First published on CloudBlogs on Oct 04, 2016
A couple months ago you may have seen an announcement from our partner Lookout about the work we have been doing together. The news was really exciting, but I wanted to wait until the code was done and generally available to provide a view of what we’re doing together and why we are so excited about this partnership. That time is finally here ! During the time we spent solidifying this partnership with Lookout, our companies spoke to a lot of organizations who emphasized that this integrated offering is exactly what they needed to address their enterprise mobile requirements – e.g. a solution that gives their employees the flexibility they need to be productive on their mobile devices, yet provides the organization with security and peace of mind that their enterprise assets are secure.
A couple months ago you may have seen an announcement from our partner Lookout about the work we have been doing together. The news was really exciting, but I wanted to wait until the code was done and generally available to provide a view of what we’re doing together and why we are so excited about this partnership. That time is finally here ! During the time we spent solidifying this partnership with Lookout, our companies spoke to a lot of organizations who emphasized that this integrated offering is exactly what they needed to address their enterprise mobile requirements – e.g. a solution that gives their employees the flexibility they need to be productive on their mobile devices, yet provides the organization with security and peace of mind that their enterprise assets are secure.
This partnership is great because it is great for our customers.
The thing I think is most valuable about this partnership is how the capabilities of Enterprise Mobility + Security (EMS) and Lookout are incredibly complimentary: Lookout has a rich knowledge of the security and compliance concerns on iOS and Android, and EMS has the rich solution for managing access to and protecting corporate assets . This partnership also integrates our cloud services so that EMS can govern access to corporate resources based on the risk analysis Lookout has identified on every device. This is really impressive functionality for end users. I have really enjoyed getting to know the Lookout team and working closely with their leaders to develop ways for both of our technologies to work together to provide additional layers of security and protection for the corporate apps/data accessed by mobile devices.What Impressed Me Most About Lookout
The first thing that really impressed me about Lookout was the sheer number of iOS and Android devices constantly sending telemetry back to the Lookout Security Cloud – a grand total surpassing 100M mobile devices ! Lookout has by far the largest and most up-to-date dataset of what’s happening in security and compliance for iOS and Android. They analyze more than 30 M iOS and Android apps , as well as over 90k new apps every day . Lookout has built a product that tens of millions of consumers around the world already use and love. With this massive dataset of intelligence, Lookout conducts complex correlations, predicts future risk, and identifies threats that would otherwise evade legacy systems. This type of performance would not be possible without Lookout’s massive global consumer footprint. If you also believe, like we do, that “data is the new currency” – then Lookout has the data that matters here (and more of it than anyone else). Their base of users is also growing rapidly – for example, if you opted for the packaged protection services from your wireless provider when you bought your current phone, then you might already be using Lookout. Lookout’s unique approach to solving the challenges of mobile security relies directly on having data on the majority of code in the mobile app ecosystem. Lookout’s service scans apps submitted to some of the international app stores before those apps are even approved for distribution. This means they actually get to see the code (and some of the attacks and threats!) before anyone else in the world. Their data set is bigger – and they have it earlier – than anyone else. The way that Lookout uses machine learning and intelligence to identify malware and predict the actions of the makers of the malware is ingenious . The malware space (in general) is a place where machines have to be used in the battle of good vs. bad to keep up with the rate of change – after all, the bad guys use machines to constantly morph their malware. To analyze over 70,000 apps a day, machines have to do the bulk of the work just to keep up – but the it’s the nature of the analysis that Lookout does here that sets them apart. First, Lookout uses sophisticated static and behavioral analysis to identify malware or potentially unwanted apps – but that kind of functionality is just table stakes in today’s fight against the bad guys. To catch the really determined and sophisticated attackers, Lookout has built a set of capabilities which compares the app they are analyzing to all the apps they have analyzed previously to look for the tell-tale signals of malware. This analysis compares signatures, behavior, and all the analysis artifacts Lookout has gathered – all the way down to the binary code. This is a process they call “app genome sequencing.” What this means is that Lookout can essentially use their analysis of known threats from known attackers to predict new, never-before-seen threats . This is the same technology that enables their anti-malware to take a novel approach: Going beyond using just signatures (like nearly every other security vendor), and adding in behavioral analysis and predictive intelligence. Pretty incredible. What really blew me away, however, was when the Lookout team showed me a report pulled from their telemetry identifying all the consumer devices reporting back to their service from the Microsoft networks. Sitting there on the table in front of me was a detailed list of every iOS and Android device used on our networks – along with a report covering each of the apps, risks, and threats Lookout had identified. Just wow! If you want to go a lot deeper on what I’ve described here, check out this white paper .The Microsoft Intelligent Security Graph – the Value of Data
When it comes to helping you protect and secure your organization, the value of data cannot be overstated . The sophisticated attacks we’re all seeing in the news are very hard to identify and block – but all of the leave tracks. The challenge is that these tracks are nearly impossible to find because they’re spread across tons of different log files – and most organizations simply do not have the ability to correlate these logs and look for the patterns that identify who’s being attacked, what the attackers are doing, where they’re spreading, and what the risk is to you and your customers. We are all swimming (OK – drowning ) in data. The only way to identify the signals that matter – and find the patterns that assist you in protecting your organization – is for machines to do that. Over the past couple of years, we have quietly been working on something incredible here at Microsoft – something that pulls together all of the telemetry and signal that comes in from the 100’s of cloud services that we operate. We call this the Microsoft Intelligent Security Graph . Consider for a moment all of the signal that comes into Microsoft:- Every month we update more than 1B PCs around the globe through Windows Update.
- Each month we also service more than 450B authentications across our consumer and enterprise service. We can see different attacks being waged at identities.
- We analyze more than 200B e-mails each month for malware and malicious web sites – and all of that signal goes into the graph.
The Industry-first Scenarios EMS + Lookout Deliver Together
Here’s How the Integration Works:- Allow access from devices to corporate e-mail only if the risk score is “Secured” or “Low.”
- Not synchronize corporate files to a device if its risk score is “High.”
- Not allow access to any corporate assets if Lookout’s app is not running on the device and/or properly reporting device health. It will then automatically guide users to download and activate Lookout’s app.
- Enforce a policy to deny access for a specific group of business critical apps when devices are not compliant to Lookout. General purpose LoB apps, however, would not be restricted.
- Selectively allow access to a primary collection of apps regardless of risk, while restricting access to a secondary list of apps when risk score is “Secured” or “Low.”
- Receive alerts when “High” risk devices are detected in their environments.
- Automatically trigger Lookout’s self-remediation flow when devices are non-compliant or “High” risk to then block from accessing corporate resources.
- Retire or wipe a device when it becomes “High” risk.
- The service integration here is seamless to our enterprise customers leveraging the assets of EMS to enable unified device and user (both end-user and IT Professional) identity through Azure Active Directory.
Enterprise Mobility Has to be Holistic
One of the fundamental beliefs we have at Microsoft is that you have to think holistically as you plan for and build out enterprise platforms and strategies. This isn’t just a compelling abstract concept or a thoughtful collection of IT buzzwords – this is a foundational part of how the new technology landscape has to operate in order to survive in our attack-prone modern era. In the case of enterprise mobility, start by understanding how you want to deliver the iconic and empowering work environment your end users want. Then use this model to examine every detail of how you manage and protect the corporate assets being accessed and used. The work that we have been doing for the past several years to deliver engineered solutions that support the needs of IT and end users (and deliver both these things in a holistic way!) is unique in the market. The knowledge that Lookout brings into our Enterprise Mobility platform strengthens this platform and gives customers a great new arsenal of protection and control.Published Sep 08, 2018
Version 1.0Brad Anderson
Iron Contributor
Joined September 06, 2018
Security, Compliance, and Identity Blog
Follow this blog board to get notified when there's new activity