Microsoft CEO Satya Nadella

Microsoft strengthens security tools for Azure, Office 365

Microsoft CEO Satya Nadella. (Source: Microsoft)

26 February 2016

Microsoft has enhanced the holistic agile security platform it touted last November with integrated insights obtained from the company’s intelligent security graph and tighter collaboration with industry partners. The changes highlight Microsoft’s current approach to enterprise security, which focuses on moving enterprises to cloud platforms to improve overall security.

The company announced security features for its cloud offerings, including Microsoft Azure, Office 365, and SharePoint Online. Along with enhanced security management and reporting capabilities, Microsoft integrated identity protection and threat visualisation tools to provide real-time insights and predictive intelligence.

“In the 100 days since Satya [Nadella, Microsoft CEO] discussed our newly invigorated approach to security, we’ve made some significant progress,” Bret Arsenault, the Microsoft CISO, wrote in the official Microsoft blog.

Enhanced intelligent security graph
Late last year, Nadella provided some clues on how Microsoft’s new enterprise security approach relied on insights from the intelligent security graph to speed up threat detection and protect customer data. The security graph, formed by “trillions of signals from billions of sources,” provide real-time insights to help IT detect and mitigate threats while providing actionable intelligence.

Arsenault introduced two new products, Azure Active Directory Identity Protection and Azure Security Center Advanced Threat Detection, to help enterprises move toward a “protect, detect, and response security posture.”

The Operations Management Suite taps into Microsoft global threat intelligence to alert administrators when firewall logs, Wire Data, and IIS logs indicate network activity between a server and a known malicious IP address. IT teams can visualise the attacks on an interactive map to find attack patterns.

The Azure Active Directory Identity Protection, available for public preview in early March, detects suspicious activities for end users and privileged identities arising from incidents like brute-force attacks, leaked credentials, sign-ins from unfamiliar locations, and infected devices. Based on the suspicious activity flagged, Identity Protection calculates a user risk severity score. IT administrators can define policies to automatically take actions based on the severity score and protect the identities from attack.

No Zero-days
Most attacks against enterprises do not bother with exploits targeting zero-day vulnerabilities since there are plenty of easier ways to steal user credentials and stroll right on to the network. The Identity Protection capability in Azure will help detect if credentials have been stolen and are being used in unexpected ways, such as logging into a system it has never accessed before.

Azure Active Directory already analyses more than 14 billion logins to identity 300,000 potentially compromised user authentications per day, the company said.

Microsoft also developed a new Advanced Threat Detection capability to analyse crash dump data received from more than a billion Windows machines globally and detect compromised systems. Since crashes are often the result of “failed exploitation attempts and brittle malware” the crash dumps can be a useful sign that something unexpected is happening on the endpoint.

Advanced Threat Detection is now part of Azure Security Center, which lets IT administrators collect crash events from virtual machines running in their Azure environments to find potential issues. Azure Security Center analyses the data and alerts the customer automatically if any of the virtual machines appear to have been compromised. Similar network and behavioural analytics capabilities have also been integrated into Azure Security Center.

These products “will improve our security signal, help us protect you and help you protect yourself,” Arsenault said.

Features of a secure platform
The other part of Nadella’s enterprise security vision focused on a secure platform, and Arsenault had several announcements on new security capabilities for Azure and Office 365. Microsoft Cloud App Security, which will let IT departments monitor and control SaaS applications like Box, Salesforce, ServiceNow, Ariba, and Office 365, will be generally available in April. Customer Lockbox for SharePoint Online and OneDrive for Business will be available around the same time. Azure Security Center will also feature a new next-generation firewall in the coming weeks.

Based on the technology from the Adallom acquisition, Cloud App Security will give Office 365 administrators advanced security management capabilities, such as security alerts for anomalous or suspicious behaviour and automatic cloud application discovery to analyse which external cloud services users are connecting to. IT will also be able to approve and revoke permissions to third-party applications that users are authorised to connect to the Office 365 environment.

IT administrators do not always know what other apps users are using, so being able to discover what applications are in use will help protect sensitive data from accidentally being exposed.

Microsoft introduced Customer Lockbox for Exchange Online back in December for those “very rare instances” when Microsoft engineers need to access a customer’s Exchange environment. Lockbox integrates customers into the approvals process for granting access to these engineers. Microsoft will expand Customer Lockbox to include SharePoint Online and OneDrive for Business, so IT administrators will have new approval rights and greater control over who can access the data being stored in Office 365.

Better reporting and audit
All the security enhancements require better reporting and audit capabilities, so Microsoft expanded security management in Azure Security Center. Instead of just having configuring a security policy for each Azure subscription, IT administrators can now configure a policy for a Resource Group in order to tailor policy to specific workloads. A new Power BI Dashboard lets IT staff look for trends and attack patterns in Azure by visualising, analysing, and filtering alerts and recommendations. And a revamped Security and Audit dashboard provides insights across the data centre regarding various security-related events, such as authentication, access control events, network activity, malware protections, and system updates.

Azure Security Center will analyse and identify customer deployments that would benefit from having a next-generation firewall. Customers would be able to provision the firewalls and use Azure Security Center to view and respond to security issues from one place. While Check Point vSEC is the only next-generation firewall currently available, the company plans to add Cisco and Fortinet next-gen firewalls, as well as Imperva SecureSphere and Imperva Incapsula Web application firewalls.

Microsoft is not trying to provide all the security capabilities for Azure and Office 365 applications on its own. Instead, it’s working with industry partners through the new Azure Security Center partner solutions so that enterprises can bring their own security products when moving to the cloud environment.

“No single company can solve the security challenges that our customers face today, which is why the security ecosystem, and all of our security partners, are key to our approach,” Arsenault said.



IDG News Service

Read More:

Leave a Reply

Back to Top ↑