Security for the modern enterprise
During Microsoft’s CTE event in Singapore, Chief Cybersecurity Officer for Microsoft’s Enterprise Cybersecurity Group, Michael Montoya, shared about Microsoft’s own journey towards becoming more secure.
Unsurprisingly perhaps, Microsoft is one of the most attempted hacked environments by cybercriminals, what with its operating system software powering millions if not billions of devices all around the world.
Montoya said, “My primary job is to work with the industry to understand how to build the modern enterprise… But how is Microsoft securing its own environment?”
The average enterprise has to manage 140 point solutions, all likely bolted on, so how do they embed security into everything that they do?
Montoya shared that Microsoft used to have to manage 150 point security solutions. “We are down to 70 now, but our goal is to reach 40 solution stacks.”
One of the first things Microsoft did to streamline their solutions, was remove some third-party solutions and then beef up their own capabilities.
“For example, data – there was no solution that was meeting our data loss prevention (DLP) needs, so we acquired capabilities like identity access and more in areas where there were gaps,” said Montoya.
What can Microsoft employees and business partners look forward to within the next 12 months?
For one, there wouldn’t be further usage of passwords. Facial recognition would be the way to go for Microsofties moving forward and this would be enabled for all endpoint machines and devices.
Montoya also shared about DLP and auto-classification of files being enabled, internally within the organisation.
Other learnings, approaches
Nation states are proving themselves to be the most sophisticated of threat actors.
In their pursuit of mission-critical state and defense information, likely no expense or resource is spared, and very little can get in the way of their very deep pockets and powerful political motivations, except perhaps another nation state.
Montoya noted that cyber criminals are beginning to adopt practices of these nation state hackers. For example, the WannaCry ransomware had elements of code and artifacts of the NSA in it, said Montoya.
Security professionals and companies also have to acknowledge the following if they haven’t already – 77-percent of intrusions begin with phishing, and this is expected to increase to 90-percent.
“The reason this is so impactful is because, it makes you and I, the last line of defense.”
And it’s for this reason, security solutions and technologies have their role to play.
Montoya explained, “If you don’t have auto-detection, antivirus, a security infrastructure… there is no way the human eye can catch things that malware are doing.”
He also pointed out that sadly, 90-percent of breaches are related to common vulnerabilities that are over a year old.
The reason why these vulnerabilities are still being used by cybercriminals to intrude into systems, is because systems still have not been patched.
The Microsoft approach?
Microsoft assumes (it has been) breach(ed) all the time.
That means never really being able to rest on their laurels.
One useful way to address constant breach is to also accept that detection of bad code can come from external sources and not just internal systems. So, close cooperation with law enforcement, customers, CERTs and more, are vital.
Montoya said, “It is easy to detect the known. Trying to detect the unknown needs a wide array of data – indicators of attack like system process anomalies and indicators of compromise like attributions, which are then fed into an integrated platform.”
Attributions in this context are observed modes of behaviour, types of attacks, types of information stolen, types of motivations and so on. They are useful in helping businesses respond to threats.
Threat protection, one of four pillars of security products that Microsoft offers, is about gathering intelligence from these various sources and putting it through machine learning with big data protocols. This eventually is fed into all their other products which are hosted in their Azure cloud.
“Cyber security requires a blend of human expertise and technology – automation for containerisation and detection but humans for attributions and forensics,” said Montoya.
“Security governance should be structured to include the board of directors as part of the cybersecurity response plan, “ he also said, explaining that this included measures like understanding the risks an organisation faces, the diverse responses required when breaches happen, educating the BOD on user population awareness and establishing clear lines of accountability and responsibility for cybersecurity in the organisation.
Montoya concluded that 20 to 30-percent of cybersecurity roles are not filled or are filled with the wrong level of qualification.