Microsoft is shifting to an operational focus and creating a security graph to help address the alarming new threat landscape and the rise of cloud computing.
Ever since Microsoft founder Bill Gates delivered his famous Trustworthy Computing manifesto, security has remained a focal point with every product the company released while maintaining an important role in every major public presentation ranging from technology to policy. Nearly 14 years after the Trustworthy Computing imperative — one of Gates’ most eminent decrees — Microsoft’s current CEO Satya Nadella decided it had become so deeply entrenched in Microsoft’s DNA that it was time to recast Redmond’s focus on security.
While Trustworthy Computing hasn’t gone away, Nadella last summer moved the autonomous organization into the new Cloud and Enterprise Group. Along with a number of key acquisitions since late 2014, the moves set the stage for Microsoft’s “new approach” to security, which Nadella rolled out in the keynote address at the Government Cloud Forum in Washington, D.C., in November, the week before Thanksgiving.
Noting a threat landscape that has worsened at an alarming pace year after year since Trustworthy Computing arrived in 2002, Nadella determined it was time to reset Microsoft’s security strategy. In his speech he noted despite the progress Microsoft and the IT industry has made in delivering more secure solutions, the number and sophistication of attackers continue to get worse, harder to predict and often compromises lay dormant for months undetected. That’s why Microsoft has to give systems and security and systems managers better resources to detect them and protect their organizations.
Nadella pointed to a staggering 160 million data records that were compromised from just the eight worst attacks last year alone. It can take on average 229 days for IT to know its systems were breached before they can respond, and often the damage already is done before a latent intrusion is detected. “The cost of all of this in terms of lost productivity and lost growth really adds up,” Nadella said. “It’s estimated that it’s something like $3 trillion. Now, in a global economy that is challenged for growth, this is really a huge issue for all of us collectively.”
The world has changed enormously, as well, since Trustworthy Computing, Nadella has concluded. Perimeters are gone and individuals, infrastructures and organizations are connected — from sensors and mobile devices to the rise of infrastructure and platform cloud services and the delivery of applications as mobile apps and Software-as-a-Service (SaaS) solutions.
“With this changing environment it’s no longer just about our code and the threat modeling and the testing, but it is in fact about the operational security posture that we have in this constantly evolving environment, this constantly under-attack environment,” Nadella said. “The operational security posture to me is where it all starts. It’s like going to the gym every morning. Every hour of the day you need to be prepared. And so that means you have to exercise this operational security posture in a continuous basis.”
Nadella emphasized that the tools to protect, detect and respond to threats have existed for many years. The seeds for this were planted more than a year ago as Microsoft combined Intune, Azure Rights Management and Azure Active Directory Premium into its Enterprise Mobility Suite and the company doubled down on technologies such as authentication and identity management. “What is new is that posture,” Nadella said.
Microsoft’s new world order when it comes to security is that it must be front and center with the core systems management process and that administrators and engineers must be able to utilize the new intelligence available to them. What Microsoft is trying to build, he said, is an “intelligent security graph” that brings together virtually all of the company’s security intelligence from streams throughout Microsoft, its customers, partners and security operations centers throughout the world in real time and that of select partners tied into that graph.
Microsoft Chief Information Security Officer (CISO) Bret Arsenault elaborated on Microsoft’s new security approach in a post following Nadella’s speech. “While security has always been a focus for Microsoft, we recognize that the digital world in which we live requires a new approach to how we Protect, Detect and Respond to security threats,” Arsenault wrote. “We must better Protect all endpoints — from sensors and datacenters to identities and SaaS applications. We must move faster to Detect threats using the scale and intelligence of the cloud, machine learning and behavioral monitoring. We must Respond more quickly and comprehensively, and empower our customers with insights that are actionable and holistic.”
Building the Security Graph
Arsenault explained the concept of the security graph. “Microsoft’s unique insights into the threat landscape, informed by trillions of signals from billions of sources, create an intelligent security graph that we use to inform how we protect all endpoints, better detect attacks and accelerate our response. The intelligent security graph is powered by inputs we receive across our endpoints, consumer services, commercial services and on-premises technologies — and uniquely positions us to better protect our customers and their data.”
To enable the delivery of Microsoft’s new emphasis on operational security management, the company launched the Enterprise Cybersecurity Group (ECG), charged with delivering this new approach with security solutions from the company and its partners. Microsoft also launched a new Cyber Defense Operations Center, a 24×7 facility that Arsenault said has direct access to thousands of security professionals, data analysts, engineers, developers and operations specialists throughout the company, as well as with partners, customers and government experts. The center is charged with providing rapid response and resolution to all threats, he added.
In cases where the operations center needs to respond to criminal incidents, it works closely with the Microsoft Digital Crimes Unit, the company’s elaborate facility that houses its own security operations center to detect global threats, along with malware and forensics labs.Azure Security Center
The key new deliverable from Microsoft’s “new approach” to security is the Azure Security Center. Announced by Nadella in his speech, the company last month released a preview of the service and is expected to roll it and other new capabilities out this year. The Azure Security Center (see Figure 1) will be accessible to any of its public cloud customers via the Azure Portal.
The Azure Security Center will provide security monitoring and policy management across all Microsoft Azure subscriptions and provide both visibility and control over security issues taking in data streams from the Cyber Crime Operations Center, Microsoft’s new Advanced Threat Analytics tool released late last year, as well as letting customers tap into intelligence information from select ecosystem partners. The first such partners include Barracuda Networks Inc., Checkpoint Software Technologies Ltd., Cisco Systems Inc., CloudFlare Inc., F5 Networks Inc., Fortinet Inc., Imperva Inc. and Trend Micro Inc.