I spent the week at RSA with an incredible group of customers, industry partners, and lots of great people from the Microsoft security and identity teams. RSA is one of the pre-eminent security conferences, and I always love walking the (seemingly ever-expanding) show floor to see the great stuff the industry is coming up with, talking strategy with analysts, and hearing from the many amazing CISOs who are holding the fort for their companies.
It was a great week for the Identity team – we all had a chance to interact with present and prospective customers and partners. Here are some of my take-aways from the event:
1 . Zero Trust is top-of-mind for security professionals!
Microsoft’s Identity Security and Protection team builds the tech that intercepts and disrupts almost 400M criminal login attempts daily – around 12 billion a month, up more than an order of magnitude from a few years ago! At RSA, I had a chance to meet with fellow defenders responsible for fighting this rising tide for their own organizations. Back in December, I had blogged about Identity’s pivotal role in Zero Trust. At RSA, I had a chance to carry forward that discussion. It was great hearing from customers who had eliminated their traditional network and VPN approach and embraced digital transformation, and were using all the signals and control points from endpoints, authentication, and apps to massively enhance security *and* productivity in their organizations. Great security extends the horizon of productivity.
We also had a blast presenting some of the latest strides we’ve made in this space. We’re giving you more and more tools to manage security in your transformation - Read on!
A unified security operations portal across your hybrid identities
At Ignite we announced work we are doing to help identity and security professionals integrate Azure AD Identity Protection’s cloud auth signals and Azure ATP’s view of on prem risks. This is key to identify and mitigate risks from targeted identities and detect and arrest lateral movement within your on-premises infrastructure. At RSA, we were psyched to announce the preview of even more cool capabilities:
- A unified SecOps portal that brings together identity security signals from across the Microsoft 365 suite with the aim of consolidating user insights into a single pane of glass – check out https://aka.ms/unifiedsecops to learn more!
- An investigation priority score that helps you prioritize your remediation backlog by providing you with visibility into users that could pose the greatest risk to your organization should they be compromised. To get started, visit https://aka.ms/investigationpriority now!
More powerful CASB powered in-session controls in Azure AD conditional access and signals in Azure AD Identity Protection
Azure AD Conditional Access is a great tool for determining the conditions in which sessions will be granted and controlling behavior of the session itself. One great example of this is using Azure AD Conditional Access to require Microsoft Cloud App Security. In order to help conditional access admins to make the most out of the session controls that Microsoft Cloud App Security enables within Azure AD, we’ve added the ability to configure Microsoft Cloud App Security session policies directly in Azure AD conditional access including:
- Monitor only - where sessions will be monitored for in-session activities
- Block download - based on conditions including compliant device and partner access and,
- Custom policies – to limit actions such as download based on the sensitivity of data
We also announced the private preview of Microsoft Cloud App Security (MCAS) signals integration into Identity Protection. This integrates MCAS risk signals with Identity Protection to give IT admins a more complete view of risk when they are investigating users and sign-ins.
To learn more about these advancements, please visit the MCAS RSA blog.
Public preview of Azure Sentinel
Azure Sentinel is our new cloud-native solution that reimagines what a SIEM can provide for security analytics. Azure Sentinel aggregates security data across your enterprise to provide machine learning powered detection capabilities, hunting to preempt attacks, automation of threat response, and robust visualization.
The great news for the Identity community is that Azure AD integrates with Azure Sentinel out-of-the-box, providing:
- Native integration of Azure AD Identity Protection, Azure AD audit logs, and Azure AD sign-in logs, in addition to other Microsoft services and third-party data sources via API or agent with built-in dashboards for Azure AD sign-ins and audit logs to spot anomalies over time;
- Configurable automated threat responses for identity risks using security playbooks, enabling IT admins to leverage Azure Log Apps to set pre-defined criteria to automatically respond to threats. For example, you can set an alert to be automatically sent to a Teams channel when a risky sign-in is detected
- Visualization of events and alerts over time and potential malicious events (such as traffic from known malicious IP addresses), giving IT admins an at a glance view at their security status
To learn more, go to https://aka.ms/azuresentinel
2. Customers want to overcome the challenge of having multiple disconnected security solutions
One of the big challenges in security today is that the sheer number of solutions in the typical enterprise IT environment. One customer I spoke to had over 60 security solutions (believe it or not, this is pretty common). They said that these solutions do not integrate well and talk to each other – gaps which open up security vulnerabilities of their own. Upgrades and maintenance of multiple solutions are expensive and present even more opportunities to expose vulnerabilities. Many of our customers are struggling to figure out how many of those solutions are really helping and looking to simplify their environments.
Using great industry standards like SCIM 2.0, Identity can be a powerful tool to integrate your controls – here’s an example of how we are working with our rich partner ecosystem to help secure identities.
Azure AD integration with Zscaler
I’m excited to announce our integration with Zscaler! With both Azure AD and Zscaler supporting the SCIM 2.0 standard, you can use the Azure AD provisioning service to automate the lifecycle of user and group accounts, giving you a more secure and scalable way to allow user access to Zscaler applications.
To learn more, visit our blog.
3. Customers have an eye out for the next BIG thing in Identity!
Better security? Empowered users? Yes please!
We are continuing our drive to eliminate passwords, as captured in my last blog on passwordless auth progress – and it seems y’all are watching every step of the way! I heard a ton of enthusiasm and eagerness for phone app sign in, and in an important step forward the WebAuthN part of FIDO2 ratified on Monday – learn more about the FIDO2 standard at the FIDO site, and check out the W3C WebAuthN recommendation!
I chatted with several identity leaders and influencers about the potential decentralized identity has to - as Pam and Preeti put it in their excellent talk Thursday morning - change the way we think about identity for decades to come!
Privacy, empowerment, and agency are key aspects of a good identity system, and through Pam and Preeti the Identity team had the privilege of sharing the latest in Decentralized Identity thinking and mechanisms. As a distributed ledger without a central authority, Blockchain can be used to durably and transparently anchor trust for digital identities. The talk showed some great scenarios that bring the kind of empowerment your expect from your non-digital transactions into your digital life - agency over your identity which aims to keep you firmly in control of your own data, who gets to see it, and what they get to do with it. It’s an exciting peek into the future of digital identities and being able to use open standards and privacy-respecting tools for verifying claims and securing transactions.
See more on what was presented in this session here - https://published-prd.lanyonevents.com/published/rsaus19/sessionsFiles/13674/IDY-R03-Decentralized-I...
Lots of fun stuff for you to check out – stay safe!