CrowdStrike Update caused “Global IT Outage” with “Blue Recovery Screen” Issue on older Windows devices

We have seen social media frenzy this morning following a triple whammy of issues impacting Azure Virtual Machines (running Windows 10 and Server 2016) and Windows devices across hundreds of organisations where devices are rebooting to the Windows Recovery Screen issue on Windows 10 devices and Server running older versions.

19/7/24 11:00am: The impacts of the issue are still on-going although the root cause is known and CrowdStrike and working with Microsoft on getting a patch out…

19/7/24: 15:00: CrowdStrike have updated their sites to take accountability of the issue (Microsoft still helping) that has impacted devices due to a “bug” in their software update which caused the BSOD. They have pulled and fixed the update and are working with their customers to remediate the impact. Microsoft have also offered guidance on what can be done to reverse the issue – links to this below.

29/7/2024: 18.00: this is not a Microsoft problem (yet I imagine they will be blamed) but it affected millions of Windows systems… Read to the bottom to see why.

Summary

Since the early hours of the morning, several media companies, airlines, transport companies, tech companies, and schools / universities are reporting a Blue Screen (actually a safety recovery screen) issue Windows 10.

The issue is impacting Windows 10 devices that are using CrowdStrike Falcon agent – their flagship Extended Detect and Response (XDR) Security platform.

Impacted devices are crashing following this Falcon Client update and then getting stuck at the “Recovery” screen due to a critical system driver failure that is preventing the device from starting back up.

CrowdStrike and Microsoft are actively working on this to drive a permanent fix, workarounds are available which require manually preventing this service from starting on affected devices.

The issue is not known to be affecting devices running Windows 11 and Server 2019 and beyond.

What is CrowdStrike?

CrowdStrike, a cybersecurity firm based in the US, assists organisations in securing their IT environments, which encompasses all internet-connected resources.

Their mission is to “safeguard businesses from data breaches, ransomware, and cyberattacks” and they position themselves as having leading offerings that compete with other vendors including Microsoft themselves, SentinelOne, and Palo Alto Networks. Their client base is extensive and includes legal, banking, finance, travel firms, airlines, educational institutions, and retail customers.

A key offering from CrowdStrike is their Falcon XDR tool, touted on their website for delivering “real-time indicators of attack, hyper-accurate detection, and automated protection” against cybersecurity threats.

Root Cause

Information available from CrowdStrike and Microsoft state that the issue is caused by a “faulty” version of the csagent.sys file which is key system start-up file needed by CrowdStrike’s new sensors update for their Falcon Sensor agent. It is this file that has been responsible for the BSOD errors on Windows 11 and many servers running older Windows Server OS running in private and public data centres such as Microsoft Azure. .

George Kurtz, the CEO of the global cybersecurity firm CrowdStrike, stated that the issues were due to a “defect” in a “content update” for Microsoft Windows devices.

“The issue has been identified, isolated, and a fix has been deployed.” he said as he clarified that the problems did not impact operating systems other than Windows 10 and WIndows Server 2016 and older and also emphasized, “This is not a security incident or cyber-attack.”

Impact

Windows 10 devices are primarily affected.
Devices running Windows Server 2016 and older in Azure are also impacted if they run the CrowdStrike Falcon agent.
Limited/less impact on devices running Windows 11 or Windows 2019 and later.

Note: Windows 10 enters end of support in October 2025.

Is there a fix?

Updated: 21/7/2024: Microsoft have updated their guidance and provided additional support for fixing these issues using managed devices via Intune. This can be found here.

The formal advice if this issue is affecting your organisation is to contact your CrowdStrike Support representative – CrowdStrike and Microsoft are actively working to address the issue both as a response to the issue and preventative to ensure more devices are not impacted.

Since the issue is known to be caused by the csagent.sys file, there are ways to manually prevent this file being loaded, allowing the device to load. There are a couple of ways to do this.

Use Safe Mode and delete the affected file:
- Boot the device to Safe Mode
- Open Command Prompt and navigate to the CrowdStrike directory which should be C:\Windows\System32\drivers\CrowdStrike
- Locate and delete the file matching the pattern C-00000291.sys* – you can do this using the by using a wildcard dir C-00000291*.sys.
- Remove or rename the file.
Use Registry Editor to block the CrowdStrike CSAgent service:
- Boot to Safe Mode
- Open Windows Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSAgent
- Change the Start value to 4 to disable the service.

Dan Card, of BCS, The Chartered Institute for IT and a cyber security expert said: “People should remain calm whilst organisations respond to this global issue. It’s affecting a very wide range of services from banks to stores to air travel.“

He also said that whilst the cause is now known, it is still causing worldwide issues and impacts on consumer services, banking, healthcare and travel and will take some time to remediate.

“Companies should make sure their IT teams are well supported as it will be a difficult and highly stressful weekend for them as they help customers of all kinds. People often forget the people that are running around fixing things.”

Updated: 21/7/2024: Microsoft have updated their guidance and provided additional support for fixing these issues using managed devices via Intune. This can be found here.

Conclusion

CrowdStrike has acknowledged the issue and is investigating the cause. Users can follow the above steps to resolve the recovery screen issues and boot their PCs normally.

Crowdstrike and Microsoft worked tirelessly to resolve this issue and prevent further widespread impact.

Devices running Microsoft’s latest Operating Systems seem to be less impacted (though information still being collated).

How did Microsoft allow this to this happen?

How did this happen? Many people are asking why Microsoft are shifting blame to Crowdstrike (who have admitted fault) asking why and how did Microsoft allow this?

In short, it’s not their fault and there really wasn’t anything they could have done to prevent it…. Here’s why..

Many Security products such as XDR products made by Crowdstrike, Palo Alto, and even Microsoft’s own XDR product defender, are what is known as “kernel mode products” . Whilst this issue affected Windows the same “hiccup error with the update” could have equally of affected other OS such as MacOS and Linux since they are kernal extensions.. This means is they had made the same mistake on the updates for these OS’s the same product mess up would have occurred.

In an ideal world all applications and services would run in user mode rather than Kernel Mode, but with many security and AV products, these have a need (a legitimately one) to monitor at the lowest levels of the OS in order to detect attacks… This is not possible if running in user mode as the kernel is protected.

The Blue Recovery Screen (which was mistaken by most as the Blue Screen of Death (BSoD) which it actually was not is actually the Windows OS safety net.

As such, there is not much more Microsoft can do here. These are third party applications not managed or developed or controlled/updated by Microsoft. If Microsoft were to manually vet every update and change to an application, Microsoft would be classed as control hogs and the world will crucify them for it!

Microsoft cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.

The outage is awful and has impacted so many organisation including crutiic services, but it’s also not fair IMO that Microsoft and Windows have been dragged through the dirt simply because it’s their OS that was impacted by the poor updates and issues another third party application caused.

It’s not the first time this had happened…to other OS’s

According report by Neowin, ” similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company”s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.

In April, a CrowdStrike update caused all Debian Linux servers in a civic tech lab to crash simultaneously and refuse to boot. The update proved incompatible with the latest stable version of Debian, despite the specific Linux configuration being supposedly supported. The lab”s IT team discovered that removing CrowdStrike allowed the machines to boot and reported the incident. “

What this shows it the vital importance on update testing and deployment rings.

July 18, 2024July 18, 2024

Kings Speech : What the New Cyber Security Bill is about.

Yesterday 17th July 24, a new Cyber Security Bill was announced as part of the King’s Speech with industry experts and cyber security firms and advisory boards applauding the greater scrutiny and policies being placed on protecting the nation, our public services, critical infrastructure, and businesses – small, medium, and large.

The bill, will hand more power to regulators around cybersecurity incidents – and also includes a mandate reporting for ransomware attacks. The bill was announced in today’s King’s Speech, alongside 40 others.

… strengthen the UK’s cyber defences, ensure that critical infrastructure and the digital services that companies rely on are secure
Kings Speech | July 2024

In parallel, a new Digital Information and Smart Data Bill also announced, would have security concerns and implications if this Cyber Security Bill had not also been announced since one of it’s aims is to further support and speed up the digitising of more central and local government services as well as bring in new data-sharing standards, whilst giving the Information Commissioner’s Office (ICO) new powers.

CyberSecurity – State of the nation

The newly introduced Cyber Security Bill acknowledges that the UK as a whole faces increasing attacks from both financially-motivated cyber criminals and state actors, with entities of all sizes being frequent targets. The bill was proposed in response to cyber attacks on the UK’s digital economy, which have affected public services and infrastructure. Its aim is to enhance the protection of essential services and critical national infrastructure, which are particularly vulnerable to hostile actors. This is underscored by numerous cyber attacks in recent years on the NHS, NHS Blood supply, UK Trusts, the Ministry of Defence, the British Library, the Electoral Commission, Royal Mail, and various other government entities.

Life vs Death- The NHS Blood Supply Attack: The announcement comes after a severe Russian cyber-attack on Synnovis, a private firm offering pathology services like blood tests to the NHS. As a result of the attack, some patients were notified that their blood test appointments could be delayed by up to six months. It also affected supply of blood and much needed transfusions.

What’s in the Cyber Security Bill?

The new Cyber Security Bill consists of two main objectives.

To expand the remit of existing regulation
Provide regulators with a stronger foundation for the protection of digital services and supply chains, and enhance reporting requirements to develop a more comprehensive understanding of cyber threats.

The bill will expand the remit of regulators to cover supply chains and companies providing service/managed services to organisations – addressing the growing prevalence of supply-side attacks, where malicious actors gain access to organisation’s networks and systems via third-party suppliers such as MSPs, network providers and CSP providers or though APIs and systems which connect to other systems for things such as stock control, support and remote access. The bill also promises to create a stronger regulatory environment to ensure cyber safety measures are actually being introduced.

What about NIS2?

The Cyber Security Bill aims to revise the current UK Network and Information Security (NIS) Regulations 2018. These regulations originate from the EU’s NIS Directive, which outlines specific cybersecurity and incident reporting duties for operators of ‘essential services’ and digital service providers.

The EU has initiated an update to the original NIS framework, with ‘NIS2’ scheduled for implementation across EU member states by 17 October 2024. Whilst ‘NIS2’ does not expliciitly apply to UK companies, this bill is likley to align closely to it and may even add “icing on top”.

About mandatory reporting on ransomware attacks

Today, whilst organisations need to report data breaches, there is no law/rule about reporting ransomware attacks. This bill changes this. This is a good move since, introducing the requirement to report of ransomware attacks (whether successful or not) will help the UK better understand the wider cybercrime landscape.

What the Cyber Security Bill means for IT and Security Teams

Cyber Secrity and protection remains one of the biggest threats to organisations and government today and remains one of the biggest budget spends which continues to see an year on year increase along side AI of course.

As we live in an increasingly digital society across almost every industry and service, every organisation needs to have, and will be obligned under the new bill, to have robust security governance and controls in place. Organisations need to shift away from simply deploying products in the hope they will stop attacks and instead ensure they also have effective data on attack vectors and trends as well as having clear kill chain risk analysis and mapping across their entire estate from users and devices, to identity and access, data protection, threat detection, isolution, remiation and of course prevention.

In the context of state-sponsored attacks, national conflicts, and wars, it is evident that cyber attacks have become a standard component of such conflicts, targeting infrastructure, governments, and individuals alike. The Cyber Security Bill emphasizes that sectors such as communications, power, finance, health, education, and transportation, including traffic control systems, are all potential targets.

Cyber Security Bill – Things you can do

The new Cyber Security and upcoming NIS2 requirement presents several opportunities for organisations to prepare and get ready which shoudl underpin their existing cyber security and resiliance programme.

In Cyber Security report by Microsoft earlier, Microsoft Security said that they have seen a ten fold increase in cyber attacks along with a similar attack attempot growth of their own platforms and systems include Microsoft 365 and Azure.

Microsoft say that passwords and account compromose (often leading to phisghing attacks and ransomware attacks) continue to rise the fastest with password attacks per month increasing from 3 Billion attacks per month in 2022, to more than 30 Billion a month in 2023.

Microsoft also say that the UK CyberSecurity market in the UK worth $6.2bn in FY25 and is said to continue to increase at around 20% YoY for the next 4 years. For Microsoft, they see the following key areas of security being of the biggest opportunoity driven by customer demand to protect their businesses and critical infraastucture.

Threat Protection – $2.4bn
Identity Protection & Secure Access – $2.2bn
Security Analytics – $1.6bn

Note: Values are UK TAM for 2025.

Consulting, Assessments and Workshops

Leverage your security partners to help you conduct comprehenise reviews.

Many Cyber Security partners have pre-packaged (often vendor funded) offerings to help businesses of all sizes, through the delivery of tailoured, comprehensive workshops and assessments around the core Zero Trust Security Pillars which loosely fit into the catagories above.

The Cyber Security bill strengthens the powers of regulators, which is likley to lead to more frequent and rigorous security assessments and audits. This means you will likely need to prove you are undertaking these regualry and that you have clear, definaed and proven attack simulation plans, prevent and detect and remediation plans in place.

Security Adoption and Consolidation

In the ever-evolving landscape of cybersecurity, the complexity of security has become a significant challenge for many organisations. With an average of 76 security tools to manage, info sec magazine reports that many organisations are overwhelmed by excessive support tickets, ungainly rulesets, redundant alerts, and cumbersome integrations of different often overlapping security products. This complexity can lead to gaps in security, making organisations vulnerable to cyber threats and huge costs.

As part of any review and assessment, contract renewal and negotiation, most organisations can strengthen their security posture while reducing both spend and complexity through a strategy known as security consolidation. This involves streamlining and integrating various security tools and processes into a cohesive system and leveraging/adopting many of the technologies they may already have but have not turned on – examples of this are the vast security products and services offered in Microsoft 365 E5 which may be under-used or not switched on.

Security consolidation super important is essential for several reasons. Firstly, it can enhances threat detection and response by providing a holistic view of security events, facilitating faster identification of anomalies and coordinated response strategies pulling information from products and suits of products rather than trying to connect. Secondly, it simplifies management and operations, making it easier for security teams to manage and operate, leading to increased efficiency and effectiveness in managing cybersecurity risks. Thirdly, it can massively reduces complexity and cost by eliminating redundant systems and streamlining processes, improving the security posture, and reducing the chances of errors.

The National Cyber Security Centre provides a wealth of resources and guidance on various cybersecurity topics, including security consolidation.

Managed SOC and XDR

In light of the cyber security bill, organisations may consider moving to a Managed Security Operations Centre (SoC) or Managed Extended Detection and Response (XDR) service offered from their MSP provider, CSP provider or specialist Managed Security Provider. These service provide a huge a range of benefits for organisations who dont have the time, resources or desire to manage their security operations including:

Comprehensive Cybersecurity: Managed SoC and XDR services provide comprehensive cybersecurity across an organisations entire IT environment – monitoring threat landscapes, including IT networks, devices, applications, endpoints, and data, for both known and evolving vulnerabilities, threats, and risks.
Reduced Complexity: In most cases, investing in such services can significantly reduce the complexity of managing multiple security tools and processes. Whilst these services “may” take on and suppoprt an organisation’s existing security products , in many cases they will require (as part of onboarding) a more steamlined approach to security management, making it easier for organisations to maintain a robust security posture without having to manage multiple products and services.
Faster Response Times: Managed SoC and XDR services can provide significantly faster and more accurate detection and response times to real and high-risk potential threats. Many will leverage their vast experience, Machine Learning and other advanced technologies like AI and automation to make threat detection and response faster than humanly possible.
More Cost-Effective: Whilst not cheap on the surface, consolidating security operations under a managed service, organisations can potentially reduce the total cost of ownership (TCO) of securioty operations, by eliminating the need for multiple standalone security solutions and sometimes expensive security analysts and consultants.
Access to Expertise: These services give organisations access to highly skilled security experts, which can be particularly beneficial given the current shortage of skills in the cybersecurity industry.

Employee Training and Education

The importance of end-user adoption and training around security awareness must not be overstated. It is a critical component of an any organisation’s cybersecurity strategy. The human factor is often the weakest link in corporate security, with studies suggesting that most cyber attacks are caused by human error. Educating end users on cybersecurity best practices is crucial for reducing the risk of insider threats, phishing attacks, and other cyber threats.

Every business, large and small, needs to develop an effective security strategy mindset that is built into their culture. This ensures that every employee, from frontline staff to managers and executives, understands the importance of cybersecurity and the far-reaching impact that a data breach can have. This means that regular training sessions and awareness needs to be conducted to keep all levels of the organisation updated on the latest threats and defensive practices.

Management plays a key role in this process. They should demonstrate leadership by actively participating in security awareness training, complying with the company’s own cybersecurity policies, and encouraging staff to participate in trainings. This helps to create a culture of enhanced cybersecurity awareness and empowering employees to come forward with observations, suggestions or issues they have seen.

End-user adoption and training around security awareness is a commitment that needs to be made at all levels of an organisation. It is not just about protecting the organisation’s digital assets, but also about safeguarding its reputation and credibility. By making security awareness a priority, organisations can significantly reduce their vulnerability to cyber threats.

Conclusion

In conclusion, the King’s Speech has outlined a much needed robust and forward-thinking approach to cybersecurity in light of the every increasing wave of state nation and cyber terrorism combined with the rapid adoption of generative AI.

The introduction of the Cyber Security and Resilience Bill, as announced in the speech, is set to expand regulation to cover more digital services and supply chains, empower regulators to ensure cybersecurity measures, and mandate increased incident reporting to improve the government’s response to cyber attacks. This initiative is a significant step towards strengthening the UK’s cybersecurity infrastructure and resilience.

In light of these developments, every organisations should take proactive steps to align with these new measures. One of the key steps is preparing for the NIS2 Directive, which aims to establish a higher level of cybersecurity and resilience within organisations of the European Union and will also impact UK organisations. Organisations should start preparing by defining their compliance roadmap and optimising their cybersecurity awareness. They should conduct a thorough audit to identify gaps in their cybersecurity regimen and develop a comprehensive plan to address these gaps and achieve compliance with NIS2 requirements.

National Cyber Security Centre: National Cyber Security Centre – NCSC.GOV.UK

June 5, 2024

Cisco Live 2024: Unveiling an AI-powered and secure future

Cisco’s annual event, Cisco Live 2024, has seen a huge number of new AI-powered innovations and investments from a Cisco as they took to the stage in Las Vegas. This year the focus has been about powering the AI transformation and has been particularly impactful with the introduction and expansion of AI-enriched solutions across networking, security, and observability domains.

Here’s my take aways from the event based on snipits I watched and blogs from Cisco I’ve read over night on how these advancements are set to further transform the tech industry across almost almost every vertical.

Digital Resilience Through AI

Cisco talked about how their AI-powered innovations which are heavily focussed on the platform that drives transformation (the network and connectivity) are designed to enhance digital resilience, combining the power of the network with industry-leading security and observability. This integration simplifies adoption and provides comprehensive visibility across the digital landscape.

$1 Billion AI Investment Fund

Cisco annouced a new Global AI Investment Fund in a bold move to foster industry innovation and customer readiness and likely help them fund and invest into future aquisitions which is becoming common in the industry with start up innovation and backing. This strategic initiative supports Cisco’s vision of an AI-powered future, connecting and protecting organisations of all sizes through Cisco innovative networking and secure cloud technology platforms.

New Strategic Initiatives

Cisco’s collaboration with industry giants like NVIDIA, Splunk (who they aquired earlier this year) , and others, showcases its commitment to customer success and growth. Cisco referenced some of their largest clients including Steve Madden and McLaren F1 Racing that see Cisco continuing to play a vital role as a strategic ally in business and technology across their entire portfolio from network, security observability and collaboration.

New certifications to empower partners

Designed to prepare partners and ensure skills for the AI powered future, Cisco annouced new AI Fundamentals for their Partners including a new Certification in AI. Cisco plan to ensure they continue to equip partners and the workforce with the necessary skills to thrive in an AI-driven landscape which shows no sign on flowing down.

New innovations to their portfolio announced

Cisco has also announced new AI-powered features for their contact center solutions at Cisco Live 2024. These include.

New capabilities in Webex Contact Center will help organizations design and manage conversational self-service experiences. . This means businesses can automate their customer service to a greater extent, improving efficiency and customer satisfaction.
An AI Assistant is being provided for contact center agents. This assistant can help agents handle customer queries more effectively and efficiently, leading to improved customer service.
Cisco is also enabling the integration of third-party virtual agent solutions into their contact center offerings12. This allows businesses to leverage a wider range of technologies and services to enhance their customer service.

There is no AI without data and networking

With Cisco networking already the motorway for connectivity inside data centres, organisations IT and for connecting people, things and devices:

Nexus HyperFabric AI clusters. This is a “breakthrough” AI cluster solution developed in collaboration with NVIDIA and provides a single place to design, deploy, monitor, and assure AI pods and data center workloads. This means businesses can manage their AI workloads more efficiently and effectively.
Cisco Hypershield support for AMD Pensando DPUs and Intel IPUs,which Cisco say will enables enterprises to “realize an AI-driven, distributed security architecture” that seamlessly goes from the cloud to the data centers to the edge while still being highly performing and energy efficient.
Cisco will also combine the the power of the Splunk with their AppDynamics Application Performance Monitoring (APM) with the introduction of Splunk Log Observer for Cisco AppDynamics. This integration will enable users to drive faster troubleshooting across on-prem and hybrid environments.

Excitement overdrive

As a leading UK Cisco Partner, Cisco Live brought excitement to our teams and will give new innovation enablement for Cisco customers.

Cisco’s innovations will help us continue to help out customer build a more resilient, intelligent, and secure digital environment.

We’re thrilled to share incredible innovation and new AI-powered capabilities for our customers this week at Cisco Live… Cisco is uniquely positioned to revolutionize the way infrastructure and data connect and protect organizations of all sizes, and we are confident we are the right strategic partner for our customers in this era of AI.”
Chuck Robbins |Chair and CEO | Cisco.

For Cisco, it represents a step forward in leading the industry towards an inclusive AI-powered future. And for partners like Cisilion, it’s an opportunity to leverage these advancements to deliver cutting-edge solutions to our clients.

It’s not over yet.

Stay tuned for more updates from Cisco Live 2024, as we continue to explore the possibilities of AI and its impact on the world of technology.

Forrester: Microsoft Leading the Charge in XDR Innovation

This blog post captures Microsoft’s latest achievements, innovations and recognition in cybersecurity as reported by Forrester in their recent wave report on Extended Dedection and Response (XDR) plafforms. Here is have focussed on the latest developments and Microsoft’s move to leading in this report.

The ever-evolving landscape of cybersecurity, organisations face the challenge of defending against increasingly sophisticated cyberattacks. Based on the analysis performed by Forrester in their 2024 Wave report, Microsoft has yet again risen to the occasion, with them being placed at the far out leader in Forrester Wave: Extended Detection and Response (XDR) platforms – Q2, 2024, pushing them ahead of both Palo Alto and Crowdstrike in this recent report. They have been leaders in this space for over 4 years but this year pulled further ahead than ever before.

In the last year, 75% of security professionals witnessed an increase in attacks with 85% attributing this rise to bad actors using generative AI
Report By Security Magazine 2023

The Forrester report details how to protect against the constant and more spohisticated AI powered “intelligent attacks”, a Unified Approach to Cybersecurity is needed rather than a traditional add-on and multi-vendor approach. Forrester comment how Microsoft Defender XDR stands out with its unified visibility, investigation, and response capabilities. It integrates seamlessly across endpoints, IoT, OT, identities, email, collaboration tools, SaaS apps, cloud workloads, and data insights, providing end-to-end protection.

Generative A is the Game-Changer

Forrester say that the introduction of Microsoft Copilot for Security marks a significant milestone in Microsoft’s approach to XDR. This generative AI solution simplifies incident remediation, reverse engineers malware code, and empowers analysts with natural language processing to generate Kusto Query Language (KQL) queries.

Microsoft’s Automatic Attack Disruption – also powered by their latest AI and Threat Hunting services, has led to the development of automatic attack disruption features in Defender XDR. This technology can detect and disrupt ransomware and other advanced attacks within minutes, showcasing the power of AI in cybersecurity. The services work seemlessly toegther across their wider Azure and Microsoft 365 security portoflio making these a real multi-layered protect, detect and respond approach rather than multiple products stacked on top of each other.

The Future of Cyber Defense

Microsoft’s recognition by Forrester underscores its dedication to innovation and excellence in cybersecurity. As cyber threats continue to evolve, Microsoft’s XDR and unified security operations platforms will remain essential tools in the arsenal of cybersecurity professionals.

In Microsoft’s own blog post on the matter they state that “We believe Forrester’s recognition showcases that Microsoft Defender XDR is the broadest native XDR solution on the market and that our most recent additions of Microsoft Defender for Cloud data and Microsoft Purview Insider Risk Management data are critical to give the SOC access to end-to-end data. Its incident-level visibility, automatic attack disruption of advanced attacks, and accelerated detection and response now work across endpoints, Internet of Things (IoT), operational technology (OT), on-premises and cloud identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.”

“Microsoft is refining the most complete XDR offering in the market today, their dedication to innovation is demonstrated by its percentage of the R&D budget by revenue, which rivals the most innovative vendors in security.”
Forrester Wave Report: Q2 2024

Summary

Great to see Microsoft continue to innovate in this area, after Satya Nadella stated that they are “priotitising security above all else” in a recent report.

The recent report from Forrester does not of course mean that the other vendors in this report are no good. The familiar vendors such as Palo Alto, Crowdsrike continue to innovate in this space and the others are working hard to move up the quadrant.

Others to mention are Cisco who have moved into the Challengers Quadrant this year, following huge investments in thier Cisco Secure Cloud platform and their continued invenstment to bolster their security portfolio.

It is worth noting that XDR is just one of the security pillars reported on by Forrester and other leading analysts like Gartner.

May 15, 2024May 15, 2024

Interview: Mark Brown – VP Solutions Engineering at Splunk

This week, I had the pleasure of running a Fireside Chat with Mark Brown, who leads the engineering team at Splunk. The chat was streamed live on Linked In and YouTube as part of Cisilion’s monthly technology chat show which has been running for more than three years.

This month, we took to the virtual stage to discuss the acquisition of Splunk by Cisco, the history and innovation that Splunk brings across security and data analytics and observability, and some of the huge success stories and customers of Splunk since the company’s founding in 2003.

Cisilion and Spunk – May Fireside Chat

In this month’s show, we delved into Splunk’s history and capabilities, its evolution over the last 20 years, and its role as a data analytics platform. We talked about Splunk’s diverse customer base, including huge “high street” brands like Siemens and Gatwick Airport, where we discussed how Splunk’s data analytics is helping to enhance operational efficiency and security at the airport and how by processing local traffic and weather data along with real time people traffic in the airport, they help to ensure that LGW meet their people flow SLAs of getting people from check-in and through security.

Finally we talked about why Cisco have acquired Splunk, the market opportuntiy it creates and how partners like Cisilion will be able to leverage this aquisition into the Cisco portfolio over time. Mark talks about this being a strategic move to integrate Splunk’s data analytics with Cisco’s network and security solutions, offering a comprehensive approach to observability and security and giving them a real competitive edge whilst, increasing their market share and making the solutions simpler for their customers.

Using the power of AI, I have used Microsoft Copilot to breakdown the key sections of the video and help you to navigate to areas you think might be useful to you.

(I have a video on how to do this which you can access -> here -<

Cisilion and Splunk Fireside Chat – Key Coversations

[00:01:18] Introduction of Mark Brown from Splunk
- Leads the UK solution engineering team
- Discusses Splunk’s recent acquisition by Cisco
- Highlights the value Splunk brings to businesses
[00:03:00] Explanation of what Splunk is
- Describes Splunk as a platform for searching logs in data centers
- Evolved into a leader in security and observability
- Known as the “Google for the data center”
[00:18:09] Cisco’s acquisition of Splunk
- Seen as a natural fit with little overlap in technology offerings
- Expected to enhance both Cisco’s and Splunk’s product portfolios
- Acquisition aligns with Cisco’s strategy to expand software offerings
[00:08:14] Reference customers of Splunk
- Splunk’s reference customers span 110 countries and includes major brands across various industries
- Talking through examples including Siemens, Singapore Airlines, and Gatwick Airport
- Talking about wider use cases that demonstrate Splunk’s adaptability and impact
[00:14:22] Splunk’s competition in the market
- How and where Splunk competes with and partners with various tech companies such as Data Dog and Relic
- How Microsoft Sentinel have also become a leader in the SIEM space in just two years and how Microsoft and Splunk are working together to deliver Splunk Solutions to customers in Azure.
- How Splunk have been leaders for more than 10 years.
[00:17:46] Cisilion’s perspective on the acquisition
- How Cisilion are excited about the integration and potential for new market opportunities and the alignment between Cisco and Microsoft, Cisilion’s two strategic partners.
- How we see the acquisition as a way to complete the technology journey for clients bringing together multiple technnologies and creating a single pane of glass for security logs and observability.
- Our forward looking view on the game-changing advancements in observability and security this aquisition could bring to Cisco.
00:25:23] The chat continues around use cases, market trends and the future of security and observability

Welcome your views on the video and the discussion as always.

May 14, 2024May 14, 2024

Microsoft and Splunk Lead in Gartner 2024 MQ for SIEM

The digital security landscape is constantly challenged by sophisticated threats, making the role of Security Information and Event Management (SIEM) systems more critical than ever. In the 2024 Gartner® Magic Quadrant™ for SIEM, Microsoft and Splunk have been recognised as leaders, demonstrating excellence in vision and execution in the SIEM space.

Gartner said in their 2024 report that “The SIEM market grew from $5.03 billion in 2022 to $5.7 billion in 2023 (see Market Share: All Software Markets, Worldwide, 2023), a 13% annual growth rate compared to a 22% increase the previous year. The primary drivers of a SIEM purchase are threat detection, response, exposure management and compliance. Buyers are seeking a SIEM ecosystem with broad and deep capabilities to satisfy multiple security and business use cases with capabilities to support a diverse environment.”

The Significance of SIEM in Cybersecurity

SIEM technology is essential for organisations to effectively manage security events and information. It provides real-time visibility across an organisation’s information security systems (multi vendor), providing single pane of glass event log management, compliance reporting, and incident response capabilities. The ability to swiftly detect, analyse, and respond to security incidents is what makes SIEM a cornerstone of enterprise security strategies.

Friends and Foes?

In 2023, Splunk and Microsoft agreed to partnering to help build Splunk’s enterprise security and observability offerings on Microsoft Azure. This means that Splunk solutions are now available for purchase on the Microsoft Azure Marketplace as well as AWS Market place. This is great for both parties and Microsoft Partners who sell and deploy Azure Services to their clients.

Microsoft’s Leadership with Sentinel

Microsoft has been acknowledged as a leader in the Gartner Magic Quadrant for SIEM for its comprehensive, cloud-native solution, Microsoft Sentinel¹. According to Gartner, Microsoft Sentinel stands out with its unified security operations platform, blending SIEM, XDR, AI, Threat Intelligence, and extended posture management into a single experience. This platform is powered by generative AI, offering end-to-end protection and consolidating various security operations tools into a coherent experience.

Strengths:

AI and Automation: Enhances threat detection and response capabilities.
Unified Experience: Offers a seamless blend of SIEM and XDR functionalities.
Cost Efficiency: Delivers up to 234% ROI over three years and reduces costs by up to 44%¹.

Best Fit for Sentinel:

Gartner cite Microsoft Sentinel as being best for organisations that require or demand a cloud-native SIEM solution with advanced AI capabilities and integration with other Microsoft security products will find Microsoft Sentinel to be an ideal fit. Sentinel works with a huge number of external cloud and on-premises data connectors (including Splunk).

Splunk’s Data-Centric Excellence in SIEM

Splunk remains a joint leader in the SIEM market, praised as always for their data-centric security analytics solution, The Enterprise Security application from Splunk is available both on-premises and as SaaS. Splunk provides pricing flexibility, which can be based on daily data ingestion or cloud workloads, referred to as Splunk Virtual Compute. Splunk primarily serves large enterprise organizations in North USA

Splunk have said they are launching a new AI Assistant for Security, which will be integrated with Enterprise Security to enhance detection and response functions. Cisco finalized the acquisition of Splunk on March 18, 2024 and we expect to see integration and cross pollenisation of their combined portfolio at somepoint in 2025.

Gartner point out that currently Splunk has a significantly higher-than-average cost compared to other vendors in their report, is more complex to deploy and configure (measured in pro services days) and currently low numbers of sales support staff outside the US – though with Cisco’s aquisiton of Splunk this is likely to change over the next 18-24 months.

Strengths:

Overall observability: The Splunk platform can integrate security, IT, application and other data sources. This, coupled with its federated search and analytics capabilities across third-party data stores, is a strength for clients seeking to build highly enriched queries and alerts.
Extensive integration: Splunk’s integration of SOAR enhances a wide range of common SIEM use cases. Clients wanting quick time to production automation for common SIEM operational functions will find Splunk’s library of playbooks a strength.
User interface: Splunk’s UI and dashboard provide significant customization. Clients requiring custom animations and visualization for specialized monitoring, such as OT or financial systems, will find the UI editor an overall strength

Best Fit

Splunk is particularly suited for very large organisations that value a data-driven approach to security and need powerful analytics to manage complex security environments. Microsoft is actually one of Spunk’s largest customers.

Conclusion

Microsoft and Splunk continue to lead the SIEM market with their innovative solutions. Sentinel offers a world-class leading, cloud-native, AI-enriched platform that simplifies operations and accelerates threat resolution.

Splunk provides a robust, data-centric approach to security analytics, enabling organizations to respond to threats with speed and precision and is ideally suited for the largest of enterprises as well as those who remain mainly on-prem and less “all in with cloud”. Splunk also has a strategic alignment and integration with Microsoft Sentinel.

As a Microsoft and Cisco leading UK partner, we are excited to be working with both Cisco and Splunk (Cisco) in this space with the abiluty to guide and consult around customer hosted, Azure hosted and cloud-native SIEM solutions. We also love ther fact that we can now meet customers on their ground with the ability to deploy Splunk on Azure via the market place to our clients.

April 19, 2024April 18, 2024

Cisco Hyper Shield: Data Centre security redefined.

Cisco has introduced a new product called Hypershield, which they claim is one of the most significant security products in Cisco’s history. It is expected to be generally available starting from July 2024.

What is Hyper Shield?

Hypershield is a cloud-native, AI-powered system designed to enhance the security of AI-scale data centers. Unlike traditional security products, hyper shield is integrated directly into the network’s fabric, offering a revolutionary approach to protecting digital infrastructure services in data centres, protecting applications, devices, and data across public and private data centers, clouds, and physical locations.

This is the Most Consequential security announcement In Cisco’s 40-Year History
Cisco.

The holistic system promises to bring the security advantages of a hyperscale model to enterprises, allowing security to be embedded in every software component of every application running on the network, on every server, and in both public and private cloud deployments.

How Hyper Shield is different.

Hypershield is different to traditional security “bolt ons” because it not just a new security product or the next version of something that already exists. What makes this different and unique, is that Hyper Shield represents a brand-new security architecture model built from the ground. It uses an open-source technology called eBPF that hyperscalers use to automate patching and other time-consuming jobs. It has the ability to transform every network port into a high-performance security enforcement point and works by blocks application exploits in minutes while preventing lateral movement of attacks.

Innovation from within

I think Hypershield is exciting because it represents a significant shift in how security is approached within the data centre fabric.

“Why we think this is the most consequential is we’re taking what used to be a firewall, an appliance, and we’re like melting into the network. It’s not a separate thing that you add on. It’s like magic. It writes its own rules, it tests its own rules, it qualifies its own rules, deploys its own rules, and then overnight it upgrades itself”
Tom Gillis | VP Security | Cisco

It is built with technology originally developed for hyperscale public clouds Cisco are making this technology available for enterprise IT teams of all sizes regardless of how big their data centre foot print is. It works by enabling security enforcement to be placed everywhere it needs to be, at the application and data layer, which is a major shift and change in how traditional data centre security works. Cisco say that it’s expected to have a significant impact on how businesses protect their digital assets.

With this innovation … we have actually been able to deliver something that’s unlike anything we’ve done in the last 40 years at Cisco. And I will say that we’re just getting started.
Jeetu Patel | Cisco’s EVP

Rather than relying on traditional network and application level firewalls in the datacentre, Hypershield works by essentially providing security boundaries around every application and service. It naturally uses artificial intelligence to learn and adapt, so it gets better at detecting and understand normal activity from attack attempts.

I look forward to learning more about this.

Cisco and Splunk – For Security and Observability.

With the $28B aquisition now complete between Cisco and Splunk, both vendors will soon be in heavy marketing mode as they position their new combined offerings (under Cisco) to “unify the full power of network and endpoint data with leading Security and Observability solutions, all underpinned by our highly scalable, AI-powered data platform“.

The combination of Cisco and Splunk will provide truly comprehensive visibility and insights across an organization’s entire digital footprint, delivering an unprecedented level of resilience through the most extensive and powerful security and observability product portfolio on the market.
Gary Steele| VP Splunk.

So what does that mean?

Unification and Choice

According to the new Splunk website and publicly facing collateral, the combining of forces is destined to offer the following value and connected experiences to their combined customer base.

Power the SOC of the Future, by
- improving the efficacy, efficiency, and economics of defending organisations and service providers against modern security threats, offering what they claim will be the “most comprehensive security solutions for threat prevention, detection, investigation and response.”
- Continuing to deliver Splunk’s existing security and monitoring platforms, while adding Splunk technology to Cisco’s existing portfolio with enhanced network, endpoint and cloud data for” unparalleled insights and faster remediation“.
- Enhancing Cisco’s security offerings across the board to help organisations secure users, protect infrastructure, and improve prevention, detection and remediation with Cisco’s User Protection, Breach Protection, and Cloud Protection suites which is fed from Cisco’s Talos data intelligence platform.
Enrich Observability across all and any environment by:
- Offering a comprehensive full-stack observability solution, enhancing customers’ ability to deliver seamless digital experiences and prevent downtime across any environment, combining and joining Cisco Thousand Eyes and App Dymanics with Splunk’s portfolio of products.
- Continue to offer choice to customers, by offering unified solutions as well as the individual Cisco and Splunk whilst providing unified management and insights.
- Create a world leading observability platform through the Integration of the best of Cisco and Splunk technology leading to an holistic ability ability to detect and remediate incidents, empowering IT Teams to focus on enablement, security and digital transformation rather than troubleshooting performance and issues.

What about AI?

Yes… Cisco and Splunk also talk alot about AI empowerment and execution. After all, AI workloads are intense, drive traffic into different places and have a profound impact on how people use and access data and applications.

Aimed more at organisations who build and operate on their own data, rather than consume SaaS, the fuel of AI and its ability to provide information and serve requests is reliant on fast and secure access to models trained on huge volumes of the data.

Cisco beleive that their combined forces will bring an unmatched breadth of data through allowing organisations to build, scale and tune, highly scalable data platforms while ensuring performace and security at scale.

The competition?

The race to empower and secure both traditional and AI powered workloads continues up pace. Cisco have a great history of building arguably the best networking technologies in the world, have one of best SaaS performance monitoring platforms and now with the added arsenal of products from Splunk, puts them in a great position to win over customers, partners and MSPs with a unified offering.

Cisco have struggled to win hearts and minds with security for years but this combining of forces gives them an ACE card to play. Whether they will get this right (from a hearts and minds, price and integration) is yet to be seen, but Cisco have a great track record of integrating technologies from vendors their aquire.

More information

More information around the combined entity of Cisco and Splunk are coming in fast and late last week, Cisco ran a customer and partner briefing which is now available on demand here.

March 14, 2024March 14, 2024

Microsoft’s Copilot for Security available April 1st

No – it’s not an April Fools Joke – Microsoft yesterday (13th March 2024) announced that their much anticpiated Copilot for Security will be available to buy and use from 1st April 2024.

What Does Copilot for Security Do?

Originally announced a year ago and after extensive testing in private preview, Copilot for Security is aimed at IT Security and Sec Ops teams as it brings Microsoft’s Copilot technology, Microsoft’s threat intelligence services and Machine Learning into a dedicated security service powered by Copilot. .Copilot for Security can processes prompts and responds in eight languages, with over 25 languages supported at launch.

For organisations that already invest and consume Microsoft security services such as Sentinel, Defender, Entra, Priva, Intune, and Purview this is a exciting time!

Copilot for Security is informed by large-scale data and threat intelligence, including Microsoft’s daily processing of more than 78 trillion security signals – a gaint increase from 65 trillion signals stated just last year. This is largest threat intelligence database in the world. Microsoft do not use any organisational data to train their LLMs.

One huge advantage of Copilot’s conversational abilities is its capacity to rapidly compose incident reports. It can also tailor these reports to be more or less technical based on the intended employee audience, say Microsoft.

Copilot for Security offers a huge variety of capabilities, including:

Human-readable explanations of vulnerabilities, threats, and alerts across all of Microsoft’s security products and services, aswell as, (later) third-party tooling as well.
Answer questions about alerts, threats and incidents in real-time and take action.
Automatically summarising incident analysis and offers recommendations for subsequent actions based on the tools the organisation is licnesed for and/or deployed.
Ability for users to edit the prompt to correct or adjust responses and share the findings with others and create extensive run books based on prompts as well as ability to share prompts with other anaysts in the team.

After nearly a year of various preview stages and vigorous testing both my Microosft Security Expert and enterprise organisations, Microsoft say the feedback has been “overwhelmingly positive.” A recent AI economic study by Microsoft demonstrated that security professionals work 22% faster and are 7% more accurate when utilising Copilot for Security. An impressive 86% of participants reported that Security Copilot enhanced the quality of their work, and >90% expressed a desire to use Security Copilot for future tasks. The report further indicates that security novices, possessing basic IT skills, performed significantly better with Security Copilot compared to members of a control group. Moreover, their superiors expressed greater confidence in their output.

Copilot for Security in Action

A year in readiness.

In the annoucement, Microsoft cited statements from Forrester VP Jess Pollard who said that “Experienced practitioners will reap the most rewards from the capabilities Microsoft offers, and while it’s unlikely to identify threats SOC [security operation center] teams would miss, it does make investigation and response faster”.

Just like Copilot for Microsoft 365 – Adoption and Training is Key

Just like any major technology change such as Copilot for Microsoft 365, adoption, training and practice is going to be vital to get maximum value anmd trust from Copilot for Security. Security teams will need to a fair amount of change management and training to ensure they can take advantage of the Microsoft Copilot for Security. Forrester cited in the report that “it takes around 40 hours of training to get security practitioners comfortable with using Copilot for Security. In addition, we heard that it takes four or more weeks — with many stops and starts — to get practitioners comfortable with the technology.”

With a global shortage of Cyber Security Skills, an exponential growth in attacks and attack surfaces and the rise of AI at cyber crimimals finger tips, Copilkot for Security has been one of the most anticipated uses for Copilot. There is no doubt that Copilot for Security can lower the barrier to entry into the cybersecurity industry, Forrester also said that “Though large language models and generative AI may level the playing field and allow for accelerated security talent development, no amount of out-of-the-box prompt books and guided response steps replace fundamental security knowledge, skills, and experience.”

The Pros Microsoft Copilot for Security

Feedback from Microsoft early-access clients loved about Copilot for Security, including the following:

Making script analysis easier by de-obfuscating and explaining contents.
Accelerating threat hunting by helping write queries based on adversary methods.
Speeding up and simplifying complex KQL queries or PowerShell script creation.
Analysing phishing submissions by verifying true positives and providing inbox details.
Improving analyst experience by reducing the need to swap between various tools.
Generating leadership / executive-ready incident report summaries efficiently.

Things to be aware of at launch

There are serveral key areas which wont be available at intial launch, but epect to see rapid release cycles and updates once GA. Currently the following is not available but will be added over time.

Single Data Repositories – Copilot currently requires multiple instances for users / organisations that want to silo data between different business units, group companies or geo locations. These will be eventually be rolled into a single instance/interface but today will cause challenges for large MSPs and global / complex organisations.
Third Party Tools – At launch Copilot for Security will not provide integation into third party tools so organisations will need to be using Microsoft’s first party security tools like Defender for Ideneity and Defender for Endpoint. This is on roadmap.
Limited Integfration and Automation: Much of the work Copilot for Security does on day one is around reporting, alterting across mutiple signals sources and behaviour. Whilst it can execute run-books, some services like auto-quarantine and network isolation will not be available at launch.

New Features at Launch

In the annoucement, Vasu Jakkal, corporate VP of compliance, identity, management, and privacy at Microsoft said that as part of the launch, the following new features will be available to Copilot for Security:

Custom promptbooks,: allowing Security Teams to create and save their own natural language prompts for common security workstreams and tasks similar to the notebook feature in Copiolot for Microsoft 365.
Knowledge integrations: Which will enable the connecting of Copilot for Security to customers’ logic and workflow and the ability to perform activities based on company defined step-by-step guides.
Integration with customers’ curated external attack surface from Microsoft Defender External Attack Surface Management to identify and analyse the most up-to-date information.
Summarisation in natural language of additional insights from Microsoft Entra audit logs and diagnostic logs for a security investigation or IT issue analysis related to a specific user or event.
New fully customisationable usage dashboards to provide reporting on how teams interact with Copilot.

Which Organisations benefit most?

For organisations that already invest and consume Microsoft security services such as Sentinel, Defender, Entra, Priva, Intune, and Purview – Copilot for Security will likley be at tool that provides an indispensable enhancement that will not only reduce workload and increase productivity, but siginifcantly help Security Teams to work better together and detect and respond faster than ever.

Organistions that are not fully invested in Microsoft’s extensive secrtirty portfolio and choose to use other vendors will still benefit, but until wider third party support is available, runinng trials and evaluating the potential move to more Microsoft Security technologies is a smarter move. There will be increased funding pots and incentives to entice organisations to move to Microsoft Security.

Almost every Security vendor is adding Gen AI into their products and services, but today, no other organisation has built what Microsoft have (though this will likley change).

Pricing from $4 per hour

Yes, ok I saved this for the end.

Pricing will be offered through a consumption-based model, allowing customers to pay according to their usage needs. Usage will be categorised into Security Compute Units (SCUs). Customers will be billed for the number of SCUs provisioned on an hourly basis at a rate of $4 per hour, with a minimum usage requirement of one hour. Microsoft say this is an opportunity for any organisation to begin exploring Security Copilot and expand their usage as necessary.

This, lowers the entry point to the solution without a big initial license outlay and should simplify the pilot, on-boarding and rollout process. The PAYG model is also something organisations are used to, making it more accessible and straightforward and avoiding the complexity of traditional stackable licensing schemes.

Microsoft CSP partners, like Cisilion will be key in helping customers to manage their spend, working with the Sec Ops team to tweak and finetune the solution to help map, manage and plan spent.

January 16, 2024January 16, 2024

Cisco announces “AI Assistant for Security”

Last month, and now just a few weeks away from Cisco Live, Cisco have announced they are bringing a new “AI Assistant for Security” to market this year. This is an artificial intelligence tool that combines generative AI technologies with an “unparalleled scope of data” , giving IT/SecOps teams the ability to generate more secure, AI-driven insights that span devices, applications, security, networks, and the internet .

“AI Assistant for Security will help provide better protection to our customers by simplifying management for both seasoned administrators and novice users. Our aim is to inject generative AI and unify telemetry across all Cisco Security solutions to create a more effective experience and safeguard our customers”
Brian Feeney | VP Global security partner sales | Cisco

Cisco AI Assistant for Security marks a major step in making artificial intelligence pervasive in the Cisco Security Cloud. Starting with the Cisco Secure Firewall Management Center, Cybersecurity professionals will be able to leverages Cisco AI Assistant for streamlining and automating firewall management both on premises and in the cloud.

Firewalls first – more later

Cisco have said that they will launch the AI Assistant for firewall as soon as Spring 2024, with this representing a great opportunity for their partners and customers to start leverage the advantages of AI.

Cisco say this will be included and integrated into their cloud-delivered Firewall Management Center with no additional charge. Longer term, Cisco said they plan to extend it to their other firewall management tools later.

Why? Well, according to Gartner, Configuration complexity and inconsistent rules are among the highest cause of security risks and breaches when it comes to configuring networks and firewalls with misconfiguration being the cause of nintey nine percent (99%) of all firewall breaches.

The AI Assistant for Security is built on “Ciscos foundation of security, data protection, and privacy, guided by Cisco’s responsible AI principles and framework”. Their AI assistant is trained on Cisco’s huge security-focused datasets, (Talos) which analyses more than 550 billion security events daily and helps IT and SecOps teams in making informed decisions, enhancing their tooling and reporting capabilities, and automating intricate tasks.

“Cisco is harnessing AI to reframe how organisations think about cybersecurity outcomes and tip the scales in favor of defenders. Cisco combines AI with its breadth of telemetry across the network, private and public cloud infrastructure, applications, internet, email, and endpoints. “
Jeetu Patel | VP security and collaboration | Cisco

Cisco say that their Cisco AI Assistant for Security is a major step forward in making artificial intelligence relevant and pervasive in the Cisco Security Cloud – their unified, AI-driven, cross-domain security platform. Cisco Secure Firewall Management Center will be the first platform to leverage the AI Assistant for Security to simplify firewall management.

This should make it much easier to manage and maintaining firewall rules and policies, by enabling administrators to “talk to and administer” the platform to with natural language to find policies, understand rules, spot anonomises and even get suggestions for new rules.

How AI Assistant for Security is different to Microsoft Security Copilot?

Scope

Cisco AI Assistant for Security and Microsoft Security Copilot are both artificial intelligence tools that are designed to help IT and SecOps teams work do efficiently, smarter and safer users work faster, but the platforms and services are different in several ways when comparing to Microsoft Security Copilot.

Cisco’s AI assistant is designed to work across (initially) their firewall services (with other services that make up the Cisco Secure Cloud portfolio coming later), Microsoft Security Copilot is designed to assist cybersecurity professionals in investigating critical incidents across their entire security portfolio including Microsoft 365, their XDR platform, Azure and Sentinel. Microsoft Security Copilot doesn’t work across physical security devices like firewalls so the two services are potentially good complementing services.

Microsoft has combined the power of OpenAI’s large language model with Microsoft’s own threat analysis footprints which is informed by more than 100 different data sources across Microsoft 365,Azure and hundreds of this party data analysis companies. It uses the combined intelligence of more than 65 trillion threat signals every day to provide company and sector specific insights, alerts and guidance.

Use Cases

Currently AI Assistant for Security is designed to help organisations better configure their security services (starting with firewalls), detect inconsistencies (for example across different sites, service or offices). This will expand over time however and we expect more to be annouced in Feb 2024 at Cisco Live in Amsterdam.

Use cases for Microsoft Security Copilot include for example the ability to allow admins to use prompting language prompting to ask Copilot to acreste an exec level report on an incident response for a particular ongoing investigation. Copilot will pull data across multiple sources based on the set of interrelated and connected tools and services. Another change of prompt for example could the see Copilot provide more information, change how it displays or summarises the report, or even create lessons learned documents or suggest changes in process.

Cost

According to Cisco, the AI assistant for Security will be generally available for firewall customers in the spring of 2024 at no additional cost via the cloud-delivered Firewall Management Center (FMC) and expanding to other management tools in the future.

Microsoft Security Copilot, however, which is currently in paid public preview is expected to cost >$100k when it’s officially availabily later this year.

A better together story?

As you can see the Cisco and Microsoft’s offering in this space is quite different. While Cisco see their AI Assistant for Security as a way of differentiating their brand in the cyber security space and to leap ahead of the competition in this traditional secoery space (think Palo, HPE, Dell, Checkpoint etc), Microsoft Security Copilot is more geared towards collating security signals from the organisations configuration, reports and signals from Microsoft’s own threat intelligence of 65 Trillion signals, the organisations configuration and third party connected signals to provide almost an AI powered cyber security team.

I very much see this as a “use both” better together theme.

Closing Thoughts

According to Gartner, Configuration complexity and inconsistent rules are among the highest cause of security risks and breaches when it comes to configuring networks and firewalls with misconfiguration being the cause of nintey nine percent (99%) of all firewall breaches.

As such, launching this with a “firewall first” approach is a sensible move by Cisco to add more value to their offering through the use of embedding generative AI into their core security product base without adding a surcharge or making it “Premium”. It should help to further position Cisco as a Leader in the security space against the fierce completion. I look forward to this being available and for Cisco to increase it’s reach over time to the rest of their portfolio.

You can learn more about Microsoft Security Copilot at and Cisco’s AI assistant below.

Cisco Announcement and Blog: Help Firewall Admins With Cisco AI Assistant for Security

Cisco AI Assistant: Cisco AI Assistant – Cisco

Microsoft Security Copilot: https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot

January 11, 2024January 12, 2024

Could HPE’s acquisition of Juniper disrupt the networking market?

It’s official – HPE have confirmed they are acquiring Juniper Networks for around $14 billion in an “all-cash” deal. According to reuters, this price represents a premium of just over 32% over Juniper’s closing stock price on the day the deal was announced.

Since HPE (Hewlett Packard Enterprises) broke away from HP in 2015, they have been on an acquisition spree and have made a number of strategic purchase including Nimble Storage, SGI, Cray and SimpliVity. The acquisition of Juniper will be HPE’s largest acquisition to date. The deal is expected to close later this year or early 2025.

Under the acquisition, Juniper CEO Rami Rahim will lead the combined HPE networking business, reporting to Antony Neri, CEO of HPE.

Why have HPE bought Juniper?

The acquisition will add a huge arsenal to HPE’s already impressive networking business and according to HPE will “create a new networking leader with a comprehensive portfolio”.

In the annoucement by HPE they said that “HPE’s acquisition of Juniper represents an important inflection point in the industry and will change the dynamics in the networking market and provide customers and partners with a new alternative that meets their toughest demands,” | HPE CEO Antonio Neri.

HPE claims that this deal will enhance their role at the intersection of fast-growing AI trends, increase their market potential, and foster more innovation for their customers as they assist in connecting the AI-native and cloud-native domains. They also claim that it will create substantial value for their shareholders.

Combining HPE and Juniper’s complementary portfolios supercharges HPE’s edge-to-cloud strategy with an ability to lead in an AI-native environment based on a foundational cloud-native architecture
Antonio Neri | CEO | HPE

This acquisition of Juniper will position HPE as a strong end to end contender in the enterprise and mid market networking space, in a space which is dominated by the likes of Cisco, Arista and Dell.

The coming together of HPE and Juniper will esentially create a networking company that can compete in the growing era of “AI everywhere”. This will give HPE two main vantage points to compete against the network giants like Cisco, Arista and Dell.

HPE should have more capablity, the products and reach to target the data center network infrastructure business with a focus on AI workloads, leveraging Juniper’s expertise and track record in data center and cloud networking whilst also expanding HPE’s edge-to-cloud portfolio offering.
HPE will also gain the ability to leverage Juniper’s investment and maturity in AI powered network management to stregthen and innovate the overall HPE portfolio.

HPE has emphasised this aspect of the deal in their press statement, seeing this as a huge opportunity to leverage the “explosion of AI and hybrid cloud-driven business” and meet the increasing demand for technologies that are needed to connect, protect, and analyse vast amounts of data from the edge to the cloud.

How will impact the competition?

How this impacts the other networking giants will remains to be seen. Much of the success of HPE in this expanded market and where Aruba operates today will be one of great interest as they have traditionally been seen as entry level and far from entperpise class. However, HPE have the change to change all this and reset expections buy taking advantage of Juniper’s MIST and JunOS platform – perhaps breathing new life into Aruba and create a wider, extensive portfolio of products that scale to any market, office and budget but time will tell. This along with the wider HPE and Juniper porfolio could create a comprehensive and consistent offering across every market segment.

From an SD-WAN perspective, it’s also worth noting that HPE own Silverpeak and Juniper is not a market leader in that space. When we look at the wider security portfolio also, it will be interesting to see where HPE they will focus their efforts. Integration of Aruba Clearpass with Junipers’ MIST could be intriguing, or could even put them in the postion to create a competitive solution to Cisco full software defined access (SDA). Time will tell.

As the world continues to prepare, adopt and invest in the new emerging technolgies of AI, this new technology battle field will not just be aimed at the enterprise networking market. This aquisition will put new competition across all market verticles and all segments including mid market, enterprise, service provider and cloud. How this is taken by customers also remains to be seen. Some I have spoken too think that this may make existing Juniper customers re-evaluate their opens and look at the likes of Cisco, Arista or Dell again, while others think it will only bring growth to HPE.

One this is for sure – there will be increased competiton and it will keep the other networking giants on their toes. In these situations this can only be good for the customer as increased competition or a new offence usually creates innovation from all the partners in the space and creates a price compete.

What do you think about the aquisition? Feel free to tell me in the comments below.

Who are Juniper?

Juniper is a leading provider of networking products, including routers, switches, network management software, network security products, secure access service edge (SASE) solutions and software-defined networking (SDN) technology. According to their website "Juniper is dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality".

Who are HPE?

According to their website, "Hewlett Packard Enterprise is the global edge-to-cloud company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open and intelligent technology solutions as a service. With offerings spanning Cloud Services, Compute, High Performance Computing & AI, Intelligent Edge, Software, and Storage, HPE provides a consistent experience across all clouds and edges, helping customers develop new business models, engage in new ways, and increase operational performance".

Today, HPE offers switches via its Aruba Networks business unit which they acquired back in 2015.

HPE Press Statement:
HPE to acquire Juniper Networks to accelerate AI-driven innovation | HPE

Juniper Press Statement:
HPE to Acquire Juniper Networks to Accelerate AI-Driven Innovation | Juniper Networks Inc.

January 1, 2024January 2, 2024

My 8 AI tech predictions for 2024

man looking up a cloud thinking about AI advances in 2024

Our social media feeds will be full of predictions for the year ahead this week, after all, 2023 was an exciting and crazy year in tech with arguably some of the biggest advances we have seen for more than a decade. You can read my 2023 tech review here.

With all the advancements in Generative AI technology and chatbots in 2023, I have focussed my tech predications specifically around the rise and development of Generative AI, since every aspect of IT is going to be “AI infused” this year I believe, and organisations start to enter the next level of adoption maturity – from “what is coming” and “what might be possible” to real business impacts and tangible examples.

#1 AI is going to keep getting better and more “intelligent”.

This is quite a no-brainer really, as we already know that OpenAI has big plans for 2024 and with Google hot on their tail with Gemini, I would expect to see the release ChatGPT 4.5 (or even 5) at some point in the first half of 2024. We could also see image technology like DALL-E shift into video creation for the masses an not just images. There will also be more competition to win the Gen AI race from Microsoft, Apple, Google and Amazon. This could be the new browser and search engine wars. Microsoft will adopt the later ChatGPT and DALLE-3 tools into their Copilot products.

#2 Business will invest more AI and core technology training.

Outside of using Generative AI to help us write emails and documents, many organisations will be looking to AI to further enhance business automation and data processes to complement and enhance human capabilities.

With the output of most of the AI tools we will use in the enterprise being reliant on the data on which they use as a reference point or to operate, there will be a need to invest in skills around the fundamentals of AI and big data analytics. People will need to learn how to interface with AI, how to write to good prompts that deliver the right outcome and how to leverage these new tools to radially improve productivity and outcomes.

At the more basic levels, there will also be a focus and need to drive good adoption of the base technologies used within organisations as a result of the technologies and processes put in place. From good data labelling and classification, to simply working with and storing files in the right places in Office 365 and to using the new tools such as Copilot in Edge and Microsoft 365, Intelligent Recap in Teams, businesses will need to revisit the level of IT training given to employees, encouraging Centres of Excellence and building technology sponsors or mentors across different teams.

Training users on what tools to use, how to use them and when will be key and is something many organisations still do badly.

#3 We will see more Legal Claims against AI.

Whatever happens in terms of the tech advances of AI, there is no doubt that we see a leap in the number of legal claims from authors, publishers and artists against companies who have been building AI products – after all, we’ve already seen a few in 2023.

The reason for this, is that at the heart of any Generative AI products are large language models (LLMs). The leading AI companies such as Google, Microsoft and OpenAI, have worked really hard to ensure their models adhere to and respect copyright laws while “training” their models. In fact, Microsoft are so bold about this, they even put in place a copyright protect pledge to protect companies back in September last year.

Just last week (December 2023), the New York Times filed a huge lawsuit against Open AI and Microsoft for copyright infringement. They claim that their heavily journalism content was being used to train and develop ChatGPT without any form of payment.

OpenAI and Microsoft are also caught up in another lawsuit over the alleged unauthorised use of code in their AI tool Github Copilot and there have already been other examples of lawsuits against developers of generative AI products including Stability AI and Midjourney in which artists have accused the developers of using their content to train text-to-image and image creation generators on copyrighted artwork.

The legal battles of 2023 highlight some of the complex and evolving issues surrounding intellectual property rights with the development and use of AI.

As 2024 gets underway, I suspect we will see more examples (especially if the New York Times case is successful).

#4 The rise of robust governance policies.

As we move from proof of concepts and idealisation to real proven examples of how these AI tools can be used in our daily lives, I think we will see an increase in regional, state and local companies, putting in place robust governance policies, processes and tools including the testing and validation for content generated by AI generated content. This will require new tools for ensuring there are appropriate guard rails and monitoring throughout.

Organisations will need to have clear AI policies in place that map out what AI products and tools they allow, guidance around content and image generation as well as what they view as ethical, responsible, and inclusive use of AI, outside of the policies that the AI companies have in place and the guidance they provide.

Education will also be key to ensure that employees can learn and put to practice, the necessary skills to use AI tools in workplace and to ensure the above checks and policies are implemented. Creating centres of excellence and good practice sharing will also be key to ensure employees and organisations get maximum benefit and gains from using AI.

#5 Expect to see more deception, scams and deep fakes.

We will likely see more deception and trickery for financial gain this year as fake person generators and deep fake voice and videos become more of a widespread tool for phishing and scams. We have already seen cases (and warnings) by banks where voice cloning technologies can already accurately replicate human voices and threaten the security of voice print based security systems. In 2024,we are likely to see this go further to many more areas across personal, corporate and political exploitation and deception.

Left unsupervised and unprotected, the rapid growth and risks of digital deception imposes a huge risk and needs security response and protection organisations to respond. I think we will see more guidance, more safeguards, specialised detection tools, increased awareness and increased use of multi-factor protection. A new method of digital prints to detect such fakes is going to be critical if people and organisations are going to remain confident that these technologies can’t be beaten by deep fakes.

To protect the reliability of information in a fast-changing digital world, it will be essential to have the tools and skills to detect and counteract AI-generated fabrications.

#6 Proliferation of “new” wearable AI technology.

I expect to see a huge increase in products and services around AI wearables or AI-powered wearables. This will further drive the already increasing trend that shifts away from traditional screen-focused devices towards more integrated, context and environment aware devices that provide up-to-date monitoring that fuel data driven insights and decisions into personal and professional lives.

Applications: This could open up huge advances in for example continuous health monitoring devices, such as blood glucose monitors, anxiety detection, cancer scanning, gut health and even AI controlled insulin pumps. In sports we could a new level of performance monitoring and tracking with huge sponsorships deals by leading health and fitness companies. This will/could also lead to more data for unique advertising revenues…

Apple have also recently said they are working with OpenAI and plan to leverage the computing edge (their devices) by directly enabling AI processes on their devices rather than relying solely on cloud connected AI services.

Security comprises and wider privacy concerns are likely to be impacted by this shift especially as these devices (in a similar way to health trackers do today) will have the ability to record and process huge amounts of personal, health and other data. In the case of smart glasses for example, this could also lead to new laws and legislation (and restrictions) to ensure privacy isn’t compromised by recording or capturing video without permission or consent.

#7 Cyber attacks and defence will become “more AI driven”.

With any new technology – security plays a vital role. I think we will see a massive change to the level of attacks and therefore the protection and detection needed from cyber security systems this year. From an attacker perspective, it is likely that the use of Machine Learning and AI will continue to amplify the sophistication and effectiveness of cyber attacks – with more convincing personalised-driven tactics, including advanced deepfakes and intricate, personal phishing schemes, using AI to craft more convincing social engineering attacks that make it increasingly difficult to differentiate between legitimate and deceptive communications – both externally and from within the organisation. We will also see systems customise attacks based on industry, location and known threat protection landscape.

From a defence perspective, the fight against AI attacks will also be AI-centric with new AI-based detection tools and applications that work in real time. Identity will be the primary defence and attack vector. For example, Microsoft’s Security Copilot which is currently in preview promises to be the first generative AI security product to help businesses protect and defend their digital estate at AI speed and scale. These tools, in partnership with people powered response and remediation teams should at least even the fight between the AI powered attackers and the defenders that are needed to keep our businesses, industry and services safe.

Without playing the War Games/Terminator scare games, the treat of bad actors/nation state attackers. organised cyber crime division and opportunity hackers have a new set of tools available to help them. The battle between attackers and the biggest Cyber Security MSPs, Cloud giants and business is going to heat up. We will see victims and we will see scares. The battle against cyber threats is becoming ever more complex and intertwined with AI.

Businesses will need a more nuanced and advanced approach to cybersecurity which will mean simplification, standardisation and most likely reducing the number of different disconnected security products they have and adopting a more defence in depth approach with AI powered SEIM tools or full outsourced Managed Security.

#8 Zero Trust will finally be taken seriously.

To wrap it up – and with the growth of AI in to every part of our personal and work lives, working across more devices, applications, and services, the realm of control that IT traditionally had over the environment will continue to move outside of their control.

With the rise of AI and more importantly AI being used to drive more sophisticated attacks – compromising personal devices that are used to access corporate data, I think we will see more organisation adopting the zero-trust security models whilst consolidating their point product solutions into a more streamlined and unified approach.

Zero Trust is a security strategy – not a product or a service, but an approach in designing and implementing the following set of security principles regardless of what technology products or services an organisation uses:

Verify explicitly.
Use least privilege access.
Assume breach.

The core principle of Zero Trust is that nothing inside or outside the corporate firewall can be trusted. Instead of assuming safety, the Zero Trust model treats every request as if it came from an unsecured network and verifies it accordingly. The motto of Zero Trust is “never trust, always verify.”

We also know many organisation have a huge amount of digital dept when it comes to security – with lots of point products, duplicate products and dis-jointed systems. I think we will see organisations focus more around:

Closing the gaps in the Zero Trust strategy– making sure they have adequate protection against each of the layers
Focus on data protection to minimise data breach risk – things like Data Loss Prevention, encryption, conditional access, labelling and data classification etc.
Doing more with less – by removing redundant or duplicate products and aligning with tools that better integrate with one another and that can be managed holistically through a single pane of glass.
Doubling down on Identity and Access control – moving to passwordless authentication methods, tighter role based access control, time-based access for privileged roles and stricter conditional access policies.

I also think that Generative AI has a huge potential to strengthen both our awareness of data security, and in adding an additional layer of visibility and protection. I expect we will see admin tools become smarter at looking at information over sharing, pockets of risk and potential compromise and having the ability to take action (expect more premium SKUs) to close the gaps, inform information owners or alert Sec Ops teams. I think we will see organisations spend more time looking at risk management and insider risk too.

I could probably go on – as there is so much happening and the pace we saw in 2023 will only continue and if not increase.

Conclusion

In conclusion, this article has discussed some of the major trends and my predictions for AI in 2024, based on the developments, achievements, rumours and general trajectory seen last year.

In short, my predictions, include the improvement and competition of generative AI models, the need for more AI and data skills training, the legal and ethical challenges of AI-generated content, the rise of AI governance and security policies, the increase of deception and deepfakes, the proliferation of AI wearables, and the role of AI in cyberattacks and defence.

These trends highlight the both the opportunities and risks of AI for personal, professional, and societal domains, and the importance of being aware and prepared for the impact of AI in the near future.

November 8, 2023November 8, 2023

Microsoft Authenticator now protects against “MFA Bombing” .

The Microsoft Authenticator is getting a backend upgrade in which it now be able suppresses risky sign notifications in an attempt to mitigate against “MFA fatigue” caused by this new attack tactic called MFA bombing. As a big internal advocate of passwordless within my own organisation this is great news…

What is MFA Bombing

“MFA Bombing”, is an attack method in which attackers continually try to logon from unfamiliar locations causing an influx of MFA prompts aimed to truck the user to click accept and allow the sign in since they get sick of dismissing notifications. This is known as MFA bombing attacks.

Microsoft say that this new policy should address the root cause of this growing security breach method.

How Microsoft Authenticator protects against MFA Bombing

In response to this, Microsoft’s Authenticator app will now automatically suppress notifications that come from “risky signins” based on number matching, a MFA method that requires users to verify their identity by entering a numerical code displayed on the screen.

This is aimed to protect users that use the “approve only method” but acts on any method used. Microsoft will now suppress Authenticator notifications when a request is deemed to pose potential risks, such as when the request originates from an unfamiliar location or is exhibiting other anomalies such as repetitive requests (or bombing).

We now suppress Authenticator notifications when a request displays potential risks, such as when it originates from an unfamiliar location or is exhibiting other anomalies. This approach significantly reduces user inconvenience by eliminating irrelevant authentication prompts.
Microsoft.

With this feature, and in the event of a login request that looks risky, the standard notification will not be sent to the users device via the authenticator app. Instead, the user (or attacker) will receive a notification on screen (where they are trying to logon) and be told to “Open your Authenticator app and enter the number shown to sign in,”.

When the user opens the Authenticator App, the request will be available for the user and they can sign in…..

Since no notification will be shown on the users mobile authenticator app, if the request was not made by the user, no notification will be displayed so the request will time out.

This significantly reduces user inconvenience by eliminating irrelevant and known risky authentication prompts.

Microsoft recommend “number matching”

Whilst these additional protections are great, it’s recommended that organisations look to implement number matching (if not enabled by default) to enhances the security of the sign-in process by requiring users to enter a sequence of numbers that are displayed on the sign-in screen when approving an MFA request in the Authenticator app. This has a number of immediate benefits over simple approve/deny options including:

It prevents accidental approvals by making sure that you are aware of the sign-in request and have access to the sign-in screen.
It defends against MFA fatigue attacks, which are spamming attempts to trick people into approving access requests by sending you multiple notifications.
It provides an additional layer of security by verifying that the device or app that generates the numbers is the same as the one that receives the approval request.

The implementation of number matching, is a grest way forward and has been extremely successfully in preventing attackers that engaging in MFA fatigue / bombing attacks.

Combined with the new suppression technology for known attacks , Microsoft say that this change has already prevented more than 6 million MFA notifications since September 2023.

Number matching in MFA is available for the Microsoft Authenticator app and can be enabled by IT admins for different scenarios, such as multifactor authentication, self-service password reset, combined registration, AD FS adapter, and NPS extension.

September 22, 2023September 25, 2023

Microsoft September 2023 News: The new and exciting stuff

Microsoft hosted a live Surface and AI event on Thursday 21st September where they announced a lot of new and exciting features and products across its various platforms and services. In this blog post, I have tried to summarise the most notable ones and explain how they might benefit you and your organisation.

Disclaimer (and product plug) - Since this was an AI event in whole, I also want to state that other than some slight tweaks, this blog post was written by Bing Enterprise Chat - Microsoft Designer created the image. The whole thing took less that 10 minutes.

Copilot: Your AI Assistant at Work and Beyond

Copilot is a new feature that uses artificial intelligence (AI) to help you with various tasks, such as drafting emails, summarizing texts, creating images, and more. You can access Copilot from Windows 11, Microsoft 365, Edge, and Bing, and chat with it in natural language. Copilot will understand your intent and provide relevant assistance based on the context and your data.

For example, you can ask Copilot to draft an email for you with a specific tone, or to generate a graphic art based on your description. You can also use Copilot to answer questions, troubleshoot your PC, control your settings, and access recommendations. Copilot is designed to save you time, reduce your cognitive load, and ignite your creativity.

Copilot will be generally available for enterprise customers on November 1st, and for a select group of consumers and small business customers as part of the Early Access Program (EAP). It will initially be limited to three hundred licenses and will cost $30 per user per month.

Windows 11: The Most Powerful and Personal Windows Ever

Windows 11 is the latest (and IMO best) version of the Microsoft’s desktop operating system that powers millions of devices around the world. Windows 11 offers a fresh and modern design, improved performance, and security, and a more personalised and connected experience. They announced the latest update coming next week (Sept 26th). Some of the new features in Windows 11 will include:

An updated Start menu that gives you quick access to your apps, documents, and settings.
An updated Taskbar that lets you easily switch between multiple instances of each app, hide the time and date, and end tasks with a right-click.
A new Dev Home that helps you set up your development environment by downloading apps, packages, or repositories, connecting to your developer accounts and tools, and accessing experimental features in WSL.
A new Dev Drive that provides a fast and secure storage volume for developers, with a file system that delivers both performance and security.
A new WinGet Configuration that simplifies the setup process for developers by reducing it to a single command.
New Gallery in File Explorer that makes it easy to access your photo collection across all your devices.
A new Snipping Tool that lets you record your screen with audio and mic support, copy and redact text from a screenshot, and edit your images with Paint.
A new Photos app that has new editing capabilities to achieve stylish background blur effects and makes it easier to find specific images backed up in OneDrive.
Updated Narrator that uses natural human voices in new languages, and lets you use voice access to log in to your PC and access other areas on the lock screen.
Refreshed Notepad app that automatically saves your session state, allowing you to close Notepad without any interrupting dialogs and then pick up where you left off when you return.
A new Instant Games feature that lets you play your favorite casual games directly from the Microsoft Store without the need to download and install them on your device.
Windows Copilot – Your Copilot for Windows.

Windows 11 also announced general availability of Windows 365 Boot and Windows 365 Switch, which allow you to log into your Windows 365 Cloud PC as the primary Windows experience on the device or easily switch between the Cloud PC and the local desktop. Windows 365 is a cloud PC service that lets you stream a full Windows experience from anywhere on any device and is fully managed from Intune.

This update will start rolling out as a free update on September 26th.

Surface: The Ultimate Devices for Work and Play

Surface is Microsoft’s line of devices that combine innovative design, powerful performance, and versatile functionality. Surface devices are built to work seamlessly with Windows 11 and Microsoft 365, offering the best productivity and creativity tools for work and play. I am a massive fan of Surface

The new / refreshed Surface devices include:

Surface Laptop Studio 2: The most powerful Surface ever built, with the latest Intel Core processors, NVIDIA Studio tools for creators, touchscreen display, and flexible design with three unique postures.
Surface Laptop Go 3: The lightest and most portable Surface Laptop, with touchscreen display, premium features like an incredible typing experience and a Fingerprint Power Button, and four stylish colours.
Surface Go 4: The baby Surface Pro is this time, available only for corporate and not consumer market (why??), the device is the same dimensions as before but is more repairable (the most repairable and sustainable device int he Surface Fleet). It ditches the 4GB RAM option (good) and brings a higher spec entry level processor. Pricing increases too which is a shame as is ditching consumer market. These are great for school kids.
Surface Hub 3: The ultimate collaboration device for teams, with a large interactive display that runs the Microsoft Teams Rooms experience. Surface Hub 3 pairs seamlessly with Teams-certified devices and supports Hub on day one. There was also an upgrade announced for Surface Hub 2S customers to upgrade to Surface Hub 3,

The new Surface devices are available for pre-ordering now.

Microsoft 365: The World’s Productivity Cloud

Microsoft 365 is a cloud-based subscription service that offers the best productivity apps for work and life. Microsoft 365 includes apps like Outlook, Word, Excel, PowerPoint, OneNote, OneDrive, Teams, Stream, Loop, Clipchamp, and more.

Microsoft 365 Copilot (which will be available from 1st November) is an add-on service at $30 per user per month and provides in-built AI-powered features and services that help you get more done across all your Office 365 apps and services – with support also coming to Microsoft Designer, Loop and Clipchamp and more.

Some of the new features and services in Microsoft 365 include:

Copilot in Outlook, Excel, Word, Loop, OneNote, Stream, and OneDrive: Copilot is integrated into various Microsoft 365 apps to provide AI assistance for different tasks. For example, you can use Copilot in Outlook to draft emails, in Excel to create charts, in Word to summarize documents, in Loop to generate content blocks, in OneNote to take notes, in Stream to transcribe videos, and in OneDrive to find files.
Generative Expand, Fill, and Erase in Microsoft Designer: These features let you manipulate images in creative ways, such as expanding the canvas, filling in missing areas, or erasing unwanted objects. Generative Erase is generally available now, and Generative Fill and Expand are coming soon.
Copilot Lab: Copilot Lab is a feature that lets you learn how to use Copilot effectively, share your favorite prompts with coworkers, and get inspired by other users. Copilot Lab will be accessible to all Microsoft 365 Copilot users once it’s generally available in November.
Mobile Application Management (MAM) for Windows: This feature allows employees to access organisational resources through Microsoft Edge from an unmanaged device, while giving IT the ability to control the conditions under which the resources can be accessed.

Bing and Edge: The Smartest Way to Search and Browse

Bing and Edge are Microsoft’s search engine and web browser that offer a fast, secure, and personalized way to search and browse the web. Bing and Edge use AI to provide relevant information and assistance based on your needs and preferences.

Some of the new features and improvements in Bing and Edge include:

DALL-E 3 in Bing Image Creator and Microsoft Designer integration: Bing Image Creator is a feature that lets you create images from text descriptions using AI. Bing Image Creator is now powered by DALL-E 3, which produces more realistic and detailed images. You can also access Bing Image Creator directly from Microsoft Designer for further editing.
Content Credentials: Content Credentials is a feature that uses cryptographic methods to add an invisible digital watermark to all AI-generated images in Bing. This helps you verify the origin and authenticity of the images. Content Credentials will be supported in Bing Image Creator, Microsoft Designer, and Paint soon.
Bing Chat Enterprise: Bing Chat Enterprise is a feature that lets you chat with Copilot from the Edge mobile app. You can also use multimodal visual search and Image Creator from Bing Chat Enterprise.
Copilot in Microsoft Shopping: Copilot in Microsoft Shopping is a feature that helps you find what you’re looking for more quickly. You can ask for information on an item, and Bing will ask additional questions to learn more. Then, Bing will use that information to provide more tailored recommendations. This feature will be available soon on both PC and mobile.
Personalised Answers: Personalised Answers is a feature that uses your chat history to inform your results. For example, if you’ve used Bing to track your favorite soccer team, next time you’re planning a trip it can proactively tell you if the team is playing in your destination city. Personalized Answers will begin to roll out soon.

Microsoft Advertising: The Best Way to Reach Your Customers

Microsoft Advertising is a platform that helps businesses connect with their customers across the web. Microsoft Advertising offers various solutions and tools to create effective and engaging ads that reach the right audience at the right time.

Some of the new features and improvements in Microsoft Advertising include:

Copilot in the Microsoft Advertising Platform: Copilot in the Microsoft Advertising Platform is a feature that simplifies and enhances every aspect of your experience with the platform. You can use Copilot to create campaigns, get content recommendations, optimize your performance, and more. This feature will be coming soon.
Compare & Decide Ads: Compare & Decide Ads are a new type of ads that pull relevant data of various products or services into a succinct table. This helps users easily evaluate different options based on their criteria. Compare & Decide Ads will be available for cars initially and will be brought to closed beta in early 2024.

Conclusion

These are just some of the highlights from the Microsoft September 2023 News. There are many more features and products that we didn’t cover here, but you can find them on the current web page context. I hope you are excited about these new developments, and I would love to hear what you are most excited about.

September 22, 2023September 21, 2023

Cisco to Aquire Splunk

Cisco has announced that it will acquire Splunk, a cybersecurity and observability platform platform for $28 billion.

Cisco say that acquisition is expected to help them create the next generation of AI-enabled security and observability solutions, moving organisations from threat detection and response to threat prediction and prevention.

This will help build on the extensive full stack observability platforms Cisco have already including Thousand Eyes and Cisco App Dymanics.

We’re excited to bring Cisco and Splunk together. Our combined capabilities will drive the next generation of AI-enabled security and observability…. From threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient.”
Chuck Robbins | CEO | Cisco

This is the biggest acquisition in Cisco’s history and a massive push into software and artificial intelligence-powered data analysis. With three two complimentary services coming together it should help Cisco achieve it’s mission to “securely connect everything to make anything possible, and move from threat detection and response to threat prediction and prevention”.

Splunk President and CEO Gary Steele will join Cisco’s Executive Leadership Team reporting to Chuck Robbins.

What is Cisco’s Full Stack Observability offering?

Cisco’s Full-Stack Observability (FSO) solutions bring together performace and availability data from on-premises, cloud and SaaS applications allowing organisations to monitor traditional and modern applications, track performance of cloud-native applications, and correlate network metrics with application performance data and provide real-time insights and recommended actions for any performance related issues along with the potential. Impact to the business.

Cisco Full-Stack Observability is comprised of a single platform that brings together multiple solutions such including AppDynamics, ThousandEyes, and Cisco Secure Application. Splunk will soon be added to this!

The platform is open and extensible, API-driven, focused on OpenTelemetry, and anchored on Metrics, Events, Logs, and Traces (MELT).

You can find more information about Cisco Full-Stack Observability solutions on the Cisco website

You can read the announcement from Cisco below.

https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m09/cisco-to-acquire-splunk-to-help-make-organizations-more-secure-and-resilient-in-an-ai-powered-world.html

September 11, 2023September 11, 2023

Microsoft 365 E5 to get Defender for IoT for free

Microsoft have announced that organisations with Microsoft 365 E5 subscriptions will soon be getting a new “service plan” called “Defender for IoT – Enterprise IoT Security – Enterprise IoT Security”.

As spotted in the Microsoft 365 Message [ID: MC673712] update over the weekend, this service plan will provide both Microsoft 365 E5 customers and those who have the Microsoft M365 E3 add-on [E5 Security] with real-time device discovery, continuous monitoring, and vulnerability management capabilities for up to 5x Enterprise IoT devices (such as printers, scanners, cameras, Smart TVs, VoIP phones) per user license [so an organisation with 2,500 devices will get support for cross the organisation. Additional per-per device licenses will also be available for purchase.

Illustration of "Defender for IOT" - Image (c) Microsoft.

The Internet of Things (IoT) supports billions of connected devices that use both operational technology (OT) and IoT networks. IoT/OT devices and networks are often built using specialized protocols and may prioritise operational challenges over security.

When IoT/OT devices can’t be protected by traditional security monitoring systems, each new wave of innovation increases the risk and attack surfaces across those IoT devices and OT networks.
Microsoft

This will start to roll-out next month (October 2023) and provides tools and insights for protect enterprise IoT networks, including:

Tools and insights for protect enterprise IoT networks
Agentless IoT device monitoring
Support for cloud, on-premises, and hybrid OT networks
Support for modern and proprietary Operations technology (OT) protocols
Lightweight security micro-agents which allow IT to build security straight into IoT operations and innovations.

Cisco XDR uses Cohesity to help protect your org from ransomware

Cisco has added ransomware detection and recovery support to its recently unveiled Extended Detection and Response (XDR) system.

Ransomware is a type of malicious software that encrypts the end user’s device and data and demands a ransom for its decryption. Ransomware attacks can cause considerable damage to businesses and organisations, disrupting their operations and compromising their data. To combat this threat, Cisco has now introduced a new solution that integrates with their new Extended Detection and Response (XDR) solution with Cohesity’s DataProtect and DataHawk offerings.

Cisco’s XDR system is a cloud-based platform that combines multiple security products and telemetry sources to detect, analyse, and respond to threats across the network and endpoints. As Cisco announced the General Availability of their XDR platform, they also announce that they have added ransomware detection and recovery support to their XDR system, enabling Security Operations Center (SOC) teams to automatically protect and restore business-critical data in the event of a ransomware attack.

This feature is made possible by integrating Cisco’s XDR system with Cohesity’s DataProtect and DataHawk offerings, which are well established and trusted, infrastructure and enterprise data backup and recovery solutions. These provide configurable recovery points and mass recovery for systems assigned to a protection plan and can preserve potentially infected virtual machines for forensic investigation and protect enterprise workloads from future attacks.

Cisco said that the exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries. It also noted that during the second quarter of 2023, the Cisco Talos Incident Response team responded to the highest number of ransomware engagements in more than a year.

The integration of Cisco’s XDR system and Cohesity’s solutions is designed to help Security Operations Centre (SOC) teams and IT to automatically detect, snapshot, and restore business-critical data at the very first signs of a ransomware outbreak; often before it has had a chance to move laterally through the network to reach the high–value assets.

In the announcement, Cisco and Cohesity said that they already have a long-standing partnership, with over 460 joint customers. Cisco have said that the Cohesity Cloud Services package will also be able to be sold by their Cisco channel partners like Cisilion later in 2023. The Cohesity Cloud Services include data security and management as well as threat defense, data isolation and backup/recovery. Cisco have also said that the software can be deployed and hosted on both Microsoft Azure and Amazon Web Services (AWS) via their marketplaces.

This brings more features to Cisco’s XDR service (a competitive landscape where they compete against the likes of Microsoft, Sentinel One and Palo Alto) and brings together a myriad first-party Cisco, and third-party security products to control network access, analyse incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that SOC operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated in the announcement.

Part of Cisco’s growing Security Portfolio

The Cisco Security portfolio is a comprehensive set of solutions that work together to provide seamless interoperability with your security infrastructure, including third-party technologies. Their growing portfolio covers various aspects of security, such as network security, user and endpoint protection, cloud edge, advanced malware protection, email security, web security and workload security. The Cisco XDR system is part of this portfolio and integrates with other Cisco products and services to detect, analyse, and respond to threats across the network and endpoints.

Cisco XDR system can leverage the threat intelligence from Cisco Talos – the cloud-based platform known as Cisco SecureX, as well as the backup and recovery solutions from Cohesity to provide a powerful and proactive defense against ransomware and other advanced threats. Cisco XDR system also supports third-party integrations with other security vendors, including Microsoft, Splunk and many others.

Cisco have, and continue to invest heavily in their end-to-end security portfolio and their XDR solution (as of December 2022) is on the cusp of moving into the Leaders Quadrant in the Gartner Magic Quadrant for Endpoint Protection.

Cisco's XDR play competes against other industry leading XDR vendors including Sentinel One Microsoft Defender, Crowdstrike Falcon, Palo Alto Cortex XDR and Trend Micro Vision One.  

Cisco are on the verge of become a leader in the Gartner Magic Quadrant for Endpoint Protection.

Conclusion

Ransomware is a serious threat that requires a comprehensive and proactive solution. Cisco’s XDR system, integrated with Cohesity’s DataProtect and DataHawk offerings, provides a powerful way to detect, prevent, and recover from ransomware attacks.

For organisations with a fragmented security portfolio and those heavily invested in Cisco infrastructure, Cisco’s XDR can be an excellent choice for organisations that need to increase visibility and simplify the detection and remediation time with the integration of XDR with the rest of their Cisco Security portfolio – enhancing the visibility, automation, and effectiveness of security operations.

August 4, 2023August 4, 2023

Key takeaways from Cisco’s 2023 Network Trends Report

Cisco has just published their 2023 Global Networking Trends Report. This report covers some of the emerging networking trends in the multi-cloud world, and how they affect the IT operations and security of organisations. The report is twenty-one pages long and covers some interesting trends and observations from more than 2,500 IT leaders in 13 countries across North America, Latin America, Asia Pacific, and Western Europe (including the UK).

My key take aways from the report

Hybrid work and multi-cloud adoption are driving the need for innovative approaches to securely connect remote workers to corporate data and assets distributed across multi-cloud environments with a huge need (40% of respondents) to de-silo operations and bring together network and security controls and visibility.
Cisco says that “providing secure access to applications distributed across multiple cloud platforms” is the top challenge cited by 41% of networking professionals, followed by gaining end-to-end visibility into network performance and security (37%).
Growth and demand for SASE. SASE (Secure Access Service Edge) is a convergence architecture that delivers simplified and consistent security and performance for multi-cloud access and hybrid work. Cisco are a leading vendor in the SASE space which combines SD-WAN (Software-Defined Wide Area Network) and SSE (Security Service Edge) into a single, integrated SaaS security offering.
- In the report, Cisco highlighted that 47% of respondents expect to connect their branches and remote clients using a SASE model by mid 2025, while 59% said that they will be prioritising centralising and consolidating cloud security over the same period.
Extending SD-WAN connectivity consistently across multiple clouds can automate cloud-agnostic connectivity and optimize the application experience. 53% of respondents prioritise integration with cloud service providers for this purpose5.
End-to-end network visibility and predictive analytics are essential for ensuring a consistent user experience across the complex digital service delivery chain, especially around SaaS apps with 51% of respondents prioritising end-to-end network telemetry and visibility. 47% of respondents said they will be prioritising predictive network analytics.
More organisations are multi-cloud than ever before with 92% of organisations reporting that they use more than one public cloud service (includes SaaS, IaaS and PaaS).

How Cisco Technology can help address these challenges

Cisco provide a comprehensive portfolio of products that can help organisations address many of the challenges of multi-cloud networking and security which fall into the SASE and SD-WAN categories. These include:

Cisco SD-WAN with edge security stack or SD-WAN with Umbrella Cloud Security (SASE) both leverage the Cisco Identity Service Engine’s Security Group Access Control Lists for segmentation policy management and enforcement across the WAN.
Cisco SD-WAN integrated with Cisco Umbrella SIG for a cloud-delivered SASE model that seamlessly secures access wherever users and applications reside.
Cisco Cloudlock, – Cisco’s cloud-native cloud access security broker (CASB) that helps secure your use of SaaS applications
The Cisco SD-WAN and these SSE collaborations provide a range of SASE deployment options for our Partners and Managed Service Providers (MSPs), allowing them to utilize a mix of networking and cloud security solutions to offer multiple managed options to enterprises at various stages of their SASE journey 3.
Cisco Secure Access Service Edge (SASE) is a cloud-native platform that combines SD-WAN, SWG (Secure Web Gateway), ZTNA (Zero Trust Network Access), DNS-layer security, CASB (Cloud Access Security Broker).

The table below shows the key challenges discussed in the report and the corresponding solutions from Cisco that can help address them:

Challenge	Solution
Providing secure access to applications distributed across multiple clouds	SASE (Secure Access Service Edge), a convergence architecture that delivers simplified and consistent security and performance for multi-cloud access and hybrid work. SASE It combines SD-WAN (Software-Defined Wide Area Network) and SSE (Security Service Edge) within Cisco’s cloud platform
Gaining end-to-end visibility into network performance and security	Cloud-based network detection and response solutions, such as Cisco Secure Cloud Analytics, which provides visibility and threat detection for an organisations’ network across public, private, and hybrid cloud environments.
Extending SD-WAN connectivity consistently across multiple clouds	SD-WAN multi-cloud integrations, which allow networking and cloud teams to accelerate and automate extensions from enterprise sites to various cloud providers and other enterprise sites through Internet, interconnect, or colocation and cloud provider networks.
Siloed cloud, network, and security operations	Cloud-centric operating model, which brings cloud operating model principles to the network and across the entire cloud/network IT stack, enabling more integrated workflows and better collaboration between network, security, and cloud operations.
Visibility into end user experience and performance of multiple Cloud SaaS apps	Cisco ThousandEyes provides real-time and historic view into the availability of thousands of different SaaS apps. It allows IT to monitor all employee’s user’s digital experience against software as a service and on-prem applications, regardless of where users are, through the essential elements of your SASE architecture. With ThousandEyes, organisations can gain back visibility and control over SaaS applications and ensure that they are performing optimally.

Table 1 – How Cisco technology addresses the challenges of securing and managing Networking and Security across multi-cloud environments,

Summary

Cloud is the new data center, Internet is the new network, and cloud offerings dominate applications. By gaining a view of global Internet health and the performance of top SaaS applications, IT teams can proactively detect and remediate major unexpected network or application issues affecting them as soon as they happen.

Based on the report, Cisco say that organisations can mitigate against many of the challenges discussed by adopting a cloud-centric operating model that brings cloud operating model principles to the network and across their entire cloud/network IT stack. This can enable more integrated workflows and better collaboration between network, security, and cloud operations.

July 12, 2023July 12, 2023

Azure Active Directory is now “Entra ID”

Today, Microsoft have announced the next milestone in their expanded vision for the unified secure access with some huge changes to their unified access and security offering Entra which has now become the brand name for all things identity and access management. Along with that is a name change to Azure Active Directory to Entra ID.

Is Azure AD discontinued?

No… This is a name change that is a result of the shift to a truly end to end multi cloud identity and access solution that spans beyond simply Microsoft 365 and Azure. The name change is designed to reflect it’s new and enhanced capabilities.

In the last 12 months, we saw an average of more than 4,000 password attacks per second, an almost threefold increase from the 1,287 attacks per second we saw the previous year.
Microsoft Security Intelligence Report

With this they have announced they are expanding their Microsoft Entra suite into the Security Service Edge (SSE) category with the launch of two new products.

Microsoft Entra Internet Access and
Microsoft Entra Private Access.

Microsoft Entra Internet Access is an identity-centric Secure Web Gateway that protects access to internet, software as a service (SaaS), and Microsoft 365 apps and resources. It extends Conditional Access policies with network conditions to protect against malicious internet traffic and other threats from the open internet.

Microsoft Entra Private Access is an identity centric Zero Trust Network Access that secures access to private apps and resources. Designed to reduce operational complexity and cost by replacing legacy VPNs with simple yet granular security to ensure that any user can quickly and seamlessly connect to private apps across hybrid and multi cloud environments, private networks, and data centers from any device, from any location and from any network.

The goal and vision of Microsoft here is to help organisations secure access to any app or resource, from anywhere. Microsoft say in their security blog that the flexible work arrangements we have become accustomed too, along with continued increase cloud adoption continue to put strain on traditional and legacy corporate networks and network security approaches. Using VPNs to backhaul traffic to the legacy network security stack weakens security posture and damages the user experience while using siloed solutions and access policies leaves security gaps.

Both are now in preview….

The renaming of Azure Active Directory (Azure AD) to Microsoft Entra ID was also announced which Microsoft say has been done as Microsoft to simplify the product naming conventions and to unify their expanded product family. The change was made as Azure AD now supports multi-cloud meaning the name Azure AD no longer represented the breadth of its offerings.

Personally not a fan of the name change even though their reasoning makes sense… Everyone knows what Azure AD is (or maybe that’s the problem… they think they do!)… Even Microsoft Teams wasn’t sure about it.!

Microsoft say that that the currently capabilities and licensing plans, sign-in URLs, and APIs will remain unchanged, and all existing deployments, configurations, and integrations will continue to work as before.

You can read more about these recent changes and announcements here.

June 1, 2023June 1, 2023

Cisco acquires Armorblox, bolstering their Security offerings

Cisco have announced that they are to acquire Armorblox, a leading email security house whose portfolio (which is centred around email protection) includes email security, DLP, data encryption, impersonation protection, fraud protection, URL, and ransomware protection.

What do Armorblox do?

Founded in 2017 and now with over 58,000 customers, Armorblox protects organisations against data loss and targeted email attacks like business email compromise, vendor fraud, and account takeovers. Their tools leverage Generative AI and Large Language Models (LLMs). They have scored highly in the Gartner Peer Insights report and have invested heavily in their interoperability through APIs.

Armorblox are also part of the Microsoft Intelligent Security Association and has deep integrations with Microsoft Sentinel which will play well with Cisco’s goal to work more closely with Microsoft.

Cisco say that “Through this acquisition though, we see many exciting broad security use cases and possibilities to unlock“.

Armorblox seamlessly integrates over APIs with existing security stacks, making life easier for security teams. Our comprehensive security solution leverages large language models, such as GPT, and a broad set of deep learning algorithms to accurately detect today’s targeted threats, protect key business workflows, and reduce manual work for security teams through automated processes.
Armorblox

Cisilion plan to leverage this investment to bring new AI powered security offerings to their existing portfolio across as well as enable them to leapfrog their competition and offer compelling, integrated, and advanced threat protection.

I’m excited to see the ways in which Cisco leverage this acquisition to bolster security across all their offerings. Assimilating and embedding the technologies they aquire is one of their huge strengths.

Summary

What is CrowdStrike?

Root Cause

Impact

Is there a fix?

Conclusion

How did Microsoft allow this to this happen?

It’s not the first time this had happened…to other OS’s

Sharing is caring:

Like this:

CyberSecurity – State of the nation

What’s in the Cyber Security Bill?

What about NIS2?

About mandatory reporting on ransomware attacks

What the Cyber Security Bill means for IT and Security Teams

Cyber Security Bill – Things you can do

Consulting, Assessments and Workshops

Security Adoption and Consolidation

Managed SOC and XDR

Employee Training and Education

Conclusion

Sharing is caring:

Like this:

Digital Resilience Through AI

$1 Billion AI Investment Fund

New Strategic Initiatives

New certifications to empower partners

New innovations to their portfolio announced

Excitement overdrive

It’s not over yet.

Sharing is caring:

Like this:

Generative A is the Game-Changer

The Future of Cyber Defense

Summary

Sharing is caring:

Like this:

Cisilion and Splunk Fireside Chat – Key Coversations

Sharing is caring:

Like this:

The Significance of SIEM in Cybersecurity

Friends and Foes?

Microsoft’s Leadership with Sentinel

Strengths:

Best Fit for Sentinel:

Splunk’s Data-Centric Excellence in SIEM

Strengths:

Best Fit

Conclusion

Sharing is caring:

Like this:

What is Hyper Shield?

How Hyper Shield is different.

Innovation from within

Read more from Cisco

Sharing is caring:

Like this:

Unification and Choice

What about AI?

The competition?

More information

Sharing is caring:

Like this:

What Does Copilot for Security Do?

Copilot for Security in Action

A year in readiness.

Just like Copilot for Microsoft 365 – Adoption and Training is Key

The Pros Microsoft Copilot for Security

Things to be aware of at launch

New Features at Launch

Which Organisations benefit most?

Pricing from $4 per hour

Sharing is caring:

Like this:

Firewalls first – more later

How AI Assistant for Security is different to Microsoft Security Copilot?

A better together story?

Closing Thoughts

Read more

Sharing is caring: