Microsoft is rolling out its usual slew of cloud security features and services at this week’s Ignite 2022 conference, with a focus on what’s happening inside and outside the firewall.
The Redmond-based giant targets identity management, threat detection and building security into applications earlier in the development process. Protection from sensitive information shared by teams is also an issue, according to the show briefing, although some of the newly announced security features have been previewed with Redmond Microsoft 365 E5 license users.
All of these announcements form the core of Microsoft’s strategy to address the ever-expanding decentralized nature of enterprise environments, from on-prem to cloud (and multi-cloud) to edge.
Microsoft is working to create a cloud security strategy where the products and services are grouped into six families, from Defender (for anti-malware) and Sentinel (security information and event management or SIEM) to Purview (privacy), Priva (privacy management), Intune (mobile device and app management) and Entra (identity and access management or IAM).
Security in the DevOps lifecycle
At Ignite, Microsoft is introducing Defender for DevOps, aimed at security teams who want the ability to manage security throughout the development lifecycle to reduce software vulnerabilities and avoid cloud misconfigurations that can expose organizations to attacks.
At the same time, developers are being pushed to adopt a shift-left mentality, tackling testing and performance earlier in the development cycle to root out bugs and other issues before the software goes into production. The goal of Defender for DevOps is to give security a more prominent role in the development process.
“Too often, cybersecurity and development teams within organizations work completely separately,” writes Vasu Jakkal, vice president of security, compliance, identity, management and privacy at Micorosft. “As more and more attackers exploit vulnerabilities in the code itself, building security in from the start is critical.”
Additionally, the company announces the public preview of Defender Cloud Security Posture Management, which offers agentless scanning to drive real-time security assessments in enterprise cloud environments. It also integrates insights from Defender for DevOps, Defender External Attack Surface Management, and other workload protection products to give security professionals a faster way to identify risks in cloud resources.
The dangers within
Microsoft also addresses insider threats with the release of Purview Information Protection for Adobe Document Cloud, which Jakkal writes and merges native classification and labeling with Acrobat to secure PDFs. And there’s the public preview of new data loss prevention capabilities, including granular policy management and contextual evidence of policy compliance on endpoints—aimed at preventing sensitive data from being shared or transmitted without authorization.
Insider risk is a costly problem for companies, Jakkal says, citing a study the software conducted that found companies have an average of 20 insider incidents per year. Additionally, 40 percent of these companies said each of the incidents cost them $500,000 or more.
Protecting everything and everyone isn’t just about outside threats. Organizations also need inside-out protection. A Microsoft study of insider risk found that organizations report an average of 20 data security incidents per year, 40 percent of which cost $500,000 or more per incident.
Also announced at the show is the public preview of Entra Identity Governance.
Microsoft has already worked to develop converged identity governance and access management offerings, and Entra Identity Governance addresses both on-premises and cloud-based user directories and manages lifecycle workflows to automate repetitive tasks and separate permissions management tasks.
Microsoft is also focusing on Security Operations Centers (SOCs) with advanced capabilities to detect and respond to threats faster.
Redmond introduces public preview of Automatic Attack Disconnect in Microsoft 365 Defender, which correlates trillions of signals across endpoints, emails, documents, cloud apps, and identities to find attacks like ransomware and financial fraud that are in progress and which provides automation that is more responsive.
“Once an attack is detected in the environment, affected assets such as compromised identities and endpoints are automatically isolated,” Jakkal writes, adding that the new feature “limits lateral movement and reduces the overall impact of an attack while the SOC team monitors the.” Maintains control to investigate, fix, and bring assets back online.” ®
https://www.theregister.com/2022/10/12/microsoft_ignite_security/ Microsoft tries to stimulate interest in DevOps cloud security • The Register