Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
The RSA Conference (RSAC) gave us an incredible opportunity to meet with security professionals from around the world, learn about exciting advances in the world of cybersecurity, and share our own security innovations. Defenders everywhere serve an important mission of protecting our world, and RSAC is a special time to connect with the defender community and support each other in our collective mission.
I had the honor of representing Microsoft at our RSA keynote, “Defending at Machine Speed: Technology’s New Frontier.” AI is having a profound impact in our world, and I believe security is going to be one of AI’s most important use cases. During this session, I shared how AI is causing a paradigm shift, augmenting the essential power of human intuition and expertise and reshaping the future of cybersecurity. For details, watch the full keynote here (video courtesy of RSA Conference).
RSAC is the largest and most important cybersecurity conference in the industry—we value every opportunity to learn directly from our customers, partners, and community, and share how Microsoft Security is empowering our customers to protect everything.
Let’s walk through some of the most memorable moments from RSAC.
Microsoft Security opened RSAC with the Pre-Day event and reception on Sunday, April 23. Pre-Day was an expansion of our presence at RSAC and amplification of the announcements we made at Microsoft Secure. The presentations helped attendees gain a deeper understanding of what an AI-powered future means for cybersecurity. They also shared comprehensive strategies to help organizations protect everything, highlighted the latest announcements in Threat Intelligence, which is critical to defending against an evolving threat landscape, and gave customers a chance to interact with Microsoft Security business and engineering leaders, as well as network with their peers during an evening reception. I was very pleased to share the stage with Charlie Bell, Executive Vice President, Microsoft Security; Bret Arsenault, CVP, Microsoft Security and Chief Information Security Officer; Kelly Bissell, CVP, Microsoft Security; Andy Elder, CVP, Microsoft Security Solution Area; Jeremy Dallman, Principal Research Director, Microsoft Threat Intelligence; Holly Stewart, Principal Research Director, Microsoft Threat Intelligence; and engineering leaders.
Microsoft Security Copilot, Microsoft’s new generative AI solution, garnered plenty of buzz during the conference. First announced at Microsoft Secure, Security Copilot combines the latest Open AI large language model with Microsoft’s unique security specific model powered by 65 trillion signals, human intelligence, and cyberskills to help defenders move at the speed and scale of AI. It was wonderful to see the interest from our customers and partners for Security Copilot.
Now in private preview, this groundbreaking technology serves as a true copilot to defenders. It augments a security analyst’s work, continually learning from users and letting them provide feedback and inform future interactions. The AI capabilities you gain include ongoing access to the most advanced OpenAI models, integration with Microsoft’s end-to-end security portfolio, and visibility and evergreen threat intelligence powered by your organization’s security products and the 65 trillion threat signals received by Microsoft every day. Importantly, Security Copilot is built with privacy at its heart. This means your data remains your data, and it is not used to train or enrich foundation AI models. Further, Security Copilot runs on our security and privacy-compliant Azure Cloud hyperscale infrastructure, enabling organizations to truly defend at machine speed.
In other threat intelligence news, Microsoft Defender Threat Intelligence is now available to licensed customers directly within Microsoft 365 Defender. It’s already integrated with Microsoft Sentinel and now has an application programming interface (API) to help enrich incidents, automate incident response, and work with a broad ecosystem of security tools. With this advancement, you get one of the world’s best threat intelligence, integrated with the tools you use every day.
Specific capabilities available as part of a Microsoft Sentinel solutions package—generally available beginning in July—are:
At RSAC, we also had several other major product announcements.
Security researchers and customers are confronted with an overwhelming amount of threat intelligence data—and we want to help by giving them better clarity. Our new threat actor naming taxonomy will offer a more organized, articulate, and easy way to reference adversary groups so that organizations can better prioritize threats and protect against attacks. Microsoft Security also is rolling out a new icon system to make it even easier to identify and remember threat actors. Each icon represents a unique family name and will accompany the threat actor names as a visual aid.
Microsoft Defender for API is a new offering focused on threat protection for APIs—built for organizations that provide cross-organizational visibility of the Azure API Management inventory, data classification, and coverage to detect exploits of API risks. Classify and understand the API security posture based on cloud security insights and sensitive data exposure. Harden API configuration and prioritize API risk remediation by monitoring for security best practices in a full lifecycle approach, across infrastructure as code templates and runtime environments. Detect and respond to active runtime threats within minutes—using machine learning powered anomalous and suspicious API usage detections.
Microsoft Defender External Attack Surface Management (MDEASM)—Data Connector provides automated export of attack surface details, updates, and findings to Kusto or Microsoft Sentinel Log Analytics, giving customers the ability to analyze, report, and correlate attack surface information against other data sources and use additional tooling such as Power BI to customize analysis to their organization’s needs.
Now in general availability as part of the Microsoft Intune Suite and as a standalone add-on, Microsoft Intune Endpoint Privilege Management is a feature that enables admins to set policies that allow standard users to perform tasks normally reserved for an administrator. The feature supports automatic and user-confirmed workflows for elevation as well as insights and reporting.
Highlights of our sessions included:
Living up to its name, the Microsoft Security Hub was a hubbub of activity throughout RSA Conference. Held at the Ecosystem Coworking Space, the private and semi-private meeting rooms provided fantastic opportunity for us to meet with customers and partners, and there were multiple learning opportunities and networking events.
Microsoft Security Excellence Awards (MISA) members gathered on April 24 at The Fairmont Hotel to honor award winners in 11 security categories at the Microsoft Security Excellence Awards. The fourth annual awards give us an opportunity to recognize outstanding contributions of partners in our MISA organization. MISA is a coalition of Microsoft leaders and subject matter experts, independent software vendors, and managed security service providers working together to defend organizations around the world from increasing threats. Watch the awards yourself to see all the excitement!
Two nights later, Microsoft sponsored the 13th Annual Executive Dinner, hosted by Forgepoint Capital and PwC. The event’s theme was “Working Together in the New Era of Transparency and Resilience.” Guests enjoyed dinner, cocktails, and conversation about cybersecurity.
If you attended RSAC and engaged with Microsoft, please take a few minutes to respond to our RSAC 2023 survey so we can continue to improve your experience. My thanks to everyone who attended, and we’ll see you next year!
We relish any opportunity to connect with customers and partners and hear your stories of how you’re innovating with technology. Thankfully, we don’t have long to wait. Join us in Seattle for Microsoft Build, including pre-day workshops on May 22, 2023, and keynotes, Expert Meet-ups, sessions, demos, and skill labs May 23 to 25, 2023. If you can’t attend in-person, consider attending virtually May 23 to 24, 2023. Register today to reserve your spot.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.