Microsoft is rolling out its usual host of cloud security features and services at this week’s Ignite 2022 conference, with the focus on what’s happening in and outside the firewall.
The Redmond giant is targeting identity management, threat detection, and building security into applications earlier in the development process. Protecting against sensitive information being shared by teams is also a theme, according to the show briefing, although some of the newly-announced security features have been previewed with Redmond Microsoft 365 E5 license users.
All of these announcements are at the core of the Microsoft’s strategy to address the ever-expanding decentralized nature of enterprise environments, from on-prem, to cloud (and multi-cloud), to edge.
Microsoft is working to create a cloud security strategy where the products and services are housed within six families, from Defender (for anti-malware) and Sentinel (security information and event management, or SIEM) to Purview (data protection), Priva (privacy management), Intune (mobile device and app management), and Entra (identity and access management, or IAM).
Security in the DevOps lifecycle
At Ignite, Microsoft is introducing Defender for DevOps, aimed at security teams who want the ability to manage security during the development lifecycle to reduce vulnerabilities in the software and avoid cloud misconfigurations that can open enterprises to attacks.
At the same time, developers are being pushed to adopt a shift-left mentality, addressing testing and performance earlier in the development cycle to weed out flaws and other problems before the software goes into production. The goal of Defender for DevOps is to give security a more prominent role in the development process.
“Too often, cybersecurity and development teams within organizations operate entirely apart from each other,” Vasu Jakkal, Micorosft’s veep of security, compliance, identity, management & privacy writes. “With more bad actors exploiting vulnerabilities in the code itself, it’s critically important to build security in from the beginning.”
In addition, the company is announcing the public preview of Defender Cloud Security Posture Management, offering agentless scanning to drive real-time security assessments across enterprises’ cloud environments. It also integrates insights gleaned from Defender for DevOps, Defender External Attack Surface Management, and other workload protection products to give security pros a faster way to identify risks in cloud resources.
The dangers within
Microsoft also is addressing insider threats with the release of Purview Information Protection for Adobe Document Cloud, which Jakkal writes pulls together native classification and labeling with Acrobat to secure PDFs. And there is the public preview of new data loss prevention features, including granular policy management and contextual evidence for policy matches on endpoints – aimed preventing sensitive data from being shared or transferred without authorization.
Insider risks present an expensive problem for organizations, Jakkal says, pointing to a study the software conducted that found companies average 20 insider incidents a year. In addition, 40 percent of those companies said each of the incidents cost them $500,000 or more.
Protecting everyone and everything is not just about threats coming from the outside. Organizations need inside-out protection too. A Microsoft study on insider risks found that companies reported an average of 20 data security incidents a year, with 40 percent of those costing $500,000 or more per intrusion.
Also announced at the show is the public preview of Entra Identity Governance.
Microsoft already has worked to develop converged identity governance and access management offerings, and Entra Identity Governance addresses both on-premises and cloud-based user directories and manages Lifecycle Workflows for automating repetitive tasks and separating duties in entitlements management.
Microsoft is also focusing on security operations centers (SOCs) with expanded capabilities to more quickly detect and respond to threats.
Redmond is rolling out the public preview of automatic attack disruption in Microsoft 365 Defender, which correlates trillions of signals across endpoints, email, documents, cloud apps, and identities to find attacks like ransomware and financial fraud that are in progress and delivers the automation to react more quickly.
“Once an attack is detected in the environment, affected assets like compromised identities and endpoints are automatically isolated,” Jakkal writes, adding that the new capability “limits lateral movement and reduces the overall impact of an attack, while leaving the SOC team in control of investigating, remediating, and bringing assets back online.” ®