontline ATS augments Defender for Endpoint’s capabilities by identifying hidden IoCs without adding agents.

Placeholder

The ability to stay undetected for long periods of time is one of the most common and challenging tactics that attackers use to execute a successful breach. In addition, even when a security team using monitoring tools or an incident response (IR) service is able to detect a threat and clean up an infection, it is common to see it repeatedly resurface. This is because even though all active indicators of the threat have been investigated and addressed, if the initial, and often inactive, installation of malware is not discovered due to inactivity, it can later be re-activated to re-spark an infection. With Frontline ATS and Defender for Endpoint, security teams can find any source, artifact, or inactive remnants of malware that could restart the attack campaign. Defender for Endpoint and Frontline ATS provides comprehensive and unobtrusive advanced endpoint detection, protection, and response for drastically improving the security operations team’s effectiveness at preventing breaches.

To learn about the Digital Defense Frontline ATS integration with Microsoft Defender for Endpoint, please visit our listing in the Microsoft Azure Marketplace or visit Digital Defense to learn more.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security appeared first on Microsoft Security.

Key layers for developing a smarter SOC with CyberProof-managed Microsoft Azure security services

November 17th, 2020 No comments

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA here 

Security teams are struggling to reduce the time to detect and respond to threats due to the complexity and volume of alerts being generated from multiple security technologies.

With more workloads being migrated to the cloud, this brings an additional perimeter, which requires constant vigilance for early signs of a cyber-attack. New security challenges also emerge due to its elastic nature and the constant provisioning of new services.

How CyberProof is working with Microsoft to solve these challenges

CyberProof partnered with Microsoft to provide customers with cloud-scalable security monitoring, detection, and response services across the endpoint, network, identities, SaaS applications, and Azure cloud infrastructure.

With the CyberProof Defense Center (CDC) service delivery platform pre-integrated with Microsoft’s cloud-native SIEM, Azure Sentinel, CyberProof’s built-in virtual analyst, SeeMo, automates up to 80 percent of tier one and two activities such as monitoring, enrichment, incident handling, and remediation. This frees up your team to focus on the most critical business issues.

Key Layers to Building a Smarter SOC

We recommend that security operations center teams implement the following three key layers of a smarter system on a chip (SOC) architecture when looking to generate continuous value from your Azure security stack with managed security services.

Each layer includes the integrations between Microsoft and CyberProof that help facilitate this architecture. For more information, check out our on-demand webinar—which we ran in collaboration with Microsoft’s Chief Security Advisor EMEA, Cyril Voisin.

1. Data collection and integration layer—enrichment of security data from multiple sources

This is particularly useful for enterprise-grade SOCs that collect and parse relevant data from multiple business units before going into a data lake. Organizing and classifying all of this data will save time and money when you start introducing integration and automation technologies, as the information will already be structured in an optimum way. Here’s how log collection, normalization, and analysis work:

  1. Integration: An organization identifies the assets, tools, technologies, and applications that need to be integrated.
  2. Data normalization: Enterprise SOCs need to parse data before it enters the data lake—to tag and filter it—so the right information is being fed into the SOC in the most efficient way.
  3. Data collection and analysis: Using a solution such as Microsoft’s Azure Monitor Log Analytics and scalable storage such as Azure Data Lake, terabytes of data can be ingested in order to query and manage at scale. Machine learning can be used for the identification of anomalies and monitoring whether log sources are operating correctly, as well as to support threat hunting.

At CyberProof, we leverage Azure Monitor Log Analytics and CyberProof Log Collection (CLC) SaaS technology to pull logs from all sources of data. These include a customer’s existing Microsoft investments—including on-premises, SaaS, and Azure assets—and existing Microsoft security controls that generate alerts across identities, endpoints, data, and email, and cloud apps.

2. Security analytics layer—generating contextual alerts and minimizing false positives

The traditional on-premises SIEM architecture has limited scalability—such as, infrastructure costs are incurred up-front, based on peak requirements rather than on-demand provisioning that scales with current demand and growth over time. Also, effectively mapping logs from all ecosystems can be a time-consuming endeavor when having to correlate rules and create clear reporting.

The world of security data collection has evolved. It is no longer a single query or rule that triggers the discovery of an incident. Typically, security monitoring identifies the proverbial “needle in the haystack”—and to do this type of threat detection requires broad visibility across the enterprise. This requires more processing power and data collection, in order to establish what the baseline really looks like. These are attributes are best accomplished by implementing security in the cloud.

That’s where Azure Sentinel comes in, supplying correlation and analytics rules and filtering massive volumes of events to obtain high-context alerts. Azure Sentinel uses machine learning to proactively find anomalies hidden within acceptable user behavior and generate alerts.

Microsoft Azure Sentinel is fully integrated with CyberProof CDC platform, so customers can work from a single console to manage high-context alerts, carry out investigations, and handle incidents.

3. Orchestration, automation, and collaboration layer—facilitating faster threat detection and response

Forrester’s recent assessment of midsized MSSPs notes that orchestration and security automation plays a vital role for overburdened SOC staff.

By automating tier one and two activities like monitoring, enrichment, investigation, and incident handling, our CDC platform takes much of the strain out of the process. Essentially, the CDC platform provides our IP as a service—helping customers avoid the expenditure necessary to develop their own IP for a next-generation SOC.

The CDC platform gives customers a “single pane of glass” view from which to manage high context alerts, incidents, and report generation for stakeholders. It integrates the functionality of Azure Sentinel as well as other security investments.

The CDC platform’s benefits include:

  • Orchestration: Integrates external intelligence sources, enrichment sources, the IT service management system, and more into a single view.
  • Automation: Leverages CyberProof virtual analyst, SeeMo, who uses our Use Case Factory—a catalog of attack uses cases consisting of prevention, detection rules, and response playbooks all aligned to the MITRE ATT&CK framework—to continuously update playbooks.
  • Collaboration: Facilitates real-time communication with our nation-state level analysts to help remediate incidents.
  • Hybrid engagement: Supports collaboration of CyberProof experts with the customer’s team to remediate incidents and upskill the customer’s team.

Customers can start benefiting now

CyberProof solution, used in tandem with Azure Sentinel provides 24/7 security monitoring, which frees up SOC teams to focus on critical incidents.

The platform’s use of machine learning and behavioral analysis can reduce alert fatigue and false positives by up to 90 percent. It offers large-scale collection and correlation of data from the endpoint, cloud network, and users—facilitating high-context alerts.

These capabilities, as well as the platform’s high-level collaboration abilities and up-to-date response playbooks, contribute to greater efficiency in threat detection and in responding to validated incidents.

Yet, it doesn’t take a lot of time to transition to CyberProof solution. CyberProof has a defined onboarding process that’s based on each customer’s requirements.

As a managed service provider, we find that we can help customers get through the transition much more quickly than they would have on their own—accelerating the process and shortening the time needed to start reaping the benefits of the solutions.

Want more information? Check out our Azure Security Services page and the CDC platform from CyberProof. Or contact us to learn more about how we can help you transition to a smarter SOC.

To learn more about the Microsoft Intelligent Security Association (MISA), visit the Microsoft Intelligent Security Association website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Key layers for developing a smarter SOC with CyberProof-managed Microsoft Azure security services appeared first on Microsoft Security.

Advanced protection for web applications in Azure with Radware’s Microsoft Security integration

October 12th, 2020 No comments

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA here.

The state of application security

Companies face a wide range of security challenges, such as Open Source Foundation for Application Security Project (OWASP) vulnerabilities, advanced BOT threats and the need to manage BOTs, securing APIs, and protecting against volumetric and non-volumetric DDoS attacks. Advanced threats mean that application security solutions must do much more. Organizations require a synchronized attack-mitigation system that provides advanced application protection against all the above threats, across all platforms and environments at all times; providing comprehensive security and a single view of application security events for quick incident response and a minimum impact on business.

Customers are increasingly requesting, if not requiring, a fully managed service option for security elements. Beyond the obvious complexity of managing the positive and negative security model rules, today’s attacks are dynamic and evolving. Teams managing application security are stressed by the rapid pace of new application development and application changes, all of which require vulnerability assessment and remediation in the form of automated continuous and consistent security policies.

Cloud is disrupting technology and security is the biggest challenge for customers around the world. Radware is embracing this shift by focusing on ‘Strength in Security’ with Microsoft Azure and is focused on helping Microsoft Azure customers secure their workloads and applications. Radware works closely with Microsoft’s engineering teams to create new and innovative solutions in Azure that benefit from Microsoft’s unique cloud capabilities and services like Azure DDoS Protection and Microsoft Azure Sentinel to build a more secure digital infrastructure, enabling customers to overcome security challenges. Radware Security for Azure provides local availability and easy deployment capabilities across any Azure region, enabling organizations to move to Azure with the knowledge that their applications, networks, and data will be secure around the world.

The application threat landscape

Application vulnerabilities are now the fastest-growing cybersecurity threat to organizations, according to a year-over-year comparison of Radware’s annual Global Application & Network Security Report. Applications, and the APIs they leverage, must be protected against an expanding variety of attack methods. In addition, DevOps and Agile development practices mean that applications are in a state of constant flux, and security policies must adapt to keep pace. Web application security solutions must be smarter and address a broad spectrum of vulnerability exploitation scenarios and attack types and vectors. On top of protecting the application from these common vulnerabilities, they have to protect APIs and mitigate denial-of-service (DoS) attacks, manage bot traffic, and make a distinction between legitimate bots and malicious bots.

Web applications are a critical part of most modern businesses, but many organizations continue to overlook web application security, despite escalating threats. According to a recent Gartner report, by 2023, more than 30 percent of public-facing web applications will be protected by cloud web application and API protection services that combine DDoS protection, bot mitigation, API protection, and web application firewalls (WAFs).

Cloud web application and API security and integrated BOT and DDoS protection is the evolution of cloud-delivered WAF services. Comprehensive cloud-delivered managed security services is a more comprehensive runtime protection successor to WAF appliances. It is faster to deploy and easier for organizations to maintain. Customers want to consume security products without managing the underlying infrastructure which is a big benefit that a product like Radware Security for Azure brings to customers in Azure.

Radware Security for Azure is a managed service that provides network and application security protection against small-scale to even the most sophisticated large-scale attacks ensuring applications are protected from malicious DDoS attacks and zero-day web attacks and common vulnerabilities.

By leveraging the global scale of the Microsoft network and integrating with Azure DDoS Protection, Radware Security for Azure provides enhanced Layer 3 – Layer 7 DDoS mitigation capabilities tuned for applications and resources deployed in virtual networks backed by an industry-leading service level agreement (SLA) and 24/7 incident response team.

Six steps on how to neutralize the application threat

Radware provides advanced protection for web applications in Azure with an integrated application and API security service. Radware Security for Azure provides:

Details on security solutions offered by Radware Security for Azure

To learn more about Radware Security for Azure, visit our listing in the Azure Marketplace or visit Radware.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Advanced protection for web applications in Azure with Radware’s Microsoft Security integration appeared first on Microsoft Security.

Vectra and Microsoft join forces to step up detection and response

September 21st, 2020 No comments

This blog post is part of the Microsoft Intelligence Security Association (MISA) guest blog series. Click here to learn more about MISA.

Traditional security operations center (SOC) processes typically involve a wide variety of disparate event notification tools that force overworked analysts to battle massive amounts of inbound alerts. This often leads to missed signals and incorrect alert prioritization.

The move to cloud, hybrid environments, and IoT further exacerbates the situation as the attack surface is distributed, boundless, and ever-changing. Perimeter defenses, although necessary, are insufficient.

To address these challenges, SOCs today are focusing on continuous real-time detection and response capabilities that are based on three tightly integrated vantage points and solutions – network detection and response (NDR), endpoint detection and response (EDR), and security information and event management (SIEM).

Gartner calls this approach the SOC visibility triad. It combines the widespread visibility of NDR with the deep process-level insight of EDR, and couples them together with log and security analytics from a variety of sources in the SIEM.

Using these three components in a deeply integrated solution gives security professionals the tools and visibility into modern networking environments and allows them to detect and stop attacks that evade perimeter defenses.

The Cognito® platform from Vectra® delivers high-fidelity NDR by keeping a watchful eye on hidden attacker behaviors in workloads in the cloud and hybrid cloud as well as on-premises enterprise networks.

By combining security research with data science, Vectra AI-derived machine learning algorithms automatically detect and prioritize the highest-risk attacker behaviors in cloud/SaaS and data center workloads as well as user and IoT devices.

As a result, Vectra enables security professionals to reduce the SOC workload, instantly get deep insights and context about every attack, and respond faster to encroaching threats with surgical precision.

An image of the SOC Vectra Triad.

The deep native integrations between Vectra (NDR), Microsoft Defender ATP (EDR) and Microsoft Azure Sentinel (SIEM) make the SOC triad fully operational for customers, enabling them to use tools they are already familiar with.

This SOC triad brings together context from each data source, creating an extraordinary solution that is greater than the sum of its parts.

In addition to enriching Vectra detections with contextual endpoint data from Microsoft Defender ATP, this solution automatically shows attacker detections in the Microsoft Azure Sentinel dashboard, where SOC teams can conduct conclusive investigations.

The SOC visibility triad further helps drive integrated enforcement actions like disabling compromised accounts and isolating hosts that an attacker is using. This allows SOCs to deliver well-coordinated responses, enhance efficiency, and reduce attacker dwell-times.

The Host Lockdown feature from Vectra is a perfect example of this. When a high-risk attack is detected by the Cognito platform, SOC teams can respond quickly and accurately to lockdown Microsoft Defender ATP hosts from the Cognito dashboard.

This can be performed manually with a button-click or configured for automated enforcement that triggers when host threat, certainty, and observed-privilege scores exceed SOC-defined thresholds.

In summary, together with Microsoft Defender ATP, Vectra enables SOC teams to:

  • Combine the Vectra 360-degree aerial view of interactions on cloud and data center workloads with the in-depth ground-level view from Microsoft Defender ATP.
  • Enrich high-fidelity Vectra detections with deep process-level host-context from Microsoft Defender ATP.
  • Take precise and immediate enforcement actions from Vectra closer to the source using Microsoft Defender ATP.

And together with Microsoft Azure Sentinel, Vectra enables SOCs to:

  • Bring Vectra high-certainty behavior-based detections straight to Microsoft Azure Sentinel workbooks for immediate attention.
  • Automate incidents in Microsoft Azure Sentinel based on configurable threat and certainty score thresholds from Vectra.
  • Perform forensic analysis on incidents to identify involved devices, accounts, and attackers.

With these deep integrations between NDR, EDR, and SIEM that Vectra and Microsoft have collaborated on, we are able to realize the SOC visibility triad, ultimately allowing customers to elevate SOC visibility and prevent attackers from establishing footholds across cloud, data center, IoT, and enterprise networks.

For more details, check out the Cognito platform from Vectra and our integration with Microsoft Defender ATP and Microsoft Azure Sentinel.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our web site where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft security solutions, visit the Microsoft security web site. Bookmark the security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Vectra and Microsoft join forces to step up detection and response appeared first on Microsoft Security.

Microsoft and Corrata integrate to extend cloud app security to mobile endpoints

August 24th, 2020 No comments

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here.

The growth of mobile and remote work and the emergence of the “post perimeter” world has made keeping track of shadow IT a huge challenge for enterprise IT teams. What makes this problem particularly difficult for infosec teams is a parallel development. Not only are your apps leaving the data-center, but your employees are leaving the building. In the good old days, you might have used firewalls or secure web gateways to give you visibility. On top of that, risky or unsanctioned apps could be blocked with a firewall script or added to a blacklist.

But with employees working from home, the network perimeter has disappeared. In this new world, how can you have any idea what’s going on, let alone impose control?

The growth of SaaS

The rapid adoption of SaaS services has driven cloud computing and digital transformation for many organizations. File storage, CRM, and ERP systems are now commonly delivered on a SaaS basis. Services based on the SaaS model offer fantastic advantages. For a start, they do not require in-house infrastructure. In addition, they have rich out of the box feature sets and deliver across both web and mobile platforms. Finally, their low upfront commitment and automatic version updates make them easy to adopt. Their advantages are endless…

…and of Shadow IT

Research by Microsoft shows that on average enterprises use more than 1,000 SaaS applications and that IT are unaware of more than 60% of these applications (so-called ‘shadow IT’). As a result, corporate data can easily slip beyond the control of the company’s ‘gatekeeper’. Once your CRM is in the cloud, your visibility is limited – it’s more challenging to see when a soon to depart salesperson has downloaded the contact details of your entire customer base. Or, imagine that highly- sensitive network diagrams are leaked online leaving your company vulnerable to spoofing or Man-in-the-Middle attacks.

Discovery and control

It is on foot of these trends that the ability to discover and control cloud app usage across organizations has become critical. New SaaS apps need to be quickly identified and risk assessed. Approved apps can be integrated with existing identity and security processes while risky and unsanctioned apps can be blocked. Robust mechanisms for discovering cloud app usage and blocking unapproved apps are important. Remote and mobile work scenarios present particular challenges because they are beyond the network perimeter. For instance, mobile app usage has doubled since organizations migrated to remote working. As a result, companies have no way of knowing what SaaS services their employees are engaging with. For example, an employee might use unsanctioned cloud storage apps for uploading client data or use unapproved marketing automation tools. This is why cloud app security and visibility is critical.

Why endpoint makes sense

The answer to this is what the industry calls “endpoint cloud application discovery and control”. What does this clunky phrase refer to, you ask? It refers to the use of endpoint security solutions, such as Corrata or Microsoft Defender ATP, to identify cloud app usage and to block risky or unsanctioned apps.

The endpoint security solution collects traffic information to discover what apps are in use, uploading this information to a cloud access security broker (CASB) solution such as Microsoft Cloud App Security. The IT admin uses the CASB portal to specify which apps are to be blocked. The CASB then automatically forwards these instructions to the endpoint security solution which enforces the block on the endpoint.

At Ignite 2019, Microsoft Cloud App Security announced an integration with Microsoft Defender ATP to bring endpoint-based cloud discovery and control to Windows devices. Now Corrata’s integration with Microsoft Cloud App Security means that Microsoft customers can extend the same discovery and control to phones and tablets. This means that you can automatically detect the cloud apps your employees are using on mobile devices and take the appropriate security actions. Namely, Corrata acts as a firewall on your unmanaged mobile and tablet devices.

How does it work?

Corrata and Microsoft have worked together to ensure that the integration of the Corrata solution with Microsoft Cloud App Security is simple and easy to implement.

A graphic showing how Corrata and Microsoft have worked together to ensure that the integration of the Corrata solution with Microsoft Cloud App Security is simple and easy to implement.

Traffic information from smartphones and tablets running Corrata is uploaded for analysis to Microsoft Cloud App Security on a continuous basis. Cloud app usage information collected by Corrata is visible to admins via the Microsoft Cloud App Security console. This provides an integrated view of an organization’s cloud app usage and one-click enforcement of app usage policies across iOS, Android, and Windows devices.

App designated as risky or unsanctioned within the Cloud App Security portal are automatically blocked by Corrata on the mobile endpoint. This capability is delivered using Corrata’s patented SafePathML technology which uses Machine Learning to accurately assess the probability of a domain being unsafe. With SafePathML, Corrata can block threats even before the wider cyber security community has identified them.

If you’re an existing or prospective Corrata or Microsoft Cloud App Security customer, you can learn more here about how to harness the advantages of endpoint-based discovery and control for cloud apps.

Corrata is a member of the Microsoft Intelligent Security Association.

Find the Corrata Microsoft Cloud App Security Solution on the Azure Marketplace here.

To learn more about the Microsoft Intelligent Security Association (MISA) #MISA, visit our website where you can learn more about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn more about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft and Corrata integrate to extend cloud app security to mobile endpoints appeared first on Microsoft Security.