Microsoft at RSA 2022: Envisioning the future of security

Like most of you, I was glad to see the 2022 RSA Conference return to its in-person roots after a two-year digital hiatus. This year’s event was a great success, drawing 26,000 attendees to three days of cutting-edge security sessions, tutorials, seminars, and special events at Moscone Center in San Francisco. The conference included more than 600 speakers and 400-plus exhibitors, along with hundreds of media representatives. Microsoft Security was on the ground, interacting with customers and security professionals at Microsoft’s 20-plus earned sessions, as well as showcasing new solutions like Microsoft Entra that help realize our goal of comprehensive security.

I was honored to give a keynote address (video courtesy of RSA Conference) on the future of cybersecurity, including a look at where technology and human expertise are headed, as well as why creating a more inclusive and diverse security workforce will be critical in our defense against evolving threats. Also addressing a subject that’s become more urgent with the growth of the decentralized enterprise, my colleague Bret Arsenault, Microsoft Corporate Vice President (CVP) and Chief Information Security Officer (CISO), gave a special presentation on managing Shadow IT. All in all, it was a fun, collegial, and productive five days. Let’s look at some of the highlights.

Figure 1. Vasu Jakkal gives the keynote address—Innovation, Ingenuity, and Inclusivity: The Future of Security is Now.

Microsoft Security Hub—you made it shine

Thanks to our guests and some hard work by our onsite team, the Microsoft pre-day event was a huge hit. We registered 430 attendees for this all-day event held on June 5, 2022, at Bespoke Event Center. Attendees were able to partake in Q&As with security experts about Zero Trust, threat intelligence, multicloud protection, risk management, and how Microsoft is re-envisioning the future of identity and access with Microsoft Entra.

I hosted Bret Arsenault in a fireside chat about navigating today’s security challenges and my colleague Joy Chik, CVP of Identity and Access, made a special presentation on Microsoft Entra and the trust fabric of identity.

Figure 2. CVP of Identity and Access Joy Chik speaks at the 2022 RSA Conference.

Attendees also enjoyed our immersive walkthrough art experience (and of course, the custom swag bar). Many guests took advantage of the reception to network with other security professionals and reconnect with old friends. It was great to see some familiar faces and share new insights with defenders across our community—a big thank you to everyone who joined us!

Figure 3. Attendes network at the Microsoft Security Hub.

Microsoft had a booth at the North Expo of RSA which showcased Microsoft comprehensive security solutions across our six product families: Microsoft Entra, Microsoft Endpoint Manager, Microsoft Defender, Microsoft Sentinel, Microsoft Purview, and Microsoft Priva. More than 7,300 people visited the Microsoft booth.

Figure 4. Microsoft Security booth at RSA Conference 2022.

Standout sessions

Microsoft speakers appeared in more than 20 earned sessions at this year’s RSA, addressing everything from supply chain attacks to ransomware, botnets, and ways to protect our democracy. We also hosted 40 sessions in our booth. Some of our most popular sessions included:

• Practical Learnings for Threat Hunting and Improving Your Security Posture: Hosted by Jessica Payne, Principal Security Researcher and Threat Intelligence Strategist at Microsoft, and Simon Dyson, Cyber Security Operations Centre Lead in NHS Digitals Data Security Centre, this 50-minute session addressed threat hunting and security posture improvements from a threat intelligence-informed perspective. Attendees gained insights from Jessica’s experience in demystifying and defusing real-world ransomware attacks. They also got a first-hand recounting of Simon’s work securing the complex network maintained by England’s National Health Service (NHS) during the pandemic, and how his team’s experience can benefit all of us.
• Conti Playbook: Infiltrate the Most Profitable Ransomware Gang: Participants learned how a disgruntled affiliate exposed one of the most infamous ransomware gangs, divulging its ransomware-as-a-service (RaaS) secrets to help take them down. This immersive, hands-on workshop guided attendees through a typical Conti attack sequence and provided tips to defend against advanced persistent threats. Thanks to Tom D’Aquino, Fabien Guillot, and Arpan Sarkar of Microsoft partner Vectra AI for this presentation.
• Microsoft Defender Experts for Hunting Has Got Your Back: Abhishek Agarwal, Chief Security and Technology Officer at Helix Biotech, examined threat hunting’s virtuous cycle: track, hunt, and analyze. Specifically, attendees learned how Microsoft Defender Experts for Hunting uses AI to accomplish all three components of the cycle faster, providing automated detection, hunting, and analysis to help the team track and stop threats across the company’s multi-national enterprise.
• Microsoft Security Research—How We Responsibly Disclose Vulnerabilities to Apple, Google, and the Linux Community: Jonathan Bar Or, Principal Security Researcher at Microsoft, discussed how disclosing bugs makes the world safer and benefits users, as well as giving Microsoft Security a better understanding of the technologies we work to protect.​ The goal is to challenge our own detections and prove product truth—making Microsoft Defender stronger by challenging our own blue teams.​
• Solve Secure Access Needs for Workload Identities with Microsoft Entra: Microsoft Product Managers Nick Wryter and Sandy Jiang led this informative session on the phenomenon of exploding workload identities. Currently, workload identities outnumber user identities five to one; the challenge being that many traditional identity and access management solutions don’t manage these prevalent and frequently over-permitted identities. Nick and Sandy explained how the new Microsoft Entra addresses this problem by providing a comprehensive view of every action performed by any identity on any resource, detecting anomalous permission usage at cloud scale.
• Tracking Highly Evasive APTs with Vectra Detect & Microsoft Sentinel: Tom D’ Aquino, Senior Security Engineer at Vectra AI, led this demonstration of real-life threat-hunting using Vectra Detect and Microsoft Sentinel. Tom demonstrated real-world workflows for threat tracking, including individual threat severity, lateral movement, threat targets, and more.
• The Shift of “Why” and “How” of Ransomware Attacks; How Microsoft Helps Customers Survive Ransomware: Led by MacKenzie Brown of Microsoft’s Detection and Response Team (DART), this session examined the how and why behind the recent increase in ransomware attacks. Attendees learned how attackers have evolved their methods to exert minimum effort for maximum return on investment (ROI), and why DART’s methodology can help you defeat them.

Shining a light on Shadow IT

Shadow IT can be broadly defined as a “set of applications, services, and infrastructure that are developed and managed outside of defined company standards.” These kinds of ad-hoc systems can pose a compliance risk, especially for security, privacy, data governance, and accessibility. Like any organization, Microsoft has not been immune to the proliferation of Shadow IT.

Figure 5. Vasu Jakkal and Bret Arsenault speak at the Microsoft pre-day event.

In keeping with our commitment to security for all, Microsoft CVP and CISO Bret Arsenault gave a special presentation on June 8, 2022, addressing Microsoft’s approach to managing Shadow IT. Bret discussed how Microsoft’s security team is enabling engineers and developers to build and operate security capabilities in the cloud, as well as Microsoft’s three primary principles for managing and addressing Shadow IT. For attendees wanting to learn more, we followed up the event with a free white paper on managing Shadow IT.  We’ve also made Bret’s presentation slides available to everyone.

2022 Excellence Awards

The Microsoft Security Excellence Awards (formerly Microsoft Security 20/20 Awards) recognize Microsoft Intelligent Security Association (MISA) members’ success during the past 12 months. This year’s 10 award categories were carefully selected to recognize the unique ways MISA members support their customers and help improve Microsoft security products. Our cross-functional panel carefully examined hundreds of nominations, narrowing the field to just three finalists for each category.

In the spirit of collaboration, Microsoft and MISA members alike voted on the winners. After dinner and cocktails, the awards were handed out at the San Francisco Design Center by Microsoft executives Phil Montgomery, Andrew Conway, Alym Rayani, Irina Nechaeva, Desmond Forbes, Sue Bohn, Mandana Javaheri, Madhu Prasha, Scott Woodgate, and myself. MISA members are a critical part of our approach to comprehensive security. We’re grateful for their vision and dedication to our shared mission of helping customers do more, safely. To all of this year’s finalists and winners—congratulations!

Comprehensive security year-round

Microsoft now protects 785,000 customers around the world, including our own digital estate. Our goal is to provide comprehensive security for our customers while enabling greater security for our shared online world. Microsoft’s best-in-breed protection, built-in intelligence, and simplified management integrates more than 50 product categories in six product families, allowing you to be fearless in the pursuit of your vision.  Our newest product family, Microsoft Entra, helps fulfill that mission by creating a secure entry point for end-to-end security. Entra provides a unified admin center for Azure Active Directory (Azure AD), Entra Permissions Management, and Entra Verified ID where your organization can quickly verify and secure every identity or access request—all in one place.

Our commitment to comprehensive security also means providing the latest research and first-hand knowledge to help keep your organization secure. You can learn more at Cyber Signals, a cyberthreat intelligence brief drawn from the latest Microsoft data and research. If you attended RSA and engaged with Microsoft, please take a few minutes to respond to our RSAC 2022 survey so we can continue to improve your experience. My thanks to everyone who attended, and we’ll see you next year!  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.