What Microsoft announced at the 2020 RSA Conference.

The annual RSA Conference brings together 50,000 cybersecurity professionals to connect with peers from around the world to uncover new and better ways to keep the digital world safe. Most of the leading Security vendors are there as you expect. As is becoming the annual norm, Microsoft used this opportunity to being more exciting announcements around its ever expanding offerings and capabilities in security.

Inside Risk Management

Insider Risk Management which has been in preview for a couple of months is now widely available.

The world we work in today with Internet everywhere, multiple devices being carried by employees and a work from anywhere culture means corporate data is likely to be stored or accessed on laptops, tablets phones, and even watches. Where blocking access is not an option, IT need ways to identify, take action on, and prevent insider risks to keep their busienss data safe.

New Insider Risk Management in Microsoft365

Insider Risk Management (part of Microsoft 365) helps tackle this challenge by gathering signals from across Microsoft 365 and other third-party systems, and then leverages the Intelligent Security Graph Insider Risk and machine learning to identify anomalies in user behavior and flag high-risk activities – enabling businesses to more effectively protect and govern their data.

Communication Compliance

Communication Compliance, which extends the existing complaince services within Microsoft 365 can be tuned to leverage machine learning to quickly identify and take action on code of conduct policy violations within all company communications channels. This has also just been generally released.

Microsoft Threat Protection

Over the past year Microsoft has been busy consolidating and harmonising all the various theat protection services and standardising the signalling, risk profile and events. In a world where multiple vendor solutions are no longer the recommended approach to provide end to end security, Microsoft Threat Protection helps simply whilst strengthening protection for the enterprise.

Traditionally, Security and IT have an endless list of alerts coming in from multiple monitoring systems and across their network, cloud, data centre and devices , making it almost impossible to link those at speed, recognise an attack, prioritise, and act quickly on the most critical threats or risks.

The unification of Microsoft’s Threat Protection services means that security/IT teams can now get a correlated, incident-level view of threats rather than having to manage and investigate multiple individual alerts from multiple systems.

The key capabilities in Microsoft Threat Protection include:

  • Investigating threats, automatically (or semi automatically) responding to them, and restoring affected assets to a secured state automatically, while simplifying hunting across the landscape for other signs of attack.
  • Self-healing compromised user identities, endpoints, and mailboxes, allowing security and IT teams to spend more time focussing on projects and policies by using AI and ML to automate remediation.
  • Sharing critical threat insights in real time to help stop the progression of an attack.
  • Azure Sentinel enhancements which are covered below.

Updates to Azure Sentinal

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) solution which allows business of any size to keep pace with the exponential growth in security data, improve security outcomes, and reduce hardware and operational costs.

New enhancements have been announced this week at RSA in San Francisco designed to deliver instant value and increased efficiency for security operations teams. These include

  • New community rewards (bounty program) for contributions to develop dashboards, orchestration, playbooks etc
  • New developer guides and APIs along with GitHub code and data collections
  • Ability to import AWS CloudTrail logs at no cost until June 2020
  • New security campaign views which gives security teams an all-encompassing view of email attack campaigns targeted at their organisation
  • New connectors for easier data collection from a wider range of security appliances and services

Security Campaign Views

Campaign views and compromise detection and response has also been made generally available following a short preview.

This feature gives security teams an all-encompassing view of email attack campaigns targeted at their organisation, along with making it easy to spot vulnerable users or configuration issues that enabled the attack or breach to succeed in the first place.

Early detection and response to compromised users is critical to ensuring that attacks are detected and actioned/remiated as early as possible so that the impact of a breach is minimised.

New Security Awareness Training

Through a partnership with Terranova, a market leader in computer-based training, Microsoft will be including Terranova’s entire phishing-related training set for free for organisations that use or are licensed for Office 365 Advanced Threat Protection Plan 2 (including in Microsoft 365 E5).

This security awareness training, coupled with Microsoft security solutions and risk analytics, will enable and extend Office 365 Advanced Threat Protection to provide a complete solution, encompassing customised user learning paths that enable IT and your compliance teams to create governance around organisational risk and maintain a stronger security posture.