SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

Microsoft makes security offerings available to nation states and law enforcement

By Rob Leffert
Tue 25 Sep 2018
FYI, this story is more than a year old

Cybersecurity is the central challenge of the digital age.

Without it, the most basic human rights like privacy cannot exist.

Every day, organisations take precious time and resources away from their core business mission to defend against and recover from cyberattacks.

They operate dozens of complex disconnected tools, yet the gaps between those tools remain and threats get through.

Their security teams struggle to keep up and skilled expertise is scarce.

Microsoft is empowering IT to unlock the security capabilities of the intelligent cloud to tip the scales in the cyber war.

Microsoft focuses on three areas: running security operations that work for customers, building enterprise-class technology, and driving partnerships for a heterogeneous world.

First, it's clear today's cyberwar is an intelligence game.

At Microsoft, more than 3500 full-time security professionals work with leading AI tools to analyse more than 6.5 trillion global signals each day.

This is the most recent chapter in a journey down the experience curve that we have been on for more than a decade.

Beginning with securing the operating system platform, our Microsoft Threat Intelligence Center (MSTIC) learned to build multi-dimensional telemetry to support security use cases and to spot that rogue exploit in a distant crash dump bucket.

As the attacks morphed, so did Microsoft's defensive approaches in our threat intelligence and response teams through PCs to the Internet era, from servers in the data center to workloads in the cloud.

Today, Microsoft operates its security infrastructure at a global scale to protect its customers: securing data centers, running a Cyber Defense Operations Center, hacking its own defences (red-teaming), and hunting down attackers.

Specialists in the Microsoft Cybersecurity Solutions Group work with Microsoft customers to strengthen their resilience and help them recover from incidents.

Microsoft's Digital Crimes Unit works to disrupt and deter perpetrators.

Microsoft blocks more than 5 billion distinct malware threats per month.

One recent example shows the power of the cloud.

Microsoft's cloud-based machine learning models detected a stealthy and highly targeted attack on small businesses across the United States with only 200 discrete targets called Ursnif and neutralised the threat in seconds.

Second, with Microsoft's enterprise-class technology, it is using the cloud to secure organisations broadly.

The cloud enables it to take all its signal, intelligence, and operational experience and

use it to help its customers be more secure, with enterprise-class security technology.

In identity, for example, Microsoft takes the insights from processing hundreds of billions of authentications a month and delivers risk-based conditional access for customers using Azure AD to secure access to thousands of SaaS and line of business applications.

For security operations professionals, Microsoft surface its threat intelligence and has created a community where its researchers and others from the industry, can share advanced queries to hunt attackers and new threats so that it can collectively advance insight and protection.

At its Ignite conference in Orlando, Microsoft made these additional announcements:

  • Nearly all data loss starts with compromised passwords. Microsoft is delivering new support for password-less login via the Microsoft Authenticator app for the hundreds of thousands of Azure AD connected apps that businesses use every day.  
  • Microsoft Secure Score is an enterprise-grade dynamic report card for cybersecurity. By using it, organisations get assessments and recommendations that typically reduce their chance of a breach by 30-fold with steps like securing admin accounts with MFA and end users accounts with MFA and turning off client-side email forwarding rules. Many of these best practices mirror those of consumers, where the most impactful steps toward improving overall security include upgrading to Windows 10, turning on MFA for all available accounts (including MSA), and enabling ransomware protection in OneDrive. The average score we see across the Ignite audience today is in the 80s, for an active user it is over 120.  
  • Building on our experience running security operations, we are announcing Microsoft Threat Protection. It brings together threat protection solutions across email, PCs, documents, identities and infrastructure into a single integrated experience in Microsoft 365 saving thousands of hours for over-stretched security teams.  
  • In addition to these intelligent security products available to Microsoft 365 customers today, Microsoft is looking ahead and opening new business scenarios with previews of Azure confidential computing to protect data in use.

Third, Microsoft is driving a broad set of technology, industry and policy partnerships for a heterogeneous world.

It tackles emerging new ecosystem challenges like security for MCU-powered devices and IoT with innovations such as Azure Sphere, now available for preview.

Microsoft works with fellow security vendors to integrate the variety of security tools that its mutual customers use through its Microsoft Intelligent Security Association.

Specifically, the Microsoft Graph Security API, generally available starting today, helps partners (such as Palo Alto Networks) work with Microsoft to deliver better threat detection and faster incident response.

It connects a broad ecosystem of security solutions via a standard interface to help integrate security alerts, unlock contextual information, and simplify security automation.

Microsoft is working with tech companies, policymakers, and institutions critical to the democratic process on strategies to protect the United States' midterm elections.

The company's Defending Democracy program is working to protect political campaigns from hacking, increase the security of the electoral process, defend against disinformation, and bring greater transparency to political advertising online.

Part of this program is the AccountGuard initiative which provides cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organisations.

Microsoft has seen strong AccountGuard interest and in the first month onboarded more than 30 organisations.

Its focused on onboarding large national party operations first and has successfully done so for committees representing both major US parties as well as high-profile campaigns and think-tanks, and we are working to onboard additional groups each week.

Microsoft is developing plans to extend its Defending Democracy program to democracies around the world.

Since participating in the establishment of the Cybersecurity Tech Accord, an agreement to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states, it has seen that group nearly double in size with 27 new organisations joining from around the globe including Panasonic, Salesforce, Swisscom and Rockwell Automation to name a few, bringing total signatories to 61.

The Digital Crimes Unit has worked with global law enforcement agencies to bring criminals to justice: to date, taking down 18 criminal botnets and rescuing nearly 500 million devices from secret botnet control.

In partnership with security teams across the company, the DCU has also combatted nation-state hackers, using innovative legal approaches 12 times in two years to shut down 84 fake websites, often used in phishing attacks and set up by a group known as Strontium that is widely associated with the Russian government.

By Microsoft security corporate vice president Rob Leffer

Related stories
Top stories
Story image
Cybersecurity
Video: 10 Minute IT Jams - An update from SearchInform
Val Novoselova joins us today to to discuss new trends in the information security space, and how SearchInform is adapting to some of the new trends we are seeing.
Story image
Secure Code Warrior
Secure Code Warrior announces Coding Labs innovation
Coding Labs mechanisms allow developers to move from learning to applying secure coding knowledge more efficiently, leading to fewer code vulnerabilities.
Story image
Phishing
Vectra Protect team finds Microsoft Teams vulnerability
The Vectra Protect team identified a post-exploitation opportunity in August, allowing malicious actors to steal valid user credentials from Microsoft Teams.
Story image
Cybersecurity
StackHawk launches deeper API security test coverage
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs.
Story image
Ransomware
Absolute recognised in KuppingerCole Leadership Compass 2022
The company's Absolute Secure Access was recognised for its ability to protect users and resources while improving the remote worker experience.
Story image
Observability
Virtualisation Security Market to reach over $7 billion by 2032 - report
A new report from Future Market Insights has found that the Virtualisation Security Market is anticipated to reach a valuation of US $7.6 billion.
Story image
Software Defined Wide Area Network
Versa Networks recognised as Leader in Magic Quadrant for SD-WAN
The company has been positioned as a Leader for its ability to execute and convey completeness of vision in the Magic Quadrant.
Story image
Cybersecurity
Cyber security incidents more common in APAC - report
Chief financial officers in the Asia Pacific are woefully uninformed about their company's cyber security risks, according to a new report.
Story image
Compliance
Security and compliance challenges halt innovation strategies
"What’s needed is a new mindset and a fresh approach, one in which security and compliance are continuous and actually speed innovation."
Story image
Malware
SonicWall threat report mid-year update highlights significant threat variance
The 2022 SonicWall Cyber Threat Report mid-year update from SonicWall gives an in-depth insight into many of the current trends across the threat landscape.
Story image
Digital Transformation
Report highlights gaps in trust between enterprises and consumers
ISACA defines digital trust as the confidence in the integrity of relationships, interactions and transactions among providers and consumers.
Story image
Software Defined Wide Area Network
Fortinet named Leader for SD-WAN in 2022 Gartner Magic Quadrant
The company has announced it has been positioned highest in ability to execute for two years in a row and recognised for completeness of vision.
Story image
Cloud
Netskope launches enhancements to cloud firewall solution
Netskope has announced key enhancements to Netskope Cloud Firewall, the firewall-as-a-service (FWaaS) component of its converged SASE platform.
Story image
Distributed Denial of Service
Reevaluating DDoS protection for a changing threat landscape
DDoS attacks are gaining in frequency, intensity, duration, and complexity, with attackers employing more vectors
Story image
Enterprise
Delinea shares the importance of PAM, partners and security for modern enterprise
Identity-based security is becoming a crucial tool for modern enterprises as they continue to adapt to different working environments.
Story image
Firewall
Barracuda tackles intensified threat landscape with latest releases
"The Barracuda XDR solution combines data across our security stacks through a single dashboard view, giving us the visibility we need."
Story image
IoT security
Nozomi Networks and WALLIX strengthen OT network security
By combining WALLIX and Nozomi Networks solutions, end-to-end visibility and traceability for maximum security in an industrial environment is provided.
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
IT infrastructure
Check Point Software Technologies launches new Horizon innovation
There is now a need for all organisations to have a security operations centre with 24/7 monitoring, response, and threat-hunting capabilities.
Story image
Cryptocurrency
Crypto giveaway scams continue to soar, according to report
There's been a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. 
Story image
Cybersecurity
Confidence in security challenges of hybrid work improving
84% of IT professionals have some degree of confidence in their user access security systems to enable remote work securely and easily, up from 56% in 2021.
Story image
Cybersecurity
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
Story image
Malware
Absolute Software extends persistence technology to Trellix
Customers can benefit from Absolute’s firmware-embedded connection, ensuring that Trellix's endpoint protection solution remains effective and healthy.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Artificial Intelligence
Artificial Intelligence in cybersecurity - Future Market Insights
It is projected that revenue through the software segment in the AI in the cybersecurity market will grow at 15.8% CAGR during the forecast period. 
Story image
Data Protection
Barracuda adds web security in Zero Trust Access solution
The latest release of Barracuda CloudGen Access protects users from malicious web content and strengthens integration with identity providers.
Story image
Encryption
Entrust advances Sigma Instant Issuance Platform for cards
Unique light curing module for Entrust Sigma instant issuance systems brings new financial card durability and personalization to card issuers.
Story image
Artificial Intelligence
ForgeRock announces next gen identity orchestration capabilities
ForgeRock has launched identity orchestration capabilities to enable enterprises to deliver improved user experiences secured by threat protection.
Story image
Cybersecurity
Aqua Security solution to stop software supply chain attacks
Development and security teams can now proactively address the most critical software supply chain risks from code through runtime.
Story image
Phishing
Barracuda adds Zero Trust Access to enhance email security
The new capabilities allow customers to control access to email systems and Microsoft 365 applications on a need-to-know basis, enhancing email security.
Story image
Customer Relationship Management
Why Managed Service Providers are the next big target
MSPs are now such an integral part of the digital ecosystem that companies trust more of their sensitive data with them
Story image
Cloud Security
CrowdStrike launches new partner program to expand routes to market
"We developed the CPSP program in partnership with GSIs, MDR vendors, MSPs, MSSPs and Telcos to ensure we were meeting their needs and empowering them."
Story image
Malware
August's top malware: Emotet knocked off top spot
FormBook is now the most prevalent malware, taking over from Emotet, which has held that position since its reappearance in January.
Story image
Cybersecurity
Hands-on review: Yubikey 5C NFC
Founded in 2007 and specialising in computer and network security, the Swedish company Yubico is now a leader in global authentication.
Story image
Ransomware
Commvault unveils early warning system, Metallic ThreatWise
A first among data protection vendors, the new cyber deception service detects and contains ransomware threats.
Story image
Web Development
Oracle reveals and releases new Java 19 updates
Oracle has announced the availability of Java 19, which is set to deliver performance, stability, and security improvements for developers.
Story image
Security vulnerabilities
Claroty finds seven vulnerabilities in Dataprobe iBoot-PDU
The Claroty research team (Team82) has found seven vulnerabilities in Dataprobe's iBoot-PDU, the company's intelligent power distribution unit product.
Story image
Software-as-a-Service
Varonis unveils new security features for Salesforce admins
Data security firm adds one-click permissions comparison and analysis features for Salesforce admins, saving them time while improving security posture.
Story image
Network Security
20/20 visibility key to improving network security
IT leaders around the world share a ubiquitous appetite for greater network visibility, according to a new study from Infoblox.
Story image
Partnerships
Concentric AI, Snowflake to enhance data security posture
The integration benefits joint customers by making Concentric AI's data security posture management capabilities readily available on the Snowflake Data Cloud.