Swedish Windows Security User Group

At Microsoft, we never stop working to protect you and your data. If the evolving cyberattacks over the past three years have taught us anything, it’s that threat actors are both cunning and committed. At every level of your enterprise, attackers never stop looking for a way in. The massive increase in data—2.5 quintillion bytes generated daily—has only increased the level of risk around data security.¹ Organizations need to make sure their information is safe from malicious attacks, inadvertent disclosure, or theft. During the third quarter of 2022, insider risks, including human error, accounted for almost 35 percent of unauthorized access incidents.² But on the positive side, we’re seeing a growing awareness across all areas of organizations about the need to safeguard data as a precious resource.

Our customers have been clear in voicing their need for a unified, comprehensive solution for data security and management, one that’s as scalable as their business needs. In the Go Beyond Data Protection with Microsoft Purview digital event on February 7, 2023, Alym Rayani, General Manager of Compliance and Privacy Marketing at Microsoft, and I will discuss Microsoft’s approach to data security, including how to create a defense-in-depth approach to protect your organization’s data. We’ll also introduce some groundbreaking innovations for our Microsoft Purview product line—such as Adaptive Protection for data powered by machine learning—and invite new customers to sign up for a free trial. We remain guided by our core belief that security is a team sport. So in this blog, I’ll address how our newest innovations can help your team keep your data safe while empowering productivity and collaboration. We’ll also look at steps you can take to build a layered data security defense within your organization.

A new approach for a new data landscape

We’ve all seen how the ongoing shift to a hybrid and multicloud environment is changing how organizations collaborate and access data. Considering the massive amounts of data generated and stored today, it’s easy to see how this creates a business liability. More than 80 percent of organizations rate theft or loss of personal data and intellectual property as high-impact insider risks.³ Often the risk stems from organizations making do with one-size-fits-all, content-centric data-protection policies that end up creating alert noise. This signal overload leaves admins scrambling as they manually adjust policy scope and triage alerts to identify critical risks. Fine-tuning broad, static policies can become a never-ending project that overwhelms security teams. What’s needed is a more adaptive solution to help organizations address the most critical risks dynamically, efficiently prioritizing their limited security resources on the highest risks and minimizing the impact of potential data security incidents.

Adaptive Protection in Microsoft Purview is the solution. This new capability, now in preview, leverages Insider Risk Management machine learning to understand how users are interacting with data, identify risky activities that may result in data security incidents, then automatically tailor Data Loss Prevention (DLP) controls based on the risk detected. With Adaptive Protection, DLP policies become dynamic, ensuring that the most effective policy—such as blocking data sharing—is applied only to high-risk users, while low-risk users can maintain their productivity. The result: your security operations team is now more efficient and empowered to do more with less.

Adaptive Protection in action

Let’s take a look at how Adaptive Protection can benefit your organization in everyday use. Imagine there’s a company named Contoso where Rebecca and Chris work together on a confidential project. Rebecca and Chris both try to print a file related to that project. Rebecca gets a policy tip to educate her that the file contains confidential information and that she will need to provide a business justification before printing. But when Chris tries to print the file, he gets blocked outright by Contoso’s endpoint DLP policy. 

So, why do Rebecca and Chris have different experiences? The security team at Contoso uses Adaptive Protection, which detected that Chris has a privileged admin role at Contoso, and he had previously taken a series of exfiltration actions that may result in potential data security incidents. As Chris’s risk level increased, a stricter DLP policy was automatically applied to him to help mitigate those risks and minimize potential negative data security impacts early on. On the other hand, Rebecca has only a moderate risk level, so Adaptive Protection can educate her on proper data-handling practices while not blocking her ability to collaborate. This also influences positive behavior changes and reduces organizational data risks. For both Rebecca and Chris, the policy controls constantly adjust. In this way, when a user’s risk level changes, an appropriate policy is dynamically applied to match the new risk level.

With Adaptive Protection, Contoso’s security team no longer needs to spend time painstakingly adding or removing users based on events, such as an employee leaving or working on a confidential project, to prevent data breaches. In this way, Adaptive Protection not only helps reduce the security team’s workload, but also makes DLP more effective by optimizing the policies continuously.

Adaptive Protection in Microsoft Purview integrates the breadth of intelligence in Insider Risk Management with the depth of protection in DLP, empowering security teams to focus on building strategic data security initiatives and maturing their data security programs. Machine learning enables Adaptive Protection controls to automatically respond, so your organization can protect more (with less) while still maintaining workplace productivity. You can learn more about Adaptive Protection and watch the demo in this Microsoft Mechanics video.

Fortify your data security with a multilayered, cloud-scale approach

As I speak with customers, I continue to hear about their difficulties in managing a patchwork of data-governance solutions across a multicloud and multiplatform environment. Today’s hybrid workspaces require data to be accessed from a plethora of devices, apps, and services from around the world. With so many platforms and access points, it’s more critical than ever to have strong protections against data theft and leakage. For today’s environment, a defense-in-depth approach offers the best protection to fortify your data security. There are five components to this strategy, all of which can be enacted in whatever order suits your organization’s unique needs and possible regulatory requirements.

1. Identify the data landscape: Before you can protect your sensitive data, you need to discover where it lives and how it’s accessed. That requires a solution that provides complete visibility into your entire data estate, whether on-premises, hybrid, or multicloud. Microsoft Purview offers a single pane of glass to view and manage your entire data estate from one place. As a unified solution, Microsoft Purview empowers you to easily create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Now in preview are more than 300 new, ready-to-use trainable classifiers for source code discovery, along with 23 new pre-trained out-of-the-box trainable classifiers that cover core business categories, such as finance, operations, human resources, and more.
2. Protect sensitive data: Along with creating a holistic map, you’ll need to protect your data—both at rest and in transit. That’s where accurately labeling and classifying your data comes into play, so you can gain insights into how it’s being accessed, stored, and shared. Accurately tracking data will help prevent it from falling prey to leaks and breaches. Microsoft Purview Information Protection includes built-in labeling and data protection for Microsoft 365 apps and other Microsoft services, including sensitivity labels for Outlook appointments, invites, and Microsoft Teams chats. Microsoft Purview Information Protection also empowers users to apply customized protection policies, such as rights management, encryption, and more.
3. Manage risks: Even when your data is mapped and labeled appropriately, you’ll need to take into account user context around the data and activities that may result in potential data security incidents. As I noted earlier, internal threats accounted for almost 35 percent of unauthorized access breaches during the third quarter of 2022.² The best approach to addressing insider risk is a holistic approach bringing together the right people, processes, training, and tools. Microsoft Purview Insider Risk Management leverages built-in machine learning models to help detect the most critical risks and provides enriched investigation tools to accelerate time to respond to potential data security incidents, such as data leaks and data theft. Recent updates include sequence detection starting with downloads from third-party sites and a new trend chart to show a user’s cumulative data exfiltration activities. And to help reduce noise and ensure safe and compliant communications, we’ve added a policy condition to exclude email blasts (such as bulk newsletters) from Microsoft Purview Communication Compliance policies.
4. Prevent data loss: This includes unauthorized use of data. More than 85 percent of organizations do not feel confident they can detect and prevent the loss of sensitive data.⁴ An effective data loss protection solution needs to balance protection and productivity. It’s critical to ensure the proper access controls are in place and policies are set to prevent actions like improperly saving, storing, or printing sensitive data. Microsoft Purview Data Loss Prevention offers native, built-in protection against unauthorized data sharing, along with monitoring the use of sensitive data on endpoints, apps, and services. DLP controls can be extended to macOS endpoints, non-Microsoft apps through Microsoft Defender for Cloud apps, and to Google Chrome, providing comprehensive coverage across customers’ environments. We now also support in preview DLP controls in Firefox with the Microsoft Purview Extension for Firefox. And now with the general availability of the Microsoft Purview Data Loss Prevention migration assistant, you’re able to automatically detect your current policy configurations and create equivalent policies with minimal effort.
5. Govern the data lifecycle: As data governance shifts toward business teams becoming stewards of their own data, it’s important that organizations create a unified approach across the enterprise. This kind of proactive lifecycle management leads to better data security and helps ensure that data is responsibly democratized for the user, where it can drive business value. Microsoft Purview Data Lifecycle Management can help accomplish this by providing a unified data-governance service that simplifies the management of your on-premises, multicloud, and software as a service (SaaS) data. Now in preview, simulation mode for retention labels will help you test and fine-tune automatic labeling before broad deployment.

And lastly, we’re making it easier for you to assess and monitor your compliance posture with integration between Microsoft Purview Compliance Manager and Microsoft Defender for Cloud. This new integration enables your security operations center to ingest any assessment in Defender for Cloud, simplifying your work by bringing together multiple services in a single pane of glass.

Data protection that keeps you moving forward fearlessly

Data is the oxygen of digital transformation. And in the same way that oxygen both sustains life and feeds a fire, each organization must strike a balance between ready access to data and securing its combustible elements. At Microsoft, we don’t believe your business should have to sacrifice productivity for greater data protection. This is where Adaptive Protection in Microsoft Purview excels—empowering your security operations center to efficiently safeguard sensitive data with the power of machine learning and cloud technology—without interfering with business processes. If you’re not already a Microsoft Purview customer, be sure to sign up for a free trial. 

Mark your calendar for Microsoft Secure on March 28, 2023, where you’ll hear about even more Microsoft Purview innovations. This new digital event will bring together customers, partners, and the defender community to learn and share comprehensive strategies across security, compliance, identity, management, and privacy. We’ll cover important topics such as the threat landscape, how Microsoft defends itself and its customers, the challenges security teams face daily, and the future of security innovation.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

---

¹How Much Data Is Created Every Day in 2022? Jacquelyn Bulao. January 26, 2023.

²Insider threat peaks to highest level in Q3 2022, Maria Henriquez. November 2022.

³Build a Holistic Insider Risk Management Program, Microsoft. October 2022.

⁴2021 Verizon Data Breach Report. 2021.

The post Introducing Adaptive Protection in Microsoft Purview—People-centric data protection for a multiplatform world appeared first on Microsoft Security Blog.

Currently, our interconnected world is creating 2.5 quintillion bytes of data every day.¹ Every purchase made, every email sent, every contract signed: all of it gets shared, accessed, and stored. We take it on faith that organizations are doing all this safely; however, data loss is becoming a distressingly common occurrence. A data breach that affected a major cellular provider in 2021 ended up costing the company USD350 million—and that’s just the customer settlement.² On top of risks to your finances and reputation, tighter regulatory requirements like General Data Protection Regulation³ (GDPR) and the Health Insurance Portability and Accountability Act of 1996⁴ (HIPAA) demand updated processes and controls that show proof of compliance.

Your data protection strategy needs to be accurate, comprehensive, and scalable without hindering productivity. Traditional data protection solutions have typically taken a patchwork approach, often requiring resource-intensive custom integrations that don’t scale well. Worse, this kind of ad hoc solution can expose infrastructure gaps that attackers seek to exploit. In contrast, an integrated approach to data protection provides automated, customizable classification, as well as pre-built regulatory templates and flexible data loss prevention (DLP) policy controls. Microsoft Purview has the added benefit of being already integrated across many industry-standard applications and services, workloads, and digital estates—on-premises, software-as-a-service (SaaS), and in multicloud, multiplatform environments. In this blog post, we’ll hear from some of Microsoft’s customers about their experiences implementing Microsoft Purview Information Protection and Microsoft Purview Data Loss Prevention and how these cloud-based solutions streamlined their security. To experience what holistic data protection can do for your organization, you’re invited to sign up for a free trial.

Rabobank balances data security with employee access

Protecting data confidentiality for 8.9 million private and corporate customers worldwide is no easy task, but Netherlands-based Rabobank is committed to balancing data protection with customer privacy. To get there, the company’s small security team needed a DLP solution that could help secure the bank’s assets across 42,000 endpoints spread over 23 countries. Their previous solution was oriented to siloed rule sets, meaning it assessed data in terms of a given department. This made it difficult for a multinational organization like Rabobank to maintain rules across multiple areas. ”One of our significant issues is how to stay current with policies that change frequently across multiple regions,” says Edo Immink, IT Lead for Office 365, Rabobank. Without that global view, the security team was left dealing with a complicated rule set in aging infrastructure. “That meant people would have to drop other priorities and rush in to fix things,” Immink explains.

Rabobank was concerned about potential data leakage from USB drives, browsers, and printers. When it was first available in 2020, Microsoft Purview Data Loss Prevention offered a cloud-based solution with built-in controls for managing sensitive information across endpoints and applications—covering Microsoft 365, SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams. This built-in connection with Microsoft apps provided the bank’s security team with the advantage of managing all data policies from one place—the Microsoft Purview compliance portal. Seeing the benefits of pre-integration, Rabobank moved to get maximum value from its Microsoft 365 E5 license by rolling out Microsoft Purview Data Loss Prevention companywide.

Adopting Microsoft Purview Data Loss Prevention also helped Rabobank increase its agility by decreasing the overall number of DLP policies it had to manage. And having an encompassing view of apps and endpoints helped curtail inappropriate data sharing across the company’s global workforce of more than 40,000 employees, many of whom rely heavily on mobile devices. The bank’s security team worked with Rabobank regional security officers to deploy policies that protect data while making it easier for employees to access everything they need. In turn, this freed up time for Rabobank’s IT teams to focus on more high-value activities.

“We benefit from getting our business apps, security, and DLP tooling from the same source because they all work together seamlessly,” says Jacob Kralt, Product Owner for Office 365 Compliance, Rabobank. “And by combining Microsoft Sentinel with Microsoft Purview Data Loss Prevention and the Microsoft 365 platform, we have a holistic view of our ecosystem and can manage it more easily.”

Fannie Mae protects privacy while boosting productivity

As a leading source of financing in the housing market, Fannie Mae provided USD1.4 trillion in liquidity to the United States mortgage market in 2021. That success wouldn’t be possible without reliably securing millions of customers’ personally identifiable information (PII). And that requires understanding how data is used internally to help prevent exfiltration. Fannie Mae needed a data loss prevention solution that would enable productivity while complying with their strict security protocols and Federal Housing Administration (FHA) regulations. The company’s objective was to create a trust model that helps protect its data from both internal and external risks, all while keeping pace with evolving cybersecurity demands.

As it turned out, the solution was already in their hands—the data protection and governance solutions in the company’s Microsoft 365 E5 license. “We adopted Microsoft Purview Data Loss Prevention because we’re hyper-focused on helping secure data end-to-end,“ says Kiran Ramineni, Vice President of Single-Family Architecture and Cloud, Data, AI/ML, and Infrastructure Architecture, Fannie Mae. Because the company also uses cloud-native Microsoft Azure and Microsoft Defender for Cloud, they gain a full suite of detection controls that prevent sensitive data from being exfiltrated. Fannie Mae’s on-premises environment is also connected to Defender for Cloud.

Ramineni praises the seamless interaction between Microsoft Purview Data Loss Prevention and Microsoft 365 productivity apps, such as OneDrive, noting that the seamless connectivity empowers Fannie Mae’s data scientists to access queries on OneDrive while automatically blocking PII from being moved back to the user’s OneDrive folders. Even better, the integration enhances productivity by allowing non-PII data to be saved back to employees’ shared folders. “Merging Microsoft Purview Data Loss Prevention and Defender for Cloud Apps with our Microsoft 365 apps gives us both sides of the coin,” says Ramineni. “We make it easy for data scientists to do their work, be more productive, and collaborate as necessary with those who are outside of the containment environment, and yet, we help keep data secure.”

Ramineni’s team is looking forward to deepening the company’s security infrastructure by adding Microsoft Purview Information Protection enterprise-wide—across cloud apps, on-premises data repositories, and infrastructure clouds. “We work to evolve as the threat landscape evolves, defending our environment from internal and external actors,” says Ramineni. “The best security is never done.”

Ernst & Young protects a global data estate by managing user permissions

Ernst & Young (EY) is one of the largest professional services networks in the world and is considered one of the “Big Four” accounting firms. Operating as a network of partner firms, EY has more than 300,000 employees in 700 offices spread across more than 150 countries. For that reason, the company decided to get the maximum benefit from their Microsoft 365 license by deploying Microsoft Purview Information Protection—safeguarding their worldwide data estate with automatic classification, sensitivity labels, and rights management.  

Microsoft Purview’s sensitivity labels include content and container types. Content labels are typically applied to data (such as files and emails) and include protections such as encryption and visual marking. Container labels are applied to repositories (such as SharePoint sites) and include protections such as multifactor authentication and privacy settings. Because Microsoft Purview Information Protection provides controls around the behavior of these labels—how they’re applied and changed, what the defaults are, and who can see them—admins can gain a complete picture of the company’s data using the Microsoft Purview compliance portal.

“Using a container label to differentiate permissions meant users could access a single document and prevent the same users from accidentally stumbling upon confidential documents; a key element of the Microsoft Purview Information Protection solution that we couldn’t get from any other solution on the market,” says Usman Abubakar, Assistant Director of Messaging Foundation Services, Ernst & Young.

The best data-protection tools you already own

Microsoft Purview Information Protection and Microsoft Purview Data Loss Protection provide holistic data protection as part of your Microsoft 365 E5 license, integrating seamlessly with Microsoft productivity apps as well as a broad third-party and partner ecosystem. When integrated with Microsoft Sentinel and Microsoft Defender for Cloud, your business can gain breadth and depth in controlling internal and external threats across your entire digital estate. To experience how Microsoft Purview can start protecting your organization’s precious data today, remember to sign up for a free trial.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

---

¹How Much Data is Created Every Day in 2022? Jason Wise. October 12, 2022.

²T-Mobile reaches $350M settlement in 2021 cyberattack and data breach impacting 76M people, Todd Bishop. July 22, 2022.

³General Data Protection Regulation, Intersoft Consulting. May 25th, 2018.

⁴Health Insurance Portability and Accountability Act of 1996 (HIPAA), Centers for Disease Control.

The post How businesses are gaining integrated data protection with Microsoft Purview appeared first on Microsoft Security Blog.

Managing and protecting data is critical to any organization. Data is growing exponentially, and remote work is making it even harder to manage risks around data. In fact, a recent Microsoft survey of security and compliance decision-makers found that data leaks are the top concern in remote and hybrid work scenarios.

To help our customers to address this challenge, today we are excited to announce the general availability of Microsoft Endpoint Data Loss Prevention (DLP).

A unified approach to data loss prevention

At Microsoft, we have long invested in developing information protection solutions for our customers. Microsoft Information Protection (MIP) is a built-in, intelligent, unified, and extensible solution that understands and classifies your data, keeps it protected, and prevents data loss across Microsoft 365 Apps (including Word, PowerPoint, Excel, and Outlook), services (including Microsoft Teams, SharePoint, and Exchange), third-party SaaS applications, and more—on premises or in the cloud. This unified data loss prevention approach provides simplicity, enabling you to set a DLP policy once and have it enforced across services, devices, and first-and third-party apps.

Endpoint DLP builds on the labeling and classification in Microsoft Information Protection and extends the existing DLP capabilities in Microsoft 365, helping you to meet compliance requirements and protect sensitive information on endpoints. It’s built into Windows 10, the Microsoft 365 Apps, and Microsoft Edge—without the need to deploy additional software on the device, which eliminates friction and makes it far easier to have visibility into your data. For users, it ensures security, without compromising productivity. Endpoint DLP provides policy tips to help educate users when they are about to violate a policy. It’s also integrated with Microsoft Defender for Endpoint (formerly known as Microsoft Defender Advanced Threat Protection), which can help you prioritize incident response based on additional factors.

New capabilities based on public preview feedback

With the general availability today, we’re happy to share that we’ve added additional capabilities as a part of the public preview program based on valuable feedback from our customers.

Last month, we also announced the addition of integration of unified data loss prevention with Microsoft Cloud App Security (MCAS) in public preview, allowing you to extend data protection to non-Microsoft cloud apps. For example, say a user is trying to share a document in a third-party app on his or her mobile device. Because Microsoft Cloud App Security helps protect cloud apps, the same DLP policy will be triggered, both the end-user and the admin will receive a notification, and in this case, the link will be automatically disabled.

In addition, we heard feedback from some of you that you’d like to be able to leverage your existing security investments. Endpoint DLP integrates with Microsoft Defender for Endpoint, but it is also compatible with most anti-virus software, which enables you to have a choice and extend the investments you’ve already made.

Today’s general availability announcement is only the beginning. We are also excited to announce some new capabilities going into preview today:

• Sensitivity labels are now included as a condition for Microsoft Data Loss Prevention (DLP) policies. This lets you define new enforcement actions and locations within Endpoint DLP that take into account the sensitivity context of information to better meet protection requirements.

Figure 1: Using sensitivity labeling as a condition of a policy in Endpoint DLP.

• A new dashboard within Microsoft 365 compliance center helps you to manage DLP alerts. Alerts provide details about DLP events—including the sensitive information types detected in the content, confidence score rating, and event count—to help DLP reviewers quickly identify high-risk events so they can more effectively triage and remediate events.

Figure 2: Data loss prevention event alerts show in the new dashboard in Microsoft 365 compliance center.

• New conditions and exceptions announced in public preview enhance the already existing predicate capabilities in DLP. Mail flow predicates provide a high degree of flexibility to configure the applicable ‘include’ and ‘exclude’ conditions in DLP policies to ensure that specific policies are applied to emails that only match the defined conditions.

Figure 3: New conditions and exceptions you can extend to your DLP policies to email messages.

You can learn a lot more about these new public preview capabilities in the TechCommunity blog.

Protecting your data

We continue to invest in providing you with the tools and visibility you need to help to protect your most precious asset – your data.

Endpoint DLP general availability will start rolling out to customers’ tenants in Microsoft 365 E5/A5, Microsoft 365 E5/A5 Compliance, and Microsoft 365 E5/A5 Information Protection and Governance starting today. Learn more about Endpoint DLP by reading the TechCommunity blog and visiting our documentation. You can sign up for a trial of Microsoft 365 E5 or navigate to the Microsoft 365 compliance center to get started today.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Extend data loss prevention to your devices with Microsoft Endpoint Data Loss Prevention, now generally available appeared first on Microsoft Security.

2020 will be remembered as a year of historic transformation. The pandemic has changed the way businesses operate and people work. One thing that has not changed is our basic human nature and the need to feel safe. Being safe and feeling safe is what allows us to do more, create more, and have trust in the technology that connects us all.

It’s no wonder, then, that cyber-security is so important right now. Digital security is about people—it’s about empowering defenders to defend and protect employees, data, work, and personal safety. It’s about making people and organizations resilient in an environment of unexpected change, like widespread remote work. Nearly overnight, organizations worldwide have had to enable remote workforces, support rapidly evolving business requirements, and steer to the next normal without knowing what that normal would be.

All of this takes place against a backdrop of advanced threats and adversaries. For example, Microsoft threat intelligence teams recently exposed cyberattacks targeting people and organizations involved in the upcoming U.S. presidential election including unsuccessful attacks on people associated with both presidential campaigns from a variety of foreign activity groups known to Microsoft as Strontium, Zirconium, and Phosphorus.

For those responsible for securing their organization’s digital infrastructure, this has all come on top of what they were already navigating—levels of complexity that often translate into barriers for companies, their people, and the customers they serve. That’s why we’re so passionate about reimagining security, identity, and compliance. We hold a differentiated view among our peers that security should not only encompass all critical aspects of security—including cybersecurity, identity, and compliance – but that these components should be tightly integrated, and built right into the products and platforms that businesses are already using, so that managing safe access, securing data, meeting regulatory requirements and protecting against threats is seamless.

Countless innovative companies like ASOS, CenturyLink, Erie Insurance, Frost Bank, Rabobank, Unilever, Rockefeller Capital Management, Uniper, Komatsu, and The Little Potato Company; and public sector organizations including the US Department of Defense, New Jersey Administrative Office of the Courts, Ashford & St. Peter’s Hospitals (NHS), St. Luke’s, and Durham University are tapping into the Microsoft cloud to help secure their futures. Today we’re delivering a new set of security, compliance, and identity innovations to help all customers simplify and modernize their environments by embracing the reality that the past seven months have likely reshaped the next 10 years of security and digital transformation.

Modern security with a new Microsoft Defender

Poor security posture is often rooted in complexity. Security teams have historically struggled to keep up with threats and signals across a patchwork of poorly integrated solutions that fail to cover the breadth of workloads, clouds, and devices that businesses run on. Fortunately, the cloud has given rise to a new generation of modern security tools that simplify the defender experience by combining signals and automating responses to catch threats that would otherwise go unchecked. The most important emerging tools are Extended Detection and Response (XDR) and cloud-native Security Information & Event Management (SIEM). Most vendors only offer one or the other.

Microsoft offers a unique approach that empowers security professionals with both cloud-native SIEM and XDR tools from a single vendor. This brings a new level of integration that gives defenders the best of both worlds—an end to end visibility across all of their resources and intelligent alerts built with a deep understanding of individual resources, enhanced with human and machine intelligence.

Today we are making the following announcements to simplify the defender experience with modern and integrated capabilities:

• We are unifying all of our XDR capabilities together and rebranding them as Microsoft Defender, inclusive of Microsoft 365 Defender and Azure Defender.
• Microsoft Defender offers the broadest resource coverage of any XDR in the industry, spanning identities, endpoints, cloud apps, email and docs, infrastructure, and cloud platforms.
• Microsoft Defender uses powerful workflows and AI to correlate alerts across attack vectors, provide an end-to-end view of the attack, and automatically heal affected assets.

In addition to bringing our XDR together under Microsoft Defender, we are also announcing new Defender capabilities:

• Microsoft Defender for Endpoint is now available for all major platforms, with the general availability of protection for Android devices and a preview for iOS.

• Azure Defender has a new unified dashboard experience within Azure Security Center that gives you visibility into your alerts and which resources are currently monitored.
• Azure Defender has new protections for SQL on-premises, Azure Kubernetes, Azure Key Vault, and IoT.
• Azure Defender for IoT now protects industrial IoT, Operational Technology (OT), and building management systems (BMS) with the integration of CyberX’s agentless capabilities for securing unmanaged devices acquired in June.

Our cross-domain detection and response capabilities from Microsoft Defender are deeply integrated with our cloud-native SIEM, Azure Sentinel, reducing complexity and increasing visibility so that defenders see what matters when it matters.  In Azure Sentinel we are announcing:

• Improvements to threat intelligence management and new integrations with threat intelligence partners, including the ability to search, add, and track threat indicators, perform TI look-ups, and enrichments as well as creating watchlists for hunting threats—so you can catch more threats, faster.
• User and entity behavior analytics that help SecOps detect unknown threats and anomalous behavior of compromised users and insider threats. New insights are unlocked with user and entity behavior profiles that leverage machine learning and Microsoft’s security research.
• To help Microsoft 365 E5 customers modernize faster, we are offering promotional pricing that will save the typical 3,500 seat deployment $1,500 per month—for a limited time, beginning in November 2020.

ASOS, a leading online fashion retailer, is using Azure Sentinel to detect attacks even while their security team is working remotely during the pandemic.

“With everything running through Azure Sentinel, we’ve reduced the time spent on case management and resolution of alerts by approximately 50 percent.” said Stuart Gregg, Cyber Security Operations Lead, ASOS. 

In addition to the XDR and SIEM news, we are enhancing security posture management in Azure Security Center with support for multi-cloud.  Now you can see all your Azure, AWS, and GCP security posture in a unified experience within Azure Security Center. Learn more about today’s Azure security announcements here.

Compliance, simplified

Our compliance cloud solutions help customers more easily navigate today’s biggest risks, from managing data or finding insider threats to dealing with legal issues or even addressing standards and regulations. We’ve listened to customers and invested heavily in a set of solutions to help them modernize and keep pace with the evolving and complex compliance and risk management challenges they face.

• One of our key investment areas is the set of Data Loss Prevention products in Microsoft 365. We recently announced the public preview of Microsoft Endpoint Data Loss Prevention (DLP), which means customers can now identify and protect data on devices. Today, we are announcing the public preview of integration between Microsoft Cloud App Security and Microsoft Information Protection, which extends Microsoft’s data loss prevention (DLP) policy enforcement framework to third-party cloud apps—such as Dropbox, Box, Google Drive, Webex, and more—for a consistent and seamless compliance experience
• Customers struggle to keep up with the constantly changing regulations around data protection. To help ease this challenge, we are excited to announce the general availability of Compliance Manager to help businesses simplify compliance and reduce risk by translating complex regulatory requirements to specific controls and through compliance score, get a quantifiable measure of compliance.

Customers like Frost Bank have found that tracking their compliance score makes compliance easier.

“Compliance is a really interesting field. Typically, you have somebody with a legal background, a risk background, or a security background, but very little technical background. And so trying to translate a regulation so that it fits within a technical environment is very difficult. With Compliance Manager, it actually allowed a lot of the tech talk to be translated for the side, the business side, but it also allowed a lot of the business side to be translated to the tech side. For us, it made the conversation very simple and it made the process almost seamless,” said Edward Contreras, CISO, EVP, Frost Bank.

The power of modern cloud-based identity protection

Nothing has done more to simplify the security challenges of remote work during the pandemic than modern identity solutions and Zero Trust architectures. A July 2020 Microsoft poll found that 94 percent of business leaders have already embarked on a Zero Trust journey. Identity is central to simplifying security today and shaping the next generation of the modern security infrastructure.

Microsoft is pushing the frontier of identity through the introduction of a decentralized model built on open standards to help balance the power between individuals and organizations in ways that enhance digital trust while protecting the privacy and reducing the risk of losing personal data.

• Today we are announcing a decentralized identity pilot together with the MilGears educational program of the US Department of Defense and Trident at AIU, which helps military veterans and service members enroll in higher education and jumpstart their civilian career.

This technology will significantly reduce the time and effort it takes for veterans to verify their service records and transcripts with universities and employers. It will also help veterans maintain control of their information.

The simplest way to manage identities and embark on a Zero Trust journey today is with Azure Active Directory (AD)—Microsoft’s cloud identity service, trusted by over 200 thousand organizations. They choose Azure AD for industry-leading security and seamless user experience.

• Today we are delivering more Azure AD innovation to help customers provide secure remote access to virtually all applications for employees, customers, and partners.

No company or industry is immune to attack and everyone deserves modern protection. The Little Potato Company is a family-owned business with 400 employees headquartered in Alberta, Canada that uses Conditional Access as a critical component in its Zero Trust security strategy. The Little Potato Company recently saw the value of Zero Trust security firsthand when a user’s credentials were compromised and used to attempt to access corporate data. Luckily, the company had deployed Azure AD and Conditional Access, which quickly identified and blocked the login attempts from multiple locations and an unfamiliar operating system.

What you can do today

Security is a journey, and we believe in progress over perfection. The key is that every step you take in the process makes your organization safer and simpler. In fact, it makes all of us safer as we work together to stop malicious activity from causing harm and to protect data and privacy in a modern, connected world.

Here are four things you can do today to make your organization safer and more resilient:

1. Use multi-factor authentication. Move toward passwordless.
2. Have a plan for keeping software up to date and patch, patch, patch!
3. Get a handle on all devices connecting to your network, from phones and laptops to edge devices, and how you’re detecting potential threats to all of them.
4. Use benchmarks and insights like Microsoft Secure Score and Compliance Manager to understand your posture and track your progress.

2020 is marking a moment in time that none of us could have imagined; a moment that has amplified the need for a resilient response to unexpected change, and a moment in which digital safety is paramount to productivity and the peace of mind we all need to be at our best.​ We’re inspired by the way customers are using technology to turn obstacles into innovation, to turn ideas into solutions, and to embrace today’s challenges as an opportunity to build a better, safer world for all.​ That’s why we at Microsoft are reimagining security, identity, and compliance—to empower all people and organizations to thrive.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Microsoft Security blog to keep up with our expert coverage on security matters. Follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft announces cloud innovation to simplify security, compliance, and identity appeared first on Microsoft Security.