Microsoft has enhanced the holistic agile security platform it touted last November with integrated insights obtained from the company's intelligent security graph and tighter collaboration with industry partners. The changes highlight Microsoft's current approach to enterprise security, which focuses on moving enterprises to cloud platforms to improve overall security.
The company announced security features for its cloud offerings, including Microsoft Azure, Office 365, and SharePoint Online. Along with enhanced security management and reporting capabilities, Microsoft integrated identity protection and threat visualization tools to provide real-time insights and predictive intelligence.
"In the 100 days since Satya [Nadella, Microsoft CEO] discussed our newly invigorated approach to security, we've made some significant progress," Bret Arsenault, the Microsoft CISO, wrote in the official Microsoft blog.
Enhanced intelligent security graph
Back in the fall, Nadella provided some clues on how Microsoft's new enterprise security approach relied on insights from the intelligent security graph to speed up threat detection and protect customer data. The security graph, formed by "trillions of signals from billions of sources," provide real-time insights to help IT detect and mitigate threats while providing actionable intelligence.
Arsenault introduced two new products, Azure Active Directory Identity Protection and Azure Security Center Advanced Threat Detection, to help enterprises move toward a "protect, detect, and response security posture."
The Operations Management Suite taps into Microsoft global threat intelligence to alert administrators when firewall logs, Wire Data, and IIS logs indicate network activity between a server and a known malicious IP address. IT teams can visualize the attacks on an interactive map to find attack patterns.
The Azure Active Directory Identity Protection, available for public preview in early March, detects suspicious activities for end users and privileged identities arising from incidents like brute-force attacks, leaked credentials, sign-ins from unfamiliar locations, and infected devices. Based on the suspicious activity flagged, Identity Protection calculates a user risk severity score. IT administrators can define policies to automatically take actions based on the severity score and protect the identities from attack.
Most attacks against enterprises don't bother with exploits targeting zero-day vulnerabilities since there are plenty of easier ways to steal user credentials and stroll right on to the network. The Identity Protection capability in Azure will help detect if credentials have been stolen and are being used in unexpected ways, such as logging into a system it has never accessed before.
Azure Active Directory already analyzes more than 14 billion logins to identity 300,000 potentially compromised user authentications per day, the company said.
Microsoft also developed a new Advanced Threat Detection capability to analyze crash dump data received from more than a billion Windows machines globally and detect compromised systems. Since crashes are often the result of "failed exploitation attempts and brittle malware" the crash dumps can be a useful sign that something unexpected is happening on the endpoint.
Sign up for CIO Asia eNewsletters.