Microsoft Offers Threat Detection Technology for Overworked Security Teams

Threat detection technology is one of several security announcements from Microsoft during day one of its Ignite 2018 conference.

Jeffrey Burt

September 25, 2018

5 Min Read
biometric security

Microsoft is integrating threat detection technology and automated remediation capabilities for everything from email to PCs to infrastructure to create a single cybersecurity experience in its Microsoft 365 subscription services, a move that comes understaffed and overworked security teams try to address the rapidly expanding and evolving threat landscape.

The software giant’s Microsoft Threat Protection offering was among a number of security programs and services announced Sept. 24 during the first day of the company’s Ignite 2018 event in Orlando, Fla. Others addressed such issues as Microsoft’s ongoing push to do away with passwords, greater security in public cloud environments and protecting data regardless of where it resides.

There already is a yawning shortage of skilled cybersecurity professionals and that figure could reach as high as 3.5 million by 2021, which means organizations that already are struggling to find help in this crucial area are going to find the problem become even larger in the coming years. Add in the changing landscape – with more data moving into the public cloud and applications and data being accessed and generated at the edge, outside of traditional enterprise security environments – and the growing sophistication and speed of modern cybercriminals, and it’s not surprising that companies are having trouble keeping up with the gathering security threats.

Threat detection technology like Microsoft Threat Protection aim to automating steps in the process and using artificial intelligence (AI) capabilities to more quickly detect and eliminate threats, which takes some of the burden from security teams. Microsoft’s reach from the office workspace to the core data center and public cloud gives the software maker a broad presence that many other vendors don’t have.

“Cybersecurity is the central challenge of our digital age,” Rob Lefferts, corporate vice president of security at Microsoft, wrote in a company blog post. “Without it, everything from our personal email accounts and privacy to the way we do business, and all types of critical infrastructure, are under threat. As attackers evolve, staying ahead of these threats is getting harder.”

The goal of Microsoft Threat Protection, which will be put into the Office 365 administration console, is to give organizations a single solution that can automatically protect the bulk of their environments, including documents and identities, by detecting threats, remediating the impacts and defend against new and evolving threats, according to company officials.

Microsoft’s Lefferts said the effort will connect the company’s cloud intelligence with its threat detection technology, which he said will “stem a mass outbreak or find a needle in a haystack.” Microsoft officials said the company has more than 3,500 full-time security professionals who leverage AI tools to analyze more than 6.5 trillion global signals a day.

“To help security operations professionals benefit from our experience, we created a community where our researchers and others from the industry can share advanced queries to hunt attackers and new threats, giving us all more insight and better protection,” he wrote.

Microsoft officials at Ignite also are pushing forward on their goal of creating a world without passwords. The company has been vocal in its desire to move beyond passwords as an authentication method for logging onto Windows devices, saying they are highly insecure and a crucial weak link in a company’s security posture. Officials instead have promoted other options, including multi-factor authentication and biometrics – a user’s face or fingerprint, for example – for logging on.

In a blog post in May, Karanbir Singh, principal program manager of enterprise and security at Microsoft, outlined multiple steps the company is taking to take passwords out of the equation, including Windows Hello biometric log-in, which he said is now being used by more than 47 million users, and Windows Hello for Business, which is being used in more than a million commercial devices by more than 5,000 businesses. Singh also noted the Microsoft Authenticator app, which enables users to access their Microsoft account on a smartphone.

At Ignite, company officials said that customers can now access Azure Active Directory-connected apps through Microsoft Authenticator, replacing passwords with multi-factor sign-in that combines the smartphone and fingerprint, face or PIN.

“Using a multi-factor sign-in method, you can reduce compromise by 99.9 percent, and you can make the user experience simpler by eliminating passwords,” Lefferts wrote. “No company lets enterprises eliminate more passwords than Microsoft. Today, we are declaring an end to the era of passwords.”

Other security news from Ignite includes:

  • Microsoft is offering customers a way of evaluating their cybersecurity posture. The company has been offering Microsoft Secure Score, an enterprise report card for cybersecurity that offers steps for such tasks as securing administrative and user accounts with multi-factor authentication and turning off client-side forwarding rules. Now the product is being expanded to cover all of Microsoft 365, and Microsoft is rolling out Secure Score for hybrid cloud workloads in the Azure Security Center.

  • Microsoft will offer its Azure confidential computing technology for public preview next month in its new DC series of Azure virtual machines. The new system will be backed by Intel’s SGX (Software Guard Extensions) chipsets, which enable users to trusted execution environments.

  • Building on the Microsoft Information Protection solutions announced last year for automatically discovering, classifying, labeling and protecting data, the company is now rolling out a unified labeling capability in the Security and Compliance center. In addition, Microsoft is previewing labeling capabilities built into Office apps and extending labeling and protection to PDF documents. Also now generally available is the Microsoft Information Protection software-development kit (SDK) for third-party developers who want to build apps that can work with Microsoft’s labeling technologies.

  • Microsoft also is leveraging partnerships with such technologies as the Microsoft Graph Security API, a standard interface that enables partners to integrate security alerts and simplify security automation in their products.

About the Author(s)

Jeffrey Burt

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like