Bamburgh was impregnable for centuries. Then in 1464 tech grew so sophisticated it became the 1st castle to fall to cannon fire. #MSIgnite pic.twitter.com/hiB1b0kiFK — Brad Anderson (@Anderson) September 26, 2016The giant hole punched in the side of Bamburgh showed the world a new way to operate, and technology surged to keep up – tech that was both offensive and defensive. Now kings and generals had to rethink the way they operated. Old, time-tested methods of keeping their citizens and soldiers safe no longer applied. The way an army was organized and mobilized had to change now that giant projectiles fell from the sky with unrelenting precision. And new professions and specializations sprung up in societies that had previously only required the brute strength necessary to lift a shield and march through the night. Today I want to talk about an era of technology that has moved past perimeters , that regularly operates beyond firewalls , which is almost always mobile , and which is taking advantage of the very best technology to act offensively and support of productivity and defensively on behalf of your organization’s data.
the MSFT Intelligent Sec. Graph aggregates & correlates data from 100’s of cloud services, +1B PCs, 450B log ins, & 200B emails. #MSIgnite pic.twitter.com/n1TreGBcYp — Brad Anderson (@Anderson) September 26, 2016All told we receive trillions of pieces of data from billions of devices every month through our cloud services, our extensive research, and our partnership with industry and law enforcement through our Digital Crime Units and Cybersecurity Defense Operations Center. All of this goes into the Intelligent Security Graph. No other organization (or combination of organizations) has this much data – and we are putting it all to work for you . We want you to have a uniquely powerful perspective on the attack vectors of your incoming threats, insight on how they are evolving, and the power to correctly respond and protect yourself. We feed signal into the Graph from our core solutions like Windows, Office 365, Azure, and Enterprise Mobility + Security – and then we take what we learn and feed it back through those same tools to enable an empowering work environment (that end users love!) that is also incredibly secure (which IT loves!). As Satya noted last year , Microsoft is the biggest security company you’ve never heard of – and the breadth and strength of our security platform is the proof. As a company, we spend over $1B each year on security R&D – and we actively integrate our breakthroughs into the products and services you rely on every single day. It is awesome how often I meet with CIOs who tell me they are confident that Microsoft is able to provide levels of protection their own organizations cannot. This is a really important point I want to emphasize: Building a solution that delivers on the security and protection that IT needs (but also delights end-users) is not a trivial undertaking. We constantly ask ourselves, “What does it take for end-users to love a security solution?” The answer we’ve found is pretty simple: It means they don’t know it’s there because the security and protection has been seamlessly integrated into the way the users work.
MSFT invests >$1B in security every year. the breadth, strength, & funding of our security platform is proof. #MSIgnite pic.twitter.com/ZOgcn5lF8b — Brad Anderson (@Anderson) September 26, 2016One of the key things we have learned is that to deliver a seamless experience that is loved by both IT and end-users, it has to be engineering in from the beginning. This is why what we’ve been building is engineered from the ground up to delight both IT and the end-user. Today at Ignite, I spoke in depth about some of our newest innovations and the end-to-end scenarios you can use right now – and this post will touch on each of those points I covered. We have been building these end-to-end scenarios for a number of years in what I would call a “One Microsoft” manner. One of the things I hear from tech leaders in almost every conversation I have is just how different the Microsoft of today is compared to the Microsoft of just a couple of years ago. I can tell you from the inside that the level of collaboration and the focus for building seamless end-to-end scenarios is like nothing else I have ever seen before.
As sophisticated as modern attackers can be, it’s the simplest attacks that still do incredible damage. For those of you who have ever engaged in a test phishing attack against your own organization, you know that a deeply disturbing number of people fall for it every time . From our own research, we know that 23% of your people will open an e-mail sent from an attacker. With this in mind, we all understand how effective a simple phishing attack can be, and we know that, once someone does fall for it, the attackers immediately have valid usernames, passwords, and can start accessing your information without restraint. Once they’re in your network, the attackers then move laterally and look for privileged accounts to escalate the attack and do more even more damage. All of this would be terrible enough if it happened over a weekend – but, on average, a breach lasts 226 days before being discovered, and it can take up to 80 days to contain it. But even once that is done, then comes the process of determining the impact of the breach. This kind of longevity is only possible because the attackers are often authenticating using valid user accounts, and their tracks are exceptionally hard to find. This scenario is very dangerous for all of us. This is something we can actively address with the combination of the intelligence that comes from the signals/insights we collect and feed through our platform, as well as modern security technologies (e.g. Credential Guard with Windows 10) that help you stop potentially compromised identities from accessing data or moving laterally through your organization. We do this by using the vast computing power of the cloud to gather and process key insights about your users’ work behavior and, when unusual or suspicious behavior is detected, take action immediately.
in a workplace that's mobile & cloud-centric, it's identity that unlocks access to data -- whether it's behind a firewall or in the cloud. pic.twitter.com/2xOf6pKAwQ— Brad Anderson (@Anderson) September 26, 2016
today's first wave of demos stretched 15 minutes. here's everything we showed that was new. pretty impressive. #MSIgnite pic.twitter.com/aMnMScYeiJ — Brad Anderson (@Anderson) September 26, 2016Looking back at the 5 Questions I asked earlier, the elements demoed in this part of the session effectively answered:
As we think about the users we are trying to enable and guide, we have to take into account their different needs and also the different intentions behind their actions. The majority of users are always trying to do the right thing – they want to be empowered and they understand the need to protect company assets. Then there are users who need to share large amounts of sensitive data internally and externally – these users appreciate guidance from IT as long as it is seamless and doesn’t require them to fundamentally change or slow down how they work. This means that IT needs a way to secure data that has moved into the cloud and/or SaaS apps that are being shared. This also leads to a greater focus on data lifecycle since data will travel across devices, outside of the network, and across users and corporations. All of this means IT will need data to become self-aware of its own sensitivity as well as guide its users to make good decisions with company assets . The appropriate policies and protection, including compliance and retention, need to be applied and travel with the data. Some data may need to be tracked and violations of policies will need to be logged, etc. There simply has to be multiple check points. There is also a third group of users that can’t be ignored: A small sliver of users have (unfortunately) malicious or ill intent. We need to acknowledge that these users exist and plan for their actions. We want to optimize our solutions to empower and delight the users who are all working with us to advance our organization, but we also need the capability to detect when something suspicious is happening and take action to protect our organizations, our partners and our customers.
IT wants to deliver a great work enviro w/ a few guardrails to help protect data. the challenges/dangers are real; check out this stat: pic.twitter.com/A3zxMtBWQT— Brad Anderson (@Anderson) September 26, 2016
today's second round of demos stretched 14 minutes. here's everything we showed that was new. wow! #MSIgnite pic.twitter.com/SMMN77OJNs — Brad Anderson (@Anderson) September 26, 2016Looking back at the 5 Questions I asked earlier, the elements demoed in this part of the session effective answered
I think I might become a cybercriminal, seems like a growth market. — Cʏʙᴇʀ Dʀ Pɪᴢᴢᴀ (@DrPizza) September 26, 2016These attackers are incredibly sophisticated and focused, and they relentlessly look for seams and weaknesses. In this modern threat era, Microsoft has been focused on two key elements of cybercrime: 1) Ensuring we have the signal and the capabilities to identify the attack patterns, and 2) Extending these capabilities across all of our offerings and the offerings of our partners. This approach allows us to look holistically across our ecosystem – instead of at individual products and services. This completeness is one of the greatest values we offer – but we certainly know we are not done.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.