Securing an organization has never been simple. But over the past year, we’ve seen significant changes in the threat landscape that are having a major impact on organizations of every size in every sector. The frequency and sophistication of cyber events have increased significantly. We see headlines every day now of phishing schemes and ransomware attacks. Organizations and agencies that were once considered “off-limits,” like critical infrastructure or healthcare organizations, are now being targeted by bad actors, adding risk to human life.
And with hybrid work here to stay, the attack surface has expanded as personal devices become an essential part of the corporate network. Many security teams I speak with have been shifting their strategy to increase business resilience and, smartly, many have adopted a Zero Trust approach. I am so inspired by the fearlessness I see in these teams. They work tirelessly and confidently behind the scenes to protect their people and their organization from harm. With these superheroes in mind, I have exciting news to share today about how Microsoft Security provides the most comprehensive approach to security, enabling organizations of every size to be fearless as they grow, create, and innovate.
Protection for everyone
Cyber attackers do not discriminate; small businesses are just as susceptible as large enterprises. But based on our research, almost 60 percent of small and medium businesses said they didn’t feel equipped to maintain cybersecurity hygiene, citing insufficient resources and lack of specialized security skills.1 Today, we’re announcing Microsoft Defender for Business, which will enter public preview later this month and has been specifically built to bring the power of enterprise-grade endpoint security to small and medium businesses with up to 300 employees.
Small and medium businesses will be empowered to elevate their security by moving from traditional antivirus to next-generation protection, endpoint detection and response, and threat and vulnerability management—all while taking advantage of simplified setup and management. Defender for Business will be available both as a standalone solution and as integrated protection included within Microsoft 365 Business Premium. Additionally, Defender for Business also works with Microsoft 365 Lighthouse—so, IT service providers can add this powerful endpoint protection to their multi-customer view of security events. Learn more about Microsoft Defender for Business in today’s blog post.
Microsoft was recently announced as a leader in the Forrester XDR Wave™: Extended Detection and Response (XDR), Q4, 2021.2 We continue to innovate to bring the best of SIEM and XDR together to empower defenders with an integrated toolset and rich security intelligence:
- Microsoft Sentinel (formerly Azure Sentinel) now offers more than 100 solutions for data collection in a new content hub for easy discovery and deployment. We’re expanding fusion’s capabilities to identify previously unknown threats, integrating with Microsoft Azure Synapse to tap into the power of big data analytics, and introducing a new free trial. Learn more about Microsoft Sentinel.
- Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) now adds a new application governance capability, generally available today. App governance provides security and policy management to help identify, alert, and protect against risky behavior across data, users, and applications. Additionally, Defender for Cloud Apps has extended its app coverage, now including security for more than 26,000 cloud applications and covering all major cloud app use cases. Learn more in today’s blog post.
- Microsoft Defender for IoT (formerly Azure Defender for IoT), our agentless solution, is now integrated with Microsoft 365 Defender to bring IoT protection into the same workflow as the rest of your XDR. Additionally, it can now discover and secure enterprise IoT devices, which are ideal targets for attackers since they are often unpatched, misconfigured, and unmonitored. These updates enable Defender for IoT to provide unified protection for both enterprise IoT and operational technology (OT) devices used in critical industries like oil and gas. Learn more here.
- Azure Active Directory (Azure AD) Identity Protection now includes token theft detection, one-click enablement for risk data extensibility, and a built-in workbook to help detect and remediate identity-based threats. Learn more in today’s blog post.
Secure and trusted collaboration
We’re living through unprecedented growth of digital interactions. In this boundaryless digital ecosystem, trust between parties needs to be established in real-time. Yet trust is a rare commodity on the internet. In this new world where digital ‘handshakes’ are more common than analog, identity is absolutely fundamental.
At Microsoft, we’re building the identity of the future: a connective network that enables people, organizations, apps, digital services, and smart devices to make real-time access decisions based on a secure, privacy-respecting credentials exchange. Our identity platform will be the means of establishing trust—it will be the trust fabric for the boundaryless digital ecosystem of the future.
This trust fabric is what makes experiences like Microsoft Teams Connect already possible today. Our flexible and dynamic identity platform, Azure AD, underpins Microsoft Teams to help ensure that every access request, whether internal or external, is secured. It makes establishing secure collaboration across organizational boundaries possible. Security leaders can easily establish inter-company trust, and all employees across multiple companies can collaborate as one extended team.
As collaboration flows freely across organizational boundaries, it’s more important than ever to keep both your data and people secure and private. We firmly believe you can have both strong security and seamless collaboration that empower people to do their best work. With the Microsoft cloud, you can establish one information protection and governance policy and it will carry through to the documents people share in Microsoft 365, the data that’s managed by Azure Purview, the user controls in Microsoft Defender for Cloud Apps, and even the apps you build with Microsoft Power Platform. Today, we’re making several announcements that expand these capabilities:
- We’re broadening Azure confidential computing to help organizations meet their data privacy and security needs by protecting data-in-use for added security and multi-party computation. Trusted launch is generally available for all Gen2 virtual machines in Azure, and we’re extending our capabilities by partnering with AMD and Intel to offer confidential virtual machines and containers. Learn more about Azure confidential computing.
- We’re extending the co-authoring and AutoSave capabilities beyond the web and into the desktop Microsoft 365 apps to further enhance real-time collaboration and productivity. Multiple users can now be co-authors on a Word, Excel, or PowerPoint document simultaneously with auto-save—so, you don’t have to choose between information encryption and team collaboration. Learn more here.
- Insider Risk Management is adding a healthcare playbook with built-in indicators and a customizable machine learning template in public preview. The new playbook connects into Epic and other electronic medical records solutions to help healthcare companies identify potential insider risks related to patient data misuse. Learn more in today’s blog post.
- To help organizations maintain a positive work culture and a strong commitment to user privacy, Communication Compliance can now analyze content in attachments sent over Teams in addition to traditional text-based messages. To improve the onboarding experience, we’re also introducing Day Zero Insights, now in public preview, to see potential communication risks in your organization without configuring any policies. Learn more in today’s blog post.
- Microsoft Information Governance is adding the ability to set a retention or deletion policy for cloud attachments. As users often attach files stored in OneDrive and SharePoint to a Teams message, this policy helps organizations ensure they save the version of the file attachment sent with the message. Learn more in today’s blog post.
- To help customers embrace a Zero Trust approach,Compliance Manager’s data protection baseline assessment now includes additional controls, making it easy to assess, monitor, and improve compliance with our Zero Trust principles and recommendations. Learn more in today’s blog post.
- Last month, we announced Privacy Management for Microsoft 365 to help our customers proactively identify and prevent privacy risks, manage subject rights requests at scale, and empower employees to make smart data handling decisions. Today, we’re excited to announce Microsoft Priva with Privacy Management for Microsoft 365 as the first Priva solution. We’re committed to helping you build a privacy-resilient workplace and look forward to sharing future Microsoft Priva capabilities.
As part of our comprehensive approach to security, we’re committed to helping you protect your whole environment—across clouds, platforms, and devices. Today we’re extending our native Cloud Security Posture Management and Workload Protection capabilities to Amazon Web Services (AWS) within Microsoft Defender for Cloud, formerly known as Azure Security Center and Azure Defender. Defender for Cloud enables you to secure AWS and Azure environments from a single place with the same, seamless experience and without any dependencies on AWS Security hub.
In addition to out-of-the box recommendations that assess your security posture against industry standards and regulatory compliance, we’ve also extended our workload protection capabilities to Amazon’s Kubernetes service (EKS). These enhanced capabilities give security teams unified visibility across their multi-cloud workloads, enabling them to better prioritize with a holistic view of their security state. Learn more from our announcement blog.
Additionally, Microsoft Defender for Cloud now integrates with Azure Purview in public preview, enabling security teams to discover, classify, track, and secure sensitive information across their cloud workloads.
We also continue to expand our platform support on multiple fronts:
- We’re extending the types of unmanaged devices Microsoft Defender for IoT can discover and monitor to include enterprise IoT devices, such as conferencing systems, Voice over Internet Protocol (VoIP) phones, printers, cameras, and building automation. Learn more about Microsoft Defender for IoT.
- We’re expanding the breadth of Microsoft Endpoint Manager to include Linux desktops and enabling organizations to deploy security configurations directly to devices with Microsoft Defender for Endpoint. With these new capabilities, Endpoint Manager unifies endpoint configuration, management, and security across Windows, iOS, Android, macOS, and now Linux platforms.
- With the ability to manage Linux endpoints, organizations can now use Endpoint Manager to configure conditional access from Azure AD specifically for Linux users. Learn more here.
- Devices that have Defender for Endpoint and are not managed by Endpoint Manager can now be configured to receive security configurations directly without full device enrollment. This enables a single configuration surface in Endpoint Manager across device platforms, regardless of the management platform in use on the device. Learn more here.
- We’re making Conditional Access policies in Azure AD more granular, more extensible, and easier to deploy. Learn more in today’s blog post.
- Azure AD Conditional Access now includes new granular access controls with device and application filters, a new dashboard with a comprehensive view of Conditional Access policy gaps and coverage, and pre-built templates for recommended policies. It can now also be applied to workload identities.
- Azure AD Continuous Access Evaluation extends Conditional Access into each access session. Instead of applying policy just at the point of entry, it enforces policies in near real-time whenever a new threat is detected.
- Today, we’re extending the support for Microsoft’s Unified Data Loss Prevention (DLP) offering to include macOS. You can now identify sensitive information used on macOS devices and enforce a DLP policy to prevent it from being inappropriately shared, transferred, or used. Learn more in today’s blog post.
- Additionally, we’re extending the support for our Insider Risk Management offering to include macOS. Now on macOS devices you can leverage enhanced machine learning models to detect potential insider risk activities, such as the exfiltration of sensitive data, by either printing it, uploading it to a network or cloud location, or copying it to a USB. Learn more here.
Inspired by the fearlessness we see in the communities we serve; we’re committed to helping our customers strengthen their security posture and build resilience. As such, we’re proud to accelerate our security investments, including acquisitions such as CloudKnox3 and RiskIQ.4 And we’ve pledged to invest $20 billion globally in security research and development over the next five years. These investments will help drive continued innovation in the tools defenders need to tip the scales in their advantage.
Cybersecurity is a mission of great importance and true urgency. In today’s environment, it requires a comprehensive approach that includes security, compliance, identity, management, and privacy. At Microsoft, we believe that translates into more than just end-to-end solutions; it’s about constantly innovating to better serve our customers’ needs and the requirements of the landscape we all face. It’s about being best in breed, providing the most actionable intelligence, and delivering an integrated and simplified experience. In short, it’s about empowering people and organizations to do more, securely. Learn more about how you can take advantage of Microsoft Security’s comprehensive protection.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Your Security Posture Is Lacking: Time For An Adjustment, a commissioned study conducted by Forrester Consulting on behalf of Microsoft, 2020.
2Microsoft achieves a Leader placement in Forrester Wave for XDR, Rob Lefferts, Microsoft. 18 October 2021.
3Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management, Microsoft Security Team, Microsoft. 21 July 2021.
4Microsoft acquired RiskIQ to strengthen cybersecurity of digital transformation and hybrid work, Eric Doerr, Microsoft. 12 July 2021.
READ MORE HERE