ByAndre Alfred, VP Azure Security, and Jamie Blair Principal PM Manager, Azure Security Governance
In thefirst blogof our series onAzure Security, we discussed our approach to tackling cloud vulnerabilities. Oursecond bloghighlighted our use of variant hunting to detect patterns and enhance security across our services. Thethird blogin the series introduced game-changing architecture to improvebuilt-in security. In this installment, we share our integrated response strategy which provides a continuous learning model, leveraging big data, to improve response, detections, preventative controls, and governance to measure and improve effectiveness.
Azure Security’s “Integrated Response” is the function of incorporating security risk mitigation strategies into a durable security program, seamlessly coordinating across federated security functions to learn, share, and adapt effective strategies to address top risks and threats at hyper-scale. As new threats and security risks emerge from a variety of sources, we address them by evaluating root causes and developing security controls as a learning feedback system. Our learnings from proactive and reactive analysis turn into product updates and threat intelligence enhancements in our security products.
To maintain trust and accelerate response timelines, our closed-loop feedback cycle incorporates both internal and external risk drivers to improve each stage of our security response pipeline. Regularly reviewing security incidents is key to our ability to continuously improve our agility and response time to mitigate security risks for our customers. Each of our institutional processes, such as the Security LiveSite Review (SLR), Security Health Reviews (SHR), and our Security Operation Reviews (SOR) highlight and prioritize opportunities for improvement at all levels of Azure’s engineering organizations. Let’s dive into what each of these phases means and how they connect to each other.