Security webinars and videos
IoT infrastructure security
Hear strategies for keeping your IoT infrastructure secure against attackers.
Register nowProtect against cloud attacks
Understand the threat landscape and strengthen your defense.
Register nowTop five security threats
Learn how to respond to the top five security threats facing your business.
Watch nowCybersecurity keynote
Hear CEO Satya Nadella speak about cybersecurity and the unique perspective Microsoft brings to enterprise security.
Watch nowDatacenter infrastructure
Watch this short video and learn why 85% of Fortune 500 companies choose Microsoft.
Watch nowWhat keeps CISOs up at night
Learn how to improve your security posture for today’s expanding threat landscape.
Watch nowSecurity and cloud computing for government agencies
Discover how federal, state, and local governments can embrace new technology and maintain high standards of security.
Watch now
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Microsoft Secure</title>
<atom:link href="https://cloudblogs.microsoft.com/microsoftsecure/feed/" rel="self" type="application/rss+xml" />
<link>https://cloudblogs.microsoft.com/microsoftsecure</link>
<description>In-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance</description>
<lastBuildDate>Tue, 10 Oct 2017 20:07:33 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<generator>https://wordpress.org/?v=4.8.2</generator>
<item>
<title>SharePoint and OneDrive: security you can trust, control you can count on</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/10/sharepoint-and-onedrive-security-you-can-trust-control-you-can-count-on/</link>
<pubDate>Tue, 10 Oct 2017 19:00:19 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70447</guid>
<description><![CDATA[This post is authored by Bill Baer, Senior Product Marketing Manager, SharePoint and OneDrive Team. In todays complex and regulated environment, businesses need to focus on building more secure solutions that deliver value to their customers, partners, and shareholdersboth in the cloud and on-premises. Microsoft has been building enterprise software for decades and running some <p><a class="read-more" title="SharePoint and OneDrive: security you can trust, control you can count on" aria-label="Read more about SharePoint and OneDrive: security you can trust, control you can count on" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/10/sharepoint-and-onedrive-security-you-can-trust-control-you-can-count-on/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p><em>This post is authored by Bill Baer, Senior Product Marketing Manager, SharePoint and OneDrive Team.</em></p> <p>In todays complex and regulated environment, businesses need to focus on building more secure solutions that deliver value to their customers, partners, and shareholdersboth in the cloud and on-premises.</p> <p><img class=" wp-image-70462 alignleft" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Securing-your-content-in-the-new-world-of-work-with-SharePoint-and-OneDrive.png" alt="" width="503" height="316" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Securing-your-content-in-the-new-world-of-work-with-SharePoint-and-OneDrive.png 754w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Securing-your-content-in-the-new-world-of-work-with-SharePoint-and-OneDrive-300x189.png 300w" sizes="(max-width: 503px) 100vw, 503px" /></p> <p>Microsoft has been building enterprise software for decades and running some of the largest online services in the world. We draw from this experience to keep making SharePoint and OneDrive more secure for users, by implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of your services and data.</p> <p>SharePoint and OneDrive are uniquely positioned to help you address these evolving security challenges. To begin with, Microsoft has continued to evolve with new standards and regulations. This has been a guiding principle as we think about security for SharePoint and OneDrive. Right alongside that principle is this one: There is no security without usability. If security gets in the way of productivity, users will find a different, less secure way to do their work.</p> <p>SharePoint and OneDrive allow your organization to go beyond its regular business rhythms and be nimbler in responding to market changes and opportunities. These solutions enable users to access the files and documents they need wherever they’re doing work while sharing and collaborating in real-time. And you control and own your data while Microsoft takes care of it. <a href="http://sharepoint-infographic.azurewebsites.net/">Explore</a> the many options SharePoint and OneDrive provide to secure you and your information and then read our eBook <em><a href="https://www.microsoft.com/en-us/download/details.aspx?id=55242">Securing your content in the new world of work with SharePoint and OneDrive</a>.</em></p> <p>For businesses, the time is now to reevaluate security practices. In the modern communications and collaboration, landscape connectivity is ubiquitous and the ability to work remotely has become an ingrained part of the work practice. People have come to expect to be able to access email and documents from anywhere on any device – and for that experience to be seamless.</p> <p>While this has been an enormous boost to productivity, it also presents huge challenges for security. Previously, businesses needed to concern themselves with a firewall that ended at the corporate boundary. Now that boundary has shifted to the end user. Businesses need to ensure sure that corporate data is safe while enabling users to stay productive in today’s mobile-first world, where the threat landscape is increasingly complex and sophisticated.</p> <p>We know that data loss is non-negotiable, and overexposure to information can have legal and compliance implications. SharePoint and OneDrive provide a broad array of features and capabilities designed to make certain that your sensitive information remains that way with investments across our security and compliance principles to include compliance tools that span on-premises servers and Office 365 while providing a balance between enabling user self-service.</p> <p>The rapidly-changing security landscape means that your organization’s content – its knowledge – is being shared more broadly, and accessed from more devices and more locations, than ever before. We’re committed to the security, privacy, and compliance of your data, and we continuously innovate intelligent ways to protect your content and to empower you to govern and manage information. Last month we announced label-based classification for information management policies, which enable a more dynamic governance of content across SharePoint, Exchange, and Skype, and Microsoft Teams. We’re continuously working to ensure content usage adheres to corporate policy defending your organization from todays growing and evolving advanced threats.</p> <p>To learn more about security and compliance with SharePoint and OneDrive:</p> <ul> <li><a href="https://www.microsoft.com/en-us/download/details.aspx?id=53884">Read more about how we secure your files</a></li> <li><a href="https://products.office.com/en-us/business/office-365-trust-center-welcome?legRedir=true&CorrelationId=de8d945b-65d3-41bc-b5a5-41d503131554">Review Office 365 Trust where we share our commitments and information about security, privacy, and compliance</a></li> <li>Stay up to date with our <a href="https://blogs.office.com/security/">security</a> and <a href="https://blogs.office.com/compliance/">compliance</a> blogs</li> </ul> ]]></content:encoded>
</item>
<item>
<title>Announcing support for TLS 1.1 and TLS 1.2 in XP POSReady 2009</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/05/announcing-support-for-tls-1-1-and-tls-1-2-in-xp-posready-2009/</link>
<pubDate>Thu, 05 Oct 2017 09:00:33 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70405</guid>
<description><![CDATA[This post is authored by Arden White, Senior Program Manager, Windows Servicingand Delivery. As a follow-up to our announcement regarding TLS 1.2 support at Microsoft, we are announcing that support for TLS1.1/TLS 1.2 on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 is now available for download as of October 17th, 2017. Were offering <p><a class="read-more" title="Announcing support for TLS 1.1 and TLS 1.2 in XP POSReady 2009" aria-label="Read more about Announcing support for TLS 1.1 and TLS 1.2 in XP POSReady 2009" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/05/announcing-support-for-tls-1-1-and-tls-1-2-in-xp-posready-2009/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p><em>This post is authored by Arden White, Senior Program Manager, Windows </em>Servicing<em>and Delivery.</em></p> <p>As a follow-up to our announcement regarding <a href="https://blogs.microsoft.com/microsoftsecure/2017/06/20/tls-1-2-support-at-microsoft/">TLS 1.2 support at Microsoft</a>, we are announcing that support for TLS1.1/TLS 1.2 on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 is now available for download as of October 17th, 2017. Were offering this support in recognition that our customers have a strong demand for support for these newer protocols in their environment.</p> <p>This update for Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 will include support for both TLS 1.1 and TLS 1.2. For application compatibility purposes, these protocols will be disabled by default in a manner similar to the TLS 1.1/TLS 1.2 support that was disabled by default in Windows 7 and Windows Server 2008 R2. After downloading and installing the update these protocols can be enabled by setting the registry keys described in <a href="https://support.microsoft.com/kb/4019276">KB4019276</a>.</p> <p>This update is being made available on the following timeline:</p> <table style="height: 226px" width="980"> <tbody> <tr> <td width="208"><strong>Release Date</strong></td> <td width="236"><strong>Channels</strong></td> <td width="180"><strong>Classification</strong></td> </tr> <tr> <td width="208">October 17, 2017</td> <td width="236">Microsoft Catalog</td> <td width="180"></td> </tr> <tr> <td width="208">January 16, 2018</td> <td width="236">Windows Update/WSUS/Catalog</td> <td width="180">Optional</td> </tr> <tr> <td width="208">February 13, 2018</td> <td width="236">Windows Update/WSUS/Catalog</td> <td width="180">Recommended</td> </tr> </tbody> </table> ]]></content:encoded>
</item>
<item>
<title>Advanced Threat Analytics security research network technical analysis: NotPetya</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/03/advanced-threat-analytics-security-research-network-technical-analysis-notpetya/</link>
<pubDate>Tue, 03 Oct 2017 10:00:17 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70375</guid>
<description><![CDATA[This post is authored by Igal Gofman, Security Researcher, Advanced Threat Analytics. On June 27, 2017 reports on a new variant of Petya (which was later referred to as NotPetya) malware infection began spreading across the globe. It seems the malwares initial infection delivered via the “M.E.doc” update service, a Ukrainian finance application. Based on <p><a class="read-more" title="Advanced Threat Analytics security research network technical analysis: NotPetya" aria-label="Read more about Advanced Threat Analytics security research network technical analysis: NotPetya" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/03/advanced-threat-analytics-security-research-network-technical-analysis-notpetya/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p><em>This post is authored by Igal Gofman, Security Researcher, Advanced Threat Analytics.</em></p> <p>On June 27, 2017 reports on a new variant of Petya (which was later referred to as NotPetya) malware infection began spreading across the globe. It seems the malwares initial infection delivered via the “M.E.doc” update service, a Ukrainian finance application. Based on our investigation so far, the propagation steps executed by the malware can be considered sophisticated and well tested.<br /> The malware distributes itself as a DLL file, spreading over internal networks using different lateral movement techniques.</p> <p>This blog post focuses on the network behavior analysis of NotPetya and the techniques it uses to propagate in the network. This is ongoing research, and well update with additional findings as those become available.</p> <h2>Malware Propagation Flows</h2> <p><img class="size-large wp-image-70378 aligncenter" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph-1024x576.png" alt="" width="1024" height="576" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph-1024x576.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph-300x169.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph-768x432.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph.png 1578w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <h3>Delivery & Initial execution</h3> <p>The malware is delivered via the “M.E.doc” service to infect the first endpoint.</p> <p>The malware executes and extracts the relevant components to disk. These include:</p> <ol> <li>PsExec – Network remote execution tool.</li> <li>A credential dumping tool.</li> </ol> <p>More information on these steps can be found at the <a href="https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/">Windows Security blog</a>.</p> <h3>Reconnaissance</h3> <p>The internal network is probed using multiple discovery methods to identify new workstations and domain controllers. These include:</p> <ul> <li>LANMAN NetServerEnum2 API used to get information about workstations and domain controllers.</li> <li>Probing using ports 139 and 445 to other endpoints.</li> <li>If a domain controller is accessible, the malware queries its DHCP Service to enumerate DHCP subnet.</li> <li>In case DHCP subnets are discovered, the malware will continue its discovery against those subnets as well.</li> </ul> <p><strong>Reconnaissance example – NetServerEnum2</strong></p> <p><img class="alignnone size-full wp-image-70381" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Reconnaissance-example-Step-3-NetServerEnum2.png" alt="" width="955" height="447" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Reconnaissance-example-Step-3-NetServerEnum2.png 955w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Reconnaissance-example-Step-3-NetServerEnum2-300x140.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Reconnaissance-example-Step-3-NetServerEnum2-768x359.png 768w" sizes="(max-width: 955px) 100vw, 955px" /></p> <p><strong>In the screenshot above, we can see the NetServerEnum2 API used by the infected machine. </strong><br /> <strong>The response includes the domain controller and a list of all known workstations response.</strong></p> <h3>Lateral Movement</h3> <p>To spread itself on the network, the malware tries to access the administrative share ($admin).</p> <ul> <li>If the SeDebugPrivilege privilege obtained (Step2), a credentials dumping tool is used to recover additional user credentials from the local memory.</li> <li>Our lab tests have shown that in addition to the current account session, only one additional user is used by the malware to probe the remote hosts. The malware seems to ignore memory dumped users who were tagged under a new credentials session. Moreover, it seems like only one user (the last one who is in memory) is used to probe the destination host</li> <li>Each target endpoint is accessed using multiple authentication protocols, such as NTLM and Kerberos over GSSAPI (SPNEGO). The credentials used for access are: <ul> <li>Current user context, under which the malware is running.</li> <li>Successfully dumped credentials (if available).</li> </ul> </li> </ul> <p>In the screenshot below, we can see multiple CIFS ticket requests performed by the malware on behalf of the dumped user. Such broad abnormal access attempts performed by the malware will be detected by Microsoft Advanced Threat Analytics (ATA) abnormal behavior detection. Based on previously learned user behavior analytics, the detection mechanism will recognize and alert on the abnormal resource access performed by the malware using the compromised credentials.</p> <p><strong>Multiple TGS-REQ</strong></p> <p><img class="alignnone size-full wp-image-70384" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Multiple-TGS-REQ.png" alt="" width="744" height="607" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Multiple-TGS-REQ.png 744w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Multiple-TGS-REQ-300x245.png 300w" sizes="(max-width: 744px) 100vw, 744px" /></p> <p><strong>In the screenshot above, we can see multiple CIFS ticket requests.</strong></p> <p><strong>Example of abnormal user access – ATA</strong></p> <p><img class="alignnone size-large wp-image-70387" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA-1024x870.png" alt="" width="1024" height="870" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA-1024x870.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA-300x255.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA-768x653.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA.png 1152w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <h3>Remote Execution</h3> <p>If access to the administrative share was obtained, the malware copies itself to the target host and executes PSEXEC and WMIC.</p> <p><strong>Malware Copy</strong></p> <p><img class="alignnone size-large wp-image-70390" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5-1024x280.png" alt="" width="1024" height="280" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5-1024x280.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5-300x82.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5-768x210.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5.png 1343w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <p><strong>PSEXEC Service creation</strong></p> <p><img class="alignnone size-large wp-image-70393" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation-1024x319.png" alt="" width="1024" height="319" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation-1024x319.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation-300x93.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation-768x239.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation.png 1349w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <p><strong>In the screenshot above, the infected host starts executing the PSEXEC tool.</strong></p> <h3>Exploitation (optional)</h3> <p>If all propagation steps failed, the malware tries to execute one of the SMB exploits (MS17-010).</p> <p><strong>Available SMB Exploits:</strong></p> <ol> <li>EternalBlue CVE-2017-0144</li> <li>EternalRomance – CVE-2017-0145</li> </ol> <p>The above steps are performed simultaneously, using multiple threads and runs against each target host. For further information regarding the SMB exploit mitigation, malware encryption steps and initial infection stage, please refer to the <a href="https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/">Petya worm capabilities</a> blog post.</p> <p><strong>The spreading capabilities used by the NotPetya malware introduce a new level of sophistication when executing lateral movement.</strong></p> <h2>Detection and mitigation</h2> <p>Microsoft Advanced Threat Analytics allows customers to detect and to investigate a variety of advanced techniques including the lateral movement technique used by NotPetya.</p> <p>This type of lateral movement can be detected by ATA as abnormal resource access – given the large scanning performed by the user to attempt access additional endpoints on the subnet.</p> <p>There are several ways customers can detect and prevent NotPetya from impacting their environment.</p> <p>First, we strongly recommend customers that have not yet installed security update MS17-010 to do so as soon as possible. If applying the patch is not possible, disable SMB V1 on the corporate networks.</p> <p>Second, we recommend that you verify good credential hygiene. To learn more, read the following article about <a href="https://www.microsoft.com/itshowcase/Article/Content/601/Protecting-highvalue-assets-with-secure-admin-workstations">protecting high value assets with secure admin workstations</a>.</p> <h2>Additional Resources</h2> <p><strong>KB</strong></p> <ul> <li><a href="https://technet.microsoft.com/en-us/library/security/ms17-010.aspx">MS17-010 Security Update</a></li> </ul> <p><strong>Blog</strong></p> <ul> <li><a href="https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/"></a><a href="https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/">New ransomware, old techniques: Petya adds worm capabilities</a></li> <li><a href="https://blogs.technet.microsoft.com/mmpc/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/">Windows 10 platform resilience against the Petya ransomware attack</a></li> </ul> ]]></content:encoded>
</item>
<item>
<title>Stepping up protection with intelligent security</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/09/25/stepping-up-protection-with-intelligent-security/</link>
<pubDate>Mon, 25 Sep 2017 13:00:54 +0000</pubDate>
<dc:creator><![CDATA[Julia White]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Featured]]></category>
<guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=69940</guid>
<description><![CDATA[With digital transformation, technology becomes increasingly central to every business and organization. This makes ensuring cybersecurity increasingly important. And, as employees increase their use of mobile devices and cloud-based apps, protecting their work requires a new approach for IT. With 80% of employees admitting to the use of non-approved cloud apps for work, ensuring data protection cannot be left to employees to manage.]]></description>
<content:encoded><![CDATA[<p><img class="wp-image-69994 alignright" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/MS-Ignite-Venue.jpg" alt="" width="500" height="317" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/MS-Ignite-Venue.jpg 630w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/MS-Ignite-Venue-300x190.jpg 300w" sizes="(max-width: 500px) 100vw, 500px" /></p> <p>With digital transformation, technology becomes increasingly central to every business and organization. This makes ensuring cybersecurity increasingly important. And, as employees increase their use of mobile devices and cloud-based apps, protecting their work requires a new approach for IT. With 80% of employees admitting to the use of non-approved cloud apps for work, ensuring data protection cannot be left to employees to manage.</p> <p>To address these needs, Microsoft continues to take a multi-faceted approach to providing built-in security capabilities. These span areas across:</p> <ul> <li>Protecting at the front door</li> <li>Protecting data anywhere</li> <li>Achieving data security compliance objectives</li> <li>Detecting and recovering from attacks</li> <li>Managing the security tool set</li> </ul> <p>The Microsoft security tools continuously improve with insight from the Microsoft Intelligent Security Graph, which serves as the connective tissue across Microsoft security solutions. Today at <a href="https://www.microsoft.com/ignite">Ignite</a>, we are announcing new integrations, expanded capabilities, and partnerships toward addressing the complex areas of cybersecurity for all organizations.</p> <h2>Protect at the front door</h2> <p>The vast majority of security breaches continue to trace back to weak or stolen passwords. Because its proving to work, attackers are increasing their focus on stealing passwords to access corporate systems. The latest <a href="https://www.microsoft.com/sir">Microsoft Security Intelligence Report</a> shows a 300 percent increase in user account attacks. To address this growing issue, it is essential to focus on securing identities and access. Our cloud-based approach is through broadly implemented conditional access.</p> <p>Conditional access enables you to control who has access to your organizations resources based on a combination of risk factors, such as user account activity, physical location, and the trustworthiness of the device. <a href="http://www.microsoft.com/identity">Azure Active Directory</a> analyzes these factors and applies continuous cybersecurity threat intelligence, powered by Microsofts Intelligent Security Graph. This insight provides real-time risk assessment, and triggers the appropriate authentication requirements needed for accessing apps and data. Today, we are expanding conditional access capabilities by integrating with Microsoft Cloud App Security, Azure Information Protection, and our partners in the ecosystem:</p> <ul> <li>Microsoft <a href="http://www.cloudappsecurity.com/">Cloud App Security</a> performs real-time monitoring and helps IT gain control over cloud apps and how employees use these apps. Now with Cloud App Security, users actions taken in cloud applications can be managed and controlled based on conditional access policies and proxy-enforced session restrictions. For example, you can allow users to access cloud apps from an unfamiliar location or unmanaged device, but prevent them from downloading documents.</li> <li>To further enhance security at the file level, we’re introducing conditional access for sensitive files. With the integration of <a href="https://www.microsoft.com/en-us/cloud-platform/azure-information-protection">Azure Information Protection</a> and Azure Active Directory, conditional access can be set up to allow or block access to documents protected with Azure Information Protection. You can also enforce additional security requirements such as multi-factor authentication or device enrollment.</li> <li>Not only are we providing better integration within our own solutions to deliver holistic and identity-driven security, we also are working with our partners to extend conditional access in the ecosystem. In addition to Azure multi-factor authentication (MFA), you can now use RSA, Duo or Trusona for two-step authentication as part of your conditional access policy.</li> </ul> <h2>Protect your data anywhere</h2> <p>Employees are using more SaaS apps, creating more data, and working across multiple devices. While this has enabled people to do more, it has also increased the risk of data loss it is estimated that 58% of workers have accidentally shared sensitive data with the wrong person.</p> <p>Microsofts Information Protection solutions help you detect, classify, protect and monitor your data regardless of where it is stored or shared. Today, were announcing several new investments in the integration across our information protection solutions helping provide more comprehensive protection across the data lifecycle.</p> <p>A key part of this vision is to provide a more consistent and integrated classification, labeling and protection approach across our information protection technologies, enabling persistent protection of your data everywhere. Microsoft Cloud App Security natively integrates with Azure Information Protection to classify and label files that reside in cloud applications.</p> <p>Finally, we are announcing the general availability of improvements to <a href="https://products.office.com/en-us/exchange/office-365-message-encryption">Office 365 message encryption</a>, which makes it easier to share protected emails with anybody inside or outside of your organization. Recipients can view protected Office 365 emails on a variety of devices, using common email clients or even consumer email services such as Gmail and Outlook.com.</p> <h2>Achieve your data security compliance objectives</h2> <p>Regulated organizations have additional needs to demonstrate compliance, and were investing in tools to help achieve those goals.</p> <p>Customer Key can help regulated customers meet their security compliance obligations by providing added control and management of encryption keys. To learn more, check out this <a href="https://youtu.be/y-BSmEhdk7c?t=8m18s">video example</a> of how Customer Key works in SharePoint Online.</p> <p>Beyond just security compliance, achieving organizational compliance is a complex challenge. Its hard to stay up-to-date with all the regulations that matter to your organization, and to define and implement controls with limited in-house capability. Were pleased to introduce the upcoming preview of Compliance Manager, which enables you to manage your compliance posture from one place and stay up-to-date on evolving data protection regulations. Compliance Manager enables real-time risk assessment with one intelligent score reflecting your compliance posture against data protection regulations when using Microsoft cloud services. It also provides recommended actions and step-by-step guidance to help you improve your compliance posture.</p> <h2>Detect and recover from attacks</h2> <p>On average breaches exist for over 90 days in a customers environment before they are detected. In response, many organizations are moving to an assume breach posture. We continue to invest in tools that help detect attacks sooner and then remediate. But, we know its also important to continue investing in pre-breach attack prevention tools.</p> <p>Today, we are announcing several new capabilities to further improve our anti-phishing capabilities in <a href="https://products.office.com/en-us/exchange/online-email-threat-protection">Office 365 Advanced Threat Protection</a>, with a focus on mitigating content phishing, domain spoofing, and impersonation campaigns. Office 365 Advanced Threat Protection is also expanded to help secure SharePoint Online, OneDrive for business, and Teams. In Office 365 Threat Intelligence, we have introduced threat insights and tracking to help with detection and remediation. In Windows, we are adding Windows Defender Application Control, which is powered by the Microsoft Intelligent Security Graph to make it less likely that malicious code can run on the endpoint.</p> <p>On the post-breach detection side, we are announcing the limited preview of a brand-new service Azure Advanced Threat Protection for users that brings our on-premises identity threat detection capabilities to the cloud and integrates them with the Microsoft Intelligent Security Graph. Powered by the graph, our Advanced Threat Protection products have a unified view of security event data so your security operations analysts can investigate an incident from endpoint to end-user to e-mail. Finally, as previously announced earlier in the month, <a href="https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp">Windows Defender Advanced Threat Protection</a> is integrating Hexadite’s AI technology to automatically investigate new alerts, determine the complexity of a threat, and take the necessary actions to remediate it.</p> <h2>Security management</h2> <p>Protecting resources across distributed infrastructure against evolving cyberthreats demands a new approach to security management a solution that provides comprehensive visibility, consistent controls and actionable intelligence and guidance.</p> <p>We are <a href="https://go.microsoft.com/fwlink/?linkid=856797">announcing</a> today that <a href="https://azure.microsoft.com/en-us/services/security-center/">Azure Security Center</a>, which helps customers protect workloads running in Azure against cybersecurity threats, can now also be used to secure workloads running on-premises and in other private and public clouds. Azure Security Center reduces management complexity by delivering visibility and control over workloads across clouds, enables adaptive threat prevention to reduce your exposure to threats, and provides intelligent detection to help you keep pace with rapidly evolving cyberattacks.</p> <p>Azure Security Center also has new capabilities to enable central management of security policies, better detect and defend against advanced threats, and streamline investigation of threats for your hybrid workloads. Read the Azure <a href="https://go.microsoft.com/fwlink/?linkid=856797">blog</a> to learn more about these and other new features.</p> <h2>Getting started</h2> <p>We have made it easier than ever to get end-to-end security solutions up and running. FastTrack for Microsoft 365 now provides deployment services for key security scenarios, giving you the resources, tools, and support you need from Microsoft engineers.</p> <p>FastTrack for Microsoft 365 can work with you directly, work with your existing partner, or help you get matched with a trusted Microsoft partner to deploy comprehensive security solutions. And the best part is this isnt a one-time benefit. It is a repeatable resource that you can use to ensure you have the help and resources you need.</p> <p>You can go to <a href="https://fasttrack.microsoft.com/">fasttrack.microsoft.com</a> and get help to deploy Microsoft products to address some of the most common security scenarios including:</p> <ul> <li>Working securely from anywhere, anytime on almost any device enabling a flexible workstyle</li> <li>Protect your data on files, apps and devices within and across orgs</li> <li>Detect and protect against external threats</li> <li>Protect your users and their accounts</li> <li>Securely collaborate on documents in real time</li> </ul> ]]></content:encoded>
</item>
<item>
<title>New Microsoft 365 features to accelerate GDPR compliance</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/09/25/new-microsoft-365-features-to-accelerate-gdpr-compliance/</link>
<pubDate>Mon, 25 Sep 2017 12:59:56 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[announce]]></category>
<category><![CDATA[Featured]]></category>
<guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=70066</guid>
<description><![CDATA[Today we made several Microsoft 365 security and compliance announcements and updates as part of the news from the Microsoft Ignite conference. I wanted to share how these new capabilities provide customers with a more complete and protected solution to simplify their journey to compliance with the General Data Protection Regulation (GDPR).]]></description>
<content:encoded><![CDATA[<p><em>This post is authored by Alym Rayani, Director Office 365 Security.</em></p> <h2>New capabilities in Microsoft 365 help simplify your GDPR compliance journey</h2> <p>Today we made several Microsoft 365 security and compliance announcements and updates as part of the news from the Microsoft Ignite conference. I wanted to share how these new capabilities provide customers with a more complete and protected solution to simplify their journey to compliance with the <a href="https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx">General Data Protection Regulation (GDPR)</a>.</p> <p>Earlier this year, we brought together Office 365, Enterprise Mobility + Security, and Windows into a single, always-up-to-date solution called Microsoft 365 relieving organizations from much of the cost of multiple, fragmented systems that were not necessarily designed to be compliant with modern standards. These announcements at Ignite add to our extensive capabilities that organizations are already using to secure and manage their data, users, and devices.</p> <h3>A platform you can trust, and verify</h3> <p>We understand that organizations with GDPR responsibilities will have additional needs to demonstrate compliance, and were investing in tools to help them achieve those goals.</p> <p>Microsoft 365 users enjoy built-in security and compliance for the apps, services, and devices that they use every day. Microsoft has a long history of transparency, defense-in-depth, and privacy-by-design that enabled us to be the first enterprise cloud services provider to implement the rigorous controls needed to earn approval for the EU Model Clauses, the first to achieve ISOs 27018 cloud privacy standard, and the first to offer contractual commitments to the GDPR.</p> <p><strong>Introducing Compliance Manager</strong> We understand that achieving your organizational compliance goals can be very challenging. Its hard to stay up-to-date with all the regulations that matter to your organization, and to define and implement the controls.</p> <p>Were pleased to introduce Compliance Manager, a new compliance solution that helps you to manage your compliance posture from one place. Compliance Manager enables you to conduct real-time risk assessment, providing one intelligent score that reflects your compliance performance against data protection regulatory requirements when using Microsoft cloud services.</p> <p>You will also be able to use the built-in control management and audit-ready reporting tools to improve and monitor your compliance posture. Read our <a href="https://aka.ms/compliance-manager-blog">Tech Community Blog</a>to learn more about Compliance Manager, and <a href="https://aka.ms/compliance-manager-preview">sign up for the preview program</a>, which will be available starting in November.</p> <p><img class="size-large wp-image-70075 aligncenter" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/Example-of-Compliance-Manager-dashboard-1024x818.png" alt="" width="640" height="511" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Compliance-Manager-dashboard-1024x818.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Compliance-Manager-dashboard-300x240.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Compliance-Manager-dashboard-768x613.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Compliance-Manager-dashboard.png 1300w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p style="text-align: center;"><em>Example of Compliance Manager dashboard</em></p> <p><strong>General availability of service encryption with Customer Key</strong> Were announcing the availability of service encryption with Customer Key, which can help regulated customers demonstrate additional compliance controls by managing the encryption keys for their Office 365 data. Here is an example of how Customer Key works in SharePoint Online:</p> <p><iframe src="https://www.youtube.com/embed/y-BSmEhdk7c" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen"></iframe></p> <h2>Simplify how you govern data</h2> <p>Organizations face ever increasing quantities of complex electronic data. Gaining control over this data overload so that you know what to keep and find whats relevant when you need it is critical for both security and compliance purposes. Today we are introducing several new features which further enhance the already rich set of capabilities available with Microsoft Information Protection and Advanced Data Governance.</p> <p>Companies of all sizes and industries need to protect their sensitive data and ensure that it doesnt get into the wrong hands. Employees are using more SaaS apps, creating more data, and working across multiple devices. While this has enabled people to do more, it has also increased the risk of data loss it is estimated that 58% of workers have accidentally shared sensitive data with the wrong person.</p> <p><strong>Microsofts Information Protection</strong> solutions help you identify, classify, protect and monitor your sensitive data as it is created, stored, or shared. We made several investments across our information protection solutions helping provide more comprehensive protection across the data lifecycle. A key part of our vision is to provide a more consistent and integrated classification, labeling, and protection approach across our information protection technologies, enabling persistent protection of your data everywhere. <strong>Microsoft Cloud App Security</strong> now deeply integrates with <strong>Azure Information Protection</strong> to classify and label files that reside in cloud applications.</p> <p><strong>Advanced Data Governance enhancements</strong>, including event based retention in Office 365 Advanced Data Governance, allows customers to create events which will trigger the retention period of data in Office 365 to consistently comply with internal business requirements. Disposing of data in a defensible manner allows organizations to effectively reduce their security and compliance risks. This feature is currently in the standard Office 365 Universal Preview Program and available for you to try.</p> <p><strong>New Multi-Geo Capabilities in Office 365</strong> enable a single tenant to span multiple Office 365 datacenter geographies (geos) to store data at-rest and on a per-user basis in customer specified geos. Multi-Geo helps customers address organizational, regional, and local data residency requirements and enables modern collaboration experiences for their globally dispersed employees. <a href="https://aka.ms/Multi-Geo">Learn more about Multi-Geo</a>.</p> <p>Also, we are announcing the general availability of improvements to <strong>Office 365 message encryption</strong>, which makes it easier to share protected emails with anybody inside or outside of your organization. Recipients can view protected Office 365 emails on a variety of devices, using common email clients or even consumer email services such as Gmail, Outlook.com, and Live.com.</p> <h3>Use intelligent tools to better discover and control your data</h3> <p>Many organizations are evaluating how to find and protect the personal data they collect. With the explosion of data and its increasing value many organizations cannot adequately manage their assets with traditional manual processes.</p> <p>Unfortunately, even once you know where all the data is and how it should be managed, you must constantly ensure it is protected from threats. The GDPR requires organizations take appropriate measures to prevent unauthorized access or disclosure and to notify stakeholders in the case of breach. Today, on average attacks exist for over 90 days in an environment prior to detection. Microsoft continues to invest in tools that help detect attacks sooner and then remediate, as well as in pre-breach attack prevention tools.</p> <p><strong>Analysis of non-Office 365 data with Advanced eDiscovery</strong>: While the amount of data being generated and stored in Office 365 is growing at an exponential rate, many organizations still have data in legacy file shares and archives. Data is also being generated in other cloud services which may be relevant for an eDiscovery case surrounding a Data Subject Request. Analysis of non-Office 365 data allows organizations to import the case-specific copy of such data into a specifically assigned Azure container and analyze it using Office 365 Advanced eDiscovery. Having one eDiscovery workflow for both Office 365 and non-Office 365 data provides organizations with the consistency they need to make defensible decisions across the entire data set of a case.</p> <p>This feature is currently in preview and requires an Advanced eDiscovery license for each user whose data is being analyzed. Later this year, in addition to Advanced eDiscovery licenses this feature will require the purchase of the eDiscovery Storage plan for all non-Office 365 data imported into the specifically assigned Azure container for analysis by Advanced eDiscovery. The eDiscovery Storage plan comes in increments of 500GB of storage and is priced at $100 per month.</p> <p><img class="size-large wp-image-70081 aligncenter" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/Example-of-Advanced-eDiscovery-1024x557.png" alt="" width="640" height="348" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Advanced-eDiscovery-1024x557.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Advanced-eDiscovery-300x163.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Advanced-eDiscovery-768x418.png 768w" sizes="(max-width: 640px) 100vw, 640px" /></p> <p style="text-align: center;"><em>Example of Advanced eDiscovery</em></p> <p>To better protect your users against threats, we also improved our anti-phishing capabilities in <strong>Office 365 Advanced Threat Protection</strong>, with a focus on mitigating content phishing, domain spoofing, and impersonation campaigns. Office 365 Advanced Threat Protection is also expanded to help secure SharePoint Online, OneDrive for business, and Teams. In Windows, we added <strong>Windows Defender Application Contro</strong>l, which is powered by the Microsoft Intelligent Security Graph to make it less likely that malicious code can run on that endpoint.</p> <p>On the post-breach detection side, we announced the limited preview of a brand-new service <strong>Azure Advanced Threat Protection</strong> for users that brings our on-premises identity threat detection capabilities to the cloud and integrates them with the Microsoft Intelligent Security Graph. Finally, as previously announced earlier in the month, <strong>Windows Defender Advanced Threat Protection</strong> is integrating Hexadite’s AI technology to automatically investigate new alerts, determine the complexity of a threat, and take the necessary actions to remediate it.</p> <p><strong>Office 365 security management updates</strong> We have also made a few updates to Advanced Security Management to give you even better visibility and control over Office 365. To help organizations in the EU meet their compliance obligations, starting in October, we will begin hosting Advanced Security Management in our EU datacenter region. We are also giving you additional visibility into the service by adding support for activities from Skype for Business, Yammer and Office 365 Threat Intelligence. The signals from these services will be used to generate activity alerts and be factored into anomaly detection alerts. Lastly, to better align our Microsoft 365 investments, we are renaming Advanced Security Management to Office 365 Cloud App Security.</p> <h2>Taking the next step on your GDPR compliance journey</h2> <p>The GDPR is compelling every organization to consider how they will respond to todays security and compliance challenges. It may require significant changes to how your business gathers, uses, and governs data.</p> <p>As a global company with hundreds of millions of customers around the globe, we are subject to many stringent regulations including the GDPR and we understand the challenges you face. As your trusted partner, we are committed to going beyond our minimum responsibilities and always working on behalf of your best interests. To that end, Microsoft is an active participant in a community of compliance experts that can support all aspects of your GDPR journey – such as audit and consulting, cloud migration assistance, as well as delivering specific point solutions.</p> <p>For more details on these announcements and the other capabilities of Microsoft 365, read the new whitepaper: <a href="https://aka.ms/M365-GDPR-paper">Accelerate your GDPR compliance journey with Microsoft 365</a>.</p> <p> </p> ]]></content:encoded>
</item>
<item>
<title>Security at Microsoft Ignite</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/09/22/security-at-microsoft-ignite/</link>
<pubDate>Fri, 22 Sep 2017 20:30:05 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=70021</guid>
<description><![CDATA[Microsoft Ignite begins this Sunday, September 24, with pre-day training and registration! The Microsoft Ignite event delivers the largest and most comprehensive perspective on the future of Enterprise technology at one conference. Everyone who attends IT pros and Enterprise developersgets inspiration, training, and connections to drive their business forward with Microsoft technology. 26,000+ IT and <p><a class="read-more" title="Security at Microsoft Ignite" aria-label="Read more about Security at Microsoft Ignite" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/09/22/security-at-microsoft-ignite/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p><img class="alignnone size-full wp-image-70048" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/MSCOM_Ignite_About_Connecting_Social_740x417.jpg" alt="" width="740" height="417" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/MSCOM_Ignite_About_Connecting_Social_740x417.jpg 740w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/MSCOM_Ignite_About_Connecting_Social_740x417-300x169.jpg 300w" sizes="(max-width: 740px) 100vw, 740px" /></p> <p><a href="https://www.microsoft.com/en-us/ignite/default.aspx">Microsoft Ignite</a> begins this Sunday, September 24, with pre-day training and registration! The Microsoft Ignite event delivers the largest and most comprehensive perspective on the future of Enterprise technology at one conference. Everyone who attends IT pros and Enterprise developersgets inspiration, training, and connections to drive their business forward with Microsoft technology. 26,000+ IT and Enterprise developer customers and prospects come to collaborate and learn how Microsoft technology can help them achieve success.</p> <h2>Top three things to do before you go:</h2> <ol> <li>Download the mobile app <ul> <li>The mobile apps allow you to easily access My Conference, session details, evaluations, attendee networking, maps, event notifications, partners, and more. Download it now for your device: <a href="https://aka.ms/ignite.mobileapp">Window | IOS | Android</a></li> </ul> </li> <li>Set up your attendee profile <ul> <li>Connect with attendees at the events. Setting up your profile helps attendees discover Microsoft experts and get their questions answered. After your edits are complete, your profile will be updated in the apps and in MyIgnite.</li> </ul> </li> <li>Get ready for a great show <ul> <li>Confirm your hotel reservation</li> <li>Familiarize yourself with our event and resources</li> <li>Have fun!</li> </ul> </li> </ol> <h2>Key security sessions to attend at Ignite</h2> <ul> <li><a href="https://myignite.microsoft.com/sessions/56715?source=sessions">Create a modern workplace with Microsoft 365</a> <ul> <li>Kirk Koenigsbauer, Brad Anderson, Catherine Boeger</li> </ul> </li> <li><a href="https://myignite.microsoft.com/sessions/56716?source=sessions">Empower IT and developer productivity with Microsoft Azure</a> <ul> <li>Scott Guthrie</li> </ul> </li> <li><a href="https://myignite.microsoft.com/sessions/56551?source=sessions">Cloud infrastructure: Enabling new possibilities together</a> <ul> <li>Jason Zander</li> </ul> </li> <li><a href="https://myignite.microsoft.com/sessions/56550?source=sessions">Microsoft 365: Step up your protection with intelligent security</a> <ul> <li>Julia White</li> </ul> </li> <li><a href="https://myignite.microsoft.com/sessions/56549?source=sessions">Microsoft 365: Modern management and deployment</a> <ul> <li>Brad Anderson, Rob Lefferts</li> </ul> </li> </ul> <p>But thats not all, we have a huge selection of security related content, 345 sessions to be exact. Sessions have been designed to not only meet your product needs, but also your expertise needs. <a href="https://myignite.microsoft.com/sessions?q=security">Find a complete list of security sessions here</a>.</p> <h2>Who is attending from Microsoft</h2> <p>This year we are rolling out a fantastic new tool simply known as Expert Finder. All Microsoft staff will be tagged with the areas of expertise and can easily be located on the expo floor. Work with staff onsite at the Expo to locate the expert(s) that you need to speak with.</p> <p><a href="https://microsoftignitecontent.hubb.me/expertfinder">The Expert Finder tool can be found here</a>. (note not all attendees will have access)</p> <h2>Where to find Security onsite: In the expo</h2> <p>We have full coverage of security topics in the expo. From getting help desk answers to seeing demos, you are sure to walk away with the information you need.</p> <p>Youll find us in the expo during the following times:</p> <ul> <li>Monday: 12:30 7:30pm <ul> <li>Social hour: 5:30pm 7:30pm</li> </ul> </li> <li>Tuesday: 10:00am 6pm <ul> <li>Social hour: 5:30pm 7:30pm</li> </ul> </li> <li>Wednesday: 10:00am 6:00pm <ul> <li>Social hour: 5:30pm 6:00pm</li> </ul> </li> <li>Thursday: 10:00am 4:00pm</li> </ul> <p>Below you can see where the Security area is located within the Expo, as noted by the red circle.</p> <p><img class="aligncenter wp-image-70036" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/Ignite-Map.jpg" alt="" width="750" height="375" /></p> <h2>Networking opportunities</h2> <p>Ignite it not only about talking with the Microsoft experts, its also a great time to network with your peers. Here is a list of great opportunities for you to network during the event:</p> <ul> <li>Immersion zone <ul> <li>Get “Hands-on”- youll find Labs, workshops, mixed reality experiences, learning experts and more!</li> </ul> </li> <li>Visit the security and privacy <a href="https://techcommunity.microsoft.com/t5/Security-Privacy-Compliance/ct-p/SecurityPrivacyCompliance">Microsoft Tech Community</a> <ul> <li>Learn and see what other attendees are talking about. Then take the opportunity to not only to collaborate virtually, but set up time to network face-to-face while at the event.</li> </ul> </li> <li>Social hours <ul> <li>Wind down the day and enjoy a drink with security related professions, social hours are posted above.</li> </ul> </li> <li>Celebration event <ul> <li>More details to come, but on Thursday we have an amazing celebration event!</li> </ul> </li> </ul> <p>In the week following Ignite, we will summarize our lessons learned, product announcements, and customer feedback received from the event.</p> <p>To learn more about Microsoft security solutions and services, visit <a href="https://www.microsoft.com/secure">https://www.microsoft.com/secure</a>.</p> <p>We hope you have a lot of fun, make amazing connections, and walk away with inspiring insights at this years Ignite conference. Were looking forward to seeing you there!</p> ]]></content:encoded>
</item>
<item>
<title>3 key tenets to help with security management</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/09/13/3-key-tenets-to-help-with-security-management/</link>
<pubDate>Wed, 13 Sep 2017 21:00:28 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=69828</guid>
<description><![CDATA[  This post is authored byBerk Veral, Director, Product Marketing, Enterprise Cybersecurity Group. Across industries, as attack methods have become more sophisticated and complex, organizations have been responding by deploying more security solutions, which in turn has tremendously increased the complexity of security management. Today, organizations must manage distributed resources across many environments, and given <p><a class="read-more" title="3 key tenets to help with security management" aria-label="Read more about 3 key tenets to help with security management" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/09/13/3-key-tenets-to-help-with-security-management/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p> </p> <p><a href="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/WWS16_Library_124.jpg"><img class="aligncenter size-full wp-image-69840" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/WWS16_Library_124.jpg" alt="" width="2000" height="1331" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/WWS16_Library_124.jpg 2000w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/WWS16_Library_124-300x200.jpg 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/WWS16_Library_124-768x511.jpg 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/WWS16_Library_124-1024x681.jpg 1024w" sizes="(max-width: 2000px) 100vw, 2000px" /></a></p> <p><em>This post is authored byBerk Veral, Director, Product Marketing, Enterprise Cybersecurity Group.</em></p> <p>Across industries, as attack methods have become more sophisticated and complex, organizations have been responding by deploying more security solutions, which in turn has tremendously increased the complexity of security management.</p> <p>Today, organizations must manage distributed resources across many environments, and given the constantly evolving threats, this means there are more attack surfaces that need to be protected.</p> <p>In some cases, an organization may end up having multiple point solutions even within a single workload to address specific security concerns. However, managing a growing number of individual security controls becomes a true nightmare. You lose visibility into the security state of that workload, let alone the security of the entire organization.</p> <p>Managing a high number of point solutions and vendors, coupled with the increasing noise caused by diverse datasets with varying levels of fidelity, adds to the complexity of security management. It becomes harder to gain optimal insight into end points and results in even less visibility into the security posture of your entire network.</p> <p>Often, these point solutions dont share any information as they are not integrated, which leads to the most dangerous of your challenges: ineffective responses to threats that grow both in number and sophistication.</p> <p>More solutions to deploy and more vendors to manage, with less insight and ineffective threat response, ultimately manifestsin higher costs of security for CISOs as well.</p> <h2>How can CISOs efficiently manage security?</h2> <p>In todays connected, technology-driven world, where digital transformation is the only way to survive for any organization, an efficient security management practice becomes the cornerstone of any long-term strategy of CISOs, regardless of their industry.</p> <p>Whether your assets are deployed in the cloud, on-premises, oracross a hybrid environment, your organizations security has 4 core components for you to manage and secure:</p> <ul> <li>Identity</li> <li>Devices or end points</li> <li>Apps and data</li> <li>Infrastructure</li> </ul> <p>And across these 4 core components, an effective security management solution should provide <strong>3key tenets – visibility, control, and guidance</strong>:</p> <ul> <li>Full <strong>visibility</strong> that helps you understand the security state and risks across resources</li> <li>Built-in security <strong>controls</strong> to help you define consistent security policies</li> <li>Effective <strong>guidance</strong> to help elevate your security through actionable intelligence and recommendations</li> </ul> <h2>Vendor consolidation & intelligence is key</h2> <p>An effective security management solution is not about a single console. It is about integration where it counts, but with the freedom of specialized tools for different functions.</p> <p>Microsoft helps you consolidate from a plethora of specialized functions and tools to just a few. Our offerings provide functionality to ensure specialized security teams have the flexibility and freedom to manage the unique needs of specific areas such as <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/azure-active-directory?&WT.srch=1&wt.mc_id=AID622874_SEM_HszllOot" rel="noopener">identity</a>, <a target="_blank" href="https://blogs.windows.com/windowsexperience/2017/01/23/introducing-windows-defender-security-center/" rel="noopener">devices</a>, <a target="_blank" href="https://products.office.com/en-us/business/office-365-trust-center-welcome" rel="noopener">apps</a> or <a target="_blank" href="https://azure.microsoft.com/en-us/services/security-center/" rel="noopener">infrastructure</a>. However, the key that makes Microsoft security management consoles much more effective is the <a target="_blank" href="https://www.microsoft.com/en-us/security/intelligence" rel="noopener">vast intelligence</a> that is built into our solutions, which helps your organization maintain a consistent and robust security posture.</p> <p>Microsoft has a unique perspective as we face the same adversaries our customers do, but because of the scale of technology we build and operate, we capture a massive amount of security related-signal:</p> <ul> <li>Nearly 1 billion Windows devices updated worldwide each month, and we operate the largest anti-virus and anti-malware service in the world</li> <li>Over 450 billion authentications processed monthly into our cloud services</li> <li>Over 400 billion emails scanned monthly for spam and malware through Office 365 and Outlook.com</li> <li>More than 18 billion Bing web page scans per month</li> </ul> <p>We build this intelligence into our products and services – harnessing the power of machine learning, processing trillions of pieces of data, from billions of devices, we enable our customers to detect relevant threats faster and prioritize response. Our security management solutions are built to work for you. This shared intelligence is leveraged by management consoles across identity, devices, apps, data, and infrastructure – helping security admins and operation center teams to get important insights optimized for their workloads.</p> <p><strong>The key for a CISOs success in managing security is not about a single console across everything, but consolidation wherever it makes sense. This gives CISOs the best of all capabilities and allows them the flexibility when they need it.</strong></p> <p>With single vendor management, built-in controls that come with Microsoft solutions, and unmatched intelligence, Microsoft becomes your trusted partner in achieving intelligent security management.</p> ]]></content:encoded>
</item>
<item>
<title>New IIS functionality to help identify weak TLS usage</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/</link>
<pubDate>Thu, 07 Sep 2017 17:00:17 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=69789</guid>
<description><![CDATA[This post is authored byAndrew Marshall, Principal Security Program Manager, TwC Security, Yanbing Shi, Software Engineer, Internet Information Services Team, and Sourabh Shirhatti, Program Manager, Internet Information Services Team. As a follow-up to our announcement regarding TLS 1.2 support at Microsoft, we are announcing new functionality in Windows Server 2012R2 and Windows Server 2016 to <p><a class="read-more" title="New IIS functionality to help identify weak TLS usage" aria-label="Read more about New IIS functionality to help identify weak TLS usage" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p><em>This post is authored byAndrew Marshall, Principal Security Program Manager, TwC Security, Yanbing Shi, Software Engineer, Internet Information Services Team, and Sourabh Shirhatti, Program Manager, Internet Information Services Team.</em></p> <p>As a follow-up to our announcement regarding <a href="https://blogs.microsoft.com/microsoftsecure/2017/06/20/tls-1-2-support-at-microsoft/">TLS 1.2 support at Microsoft</a>, we are announcing new functionality in <a href="https://support.microsoft.com/en-us/help/4025335/windows-8-1-windows-server-2012-r2-update-kb4025335">Windows Server 2012R2</a> and <a href="https://support.microsoft.com/en-us/help/4025334/windows-10-update-kb4025334">Windows Server 2016</a> to increase your awareness of clients connecting to your services with weak security protocols or cipher suites.</p> <p>IIS logs can already be used to correlate client IP address, user agent string, and service URI. With the addition of the new custom logging fields detailed below, you will be able to quantify the usage of outdated security protocols and ciphers by clients connecting to your services.</p> <p>To enable this new functionality, these four server variables need to be configured as the sources of the custom fields in IIS applicationHost.config. The custom logging can be configured on either server level or site level. Here is a sample site-level configuration:</p> <pre> <site name="Default Web Site" id="1" serverAutoStart="true"> <application path="/"> <virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot" /> </application> <bindings> <binding protocol="https" bindingInformation="*:443:" /> </bindings> <logFile> <customFields> <clear /> <add logFieldName="crypt-protocol" sourceName="CRYPT_PROTOCOL" sourceType="ServerVariable" /> <add logFieldName="crypt-cipher" sourceName="CRYPT_CIPHER_ALG_ID" sourceType="ServerVariable" /> <add logFieldName="crypt-hash" sourceName="CRYPT_HASH_ALG_ID" sourceType="ServerVariable" /> <add logFieldName="crypt-keyexchange" sourceName="CRYPT_KEYEXCHANGE_ALG_ID" sourceType="ServerVariable" /> </customFields> </logFile> </site></pre> <p>Each SSL info field is a hexadecimal number that maps to either a <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa379819(v=vs.85).aspx">secure protocol version</a> or <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549(v=vs.85).aspx">cipher suite algorithm</a>.<br /> For an HTTP plain-text request, all four fields will be logged as -.</p> <p>A sample log and explanation of the new fields follows:</p> <p><img class="aligncenter wp-image-69798 size-full" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/A-sample-log-and-explanation-of-the-new-fields-follows.png" alt="" width="1116" height="396" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/A-sample-log-and-explanation-of-the-new-fields-follows.png 1116w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/A-sample-log-and-explanation-of-the-new-fields-follows-300x106.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/A-sample-log-and-explanation-of-the-new-fields-follows-768x273.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/A-sample-log-and-explanation-of-the-new-fields-follows-1024x363.png 1024w" sizes="(max-width: 1116px) 100vw, 1116px" /></p> <h5>For more information visit<a href="https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/">Official Microsoft Documentation for Custom Logging Fields in IIS</a>.</h5> ]]></content:encoded>
</item>
<item>
<title>Microsoft’s perspective on cyber resilience</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/08/23/microsoft-perspective-on-cyber-resilience/</link>
<pubDate>Wed, 23 Aug 2017 15:00:04 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Featured]]></category>
<guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=69645</guid>
<description><![CDATA[In the wake of recent ransomware outbreaks, I wanted to understand how impacted firms have evolved their thinking on cyber resilience planning and implementation. I asked the Detection and Response Team at Microsoft, who help our customers proactively and in real time to respond and recover from cyberattacks, to share their experiences.]]></description>
<content:encoded><![CDATA[<p><em>This post is authored by Ann Johnson, Vice President, Enterprise Cybersecurity Group.</em></p> <p>In the wake of recent ransomware outbreaks, I wanted to understand how impacted firms have evolved their thinking on cyber resilience planning and implementation. I asked the Detection and Response Team at Microsoft, who help our customers proactively and in real time to respond and recover from cyberattacks, to share their experiences. Ive included below a few anonymized customer scenarios the team shared with me, which point to the acute need for a cyber resilience plan.</p> <p>What follows is a reference framework of Microsoft capabilities which can help our customers become more agile in the face of modern attacks. In other words, this post is about mapping the road to cyber resilience.</p> <h2>Why cyber resilience matters</h2> <p>Organizations globally are highly dependent on technology to conduct personal and business-related tasks. As of the end of Q1CY2017, there were over <a href="http://www.internetworldstats.com/stats.htm">3.7B Internet users world</a>wide and this population is growing. As Internet adoption is growing, the attack surface is growing. The current cybersecurity threat landscape creates a real risk to people and assets. Therefore, organizations should maintain a balance between allowing access and managing risk. Commonly, enterprise organizations approach cybersecurity by implementing tools and technologies and personnel for protection and incident response. While this is important, the root purpose of implementing cybersecurity tools and technologies is business continuity. Enterprise organizations should also be thinking at a strategic level about the big picture of how to fortify their critical systems, IT infrastructure, and data centers to stay resilient in the face of human errors and cyberthreats that cause downtime. This is where a cyber resilience strategy comes into play. Organizations need to build a cyber resilience strategy and execute a cyber resilience program specifically tailored to their business needs to ensure business continuity in the event of a security incident.</p> <p>According to Accentures <a href="https://www.accenture.com/us-en/insight-cybersecurity-digital-trust-2016">State of Cybersecurity and Digital Trust</a>, while 75% of all survey takers say they have high cybersecurity confidence levels, only 37% claim they have confidence in their organizations ability to monitor for breaches and 36% claim confidence in their ability to minimize disruptions. According to Gartner, the <a href="http://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/">average cost of downtime is USD $5,600 per minute</a>over USD $300,000 per hour. Human error is the most common contributor to downtime. Some studies conclude that <a href="http://www.computerweekly.com/news/2240179651/Human-error-most-likely-cause-of-datacentre-downtime-finds-study">human error accounts for 75% of downtime</a>.</p> <p>With organizations more reliant on IT than ever before, it is important to acknowledge business continuity and disaster response (BCDR) as a vital component to the entire organization, instead of as an issue that has implications for IT teams only. Every enterprise organization needs to be prepared to handle outages caused by unforeseen events. Downtime of critical applications and services could lead to a stop in productivity and operations, lost revenues, and lower customer confidence in the organization. A strong cyber resilience plan effectively executed can help organizations computer systems, IT infrastructure and data centers withstand impact from cyberthreats and human error.</p> <h2>Cyber resilience scenarios</h2> <p>There are many news stories about organizations who have suffered from cyberattacks and/or data breaches. Developing a strategy and taking actions in support of cyber resilience may help reduce the extent and cost of recovery from damage due to such incidents.</p> <p><strong>Example #1 Ransomware infecting multiple organizations globally:</strong></p> <p>Recent ransomware attacks in the first half of 2017 have highlighted the need to be able to access critical IP, systems, and infrastructure even when its locked down by ransomware. WannaCry ransomware impacted multiple industries and companies worldwide, including automobile manufacturing plants that had to halt production for some time. Regardless of the motivation of the attack, clearly it resulted in unplanned downtime and recovery costs to impacted companies.</p> <p>A key takeaway is ransomware can impact any type of organization. Keeping computer systems patched and up-to-date, backing up data regularly, having fully tested disaster recovery plans in place, and providing education on cyberthreats (e.g. phishing and ransomware) to direct employees and contractors can help to at least reduce the extent of damage from such an incident.</p> <p><strong>Example #2 Data breaches continue to impact US healthcare industry:</strong></p> <p>Cyberattacks continue to measurably impact the healthcare industry since cybercriminals who successfully gain access to medical data could use it for conducting fraud or identity theft for lucrative purposes. Also, the personal data often includes information on a patients medical history, which may be used in targeted spear-phishing attacks. As of August 9, 2017, the US Department of Health and Human Services’ HIPAA Breach Reporting Tool website – often called the “<a href="https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf">wall of shame</a>” – showed a total of 2,018 breaches since 2009. The number of individuals affected by health data breaches also has surged in recent years, <a href="http://www.healthcareinfosecurity.com/health-breach-tally-tops-1000-incidents-a-6891">from 31.5 million as of May 30, 2014, to about 175 million as of August 9, 2017</a>.</p> <p>There are three key takeaways from these trends and statistics. The first is that healthcare personnel and patients need to be alert to and inform their IT organization of suspicious communications (fraud/phishing emails) and identity theft incidents as much as possible. Another takeaway is that personal health and identification information should not be exposed without an express requirement to share (e.g. for a patient to offer proof of identity for a medical examination or procedure). Further, the use of data classification and information protection solutions can help reduce the impact of exposure by protecting sensitive information across its lifecycle.</p> <p><strong>Example #3 Human error led to client information exposure for financial services firm:</strong></p> <p>Financial services and banking industries, despite putting in place relatively tighter monitoring and controls over their infrastructure and data than other industries, continue to be impacted by data breaches. In early 2017, a financial services firm inadvertently left exposed to the public a database containing sensitive information on thousands of its clients. The company claimed that the incident was due to human error by a 3rd party vendor.</p> <p>A key takeaway is that it is important for organizations to hold accountable all contractors with access to the organizations network and data. For instance, this was a major issue that came to light even with the outbreak of the Petya ransomware, in that 3rd party contractors failed to follow organizational cybersecurity policies, which was a root cause of the crisis.</p> <h2>Considerations for a cyber resilience program</h2> <p>To enhance the ability for computer systems, IT infrastructure, and data centers to withstand damages from human error, cyberthreats, and cyberattacks, we suggest enterprise organizations consider a cyber resilience program that leverages the combination of people, processes, and cloud services.</p> <p><strong>People:</strong></p> <p>Every person with corporate network access, including full-time employees, consultants, and contractors, should be regularly trained to develop a cyber resilient mindset. This includes not only adhering to IT security policies around identity-based access control, but also alerting IT to suspicious events and infections as soon as possible to help minimize time to remediation.</p> <p><strong>Processes:</strong></p> <p>Organizations should consider implementing several processes for an effective cyber resilient posture. Some of these can be implemented as IT security policies. Suggested processes include the ones listed in the table below.</p> <p><strong>Cloud services:</strong></p> <p>To maintain cyber resilience, the suggested processes should be performed on a regular basis based upon the threshold of the business to handle risk and its ability to operationally execute the processes through a combination of human efforts and technology products and services.</p> <p>Fortunately, cloud service based architectures can be used to rapidly reconstitute on-premises infrastructure or fail over to a mirrored infrastructure. A key consideration when adopting cloud services is to look at how the provider conducts their assessments and look for 3rd party audits and certifications as examples of how they are performing.</p> <p>Cloud services such as Microsoft Azure and Office 365 can serve at least as a first step towards helping customers with their cyber resilience needs.</p> <table style="height: 5995px" width="1006"> <tbody> <tr> <td width="111"> <p style="text-align: center"><strong>Process</strong></p> </td> <td style="text-align: center" width="233"><strong>Description</strong></td> <td width="280"> <p style="text-align: center"><strong>Microsoft Services</strong></p> </td> </tr> <tr> <td width="111">Early warning and alerting system</td> <td width="233">Organizations should receive early warning and alerts on suspicious or investigation-worthy electronic information.</td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px"><a href="https://docs.microsoft.com/en-us/azure/security-center/security-center-intro">Azure Security Center</a> automatically collects, analyzes, and integrates log data from your Azure resources, which can be used for eDiscovery.</p> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px"><a href="https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bfce?ui=en-US&rs=en-US&ad=US">eDiscovery in Office 365</a> can be used to search for content in Exchange Online mailboxes, Office 365 Groups, Microsoft Teams, SharePoint Online and sites, and Skype for Business conversations.</p> </td> </tr> <tr> <td width="111">Incorporate cyber incidents into disaster recovery and business continuity planning</td> <td width="233">Incorporate cyber incidents into your existing disaster recovery and business continuity planning, and characterize or assign a higher likelihood to these incidents than to traditional acts of nature.</p> <p> </td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px">If you are looking to implement disaster recovery for all your major IT systemswithout the expense of secondary infrastructure, Microsoft offers a <a href="https://azure.microsoft.com/en-us/solutions/architecture/">variety of architectures</a> available to help organizations design and implement secure, highly-available, performant, and resilient solutions on Azure.</p> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px">Office 365 offerings are delivered by highly resilient systems that help to ensure high levels of service. <a href="https://technet.microsoft.com/en-us/library/office-365-service-continuity.aspx">Service continuity</a> provisions are part of the Office 365 system design. These provisions enable Office 365 to recover quickly from unexpected events such as hardware or application failure, data corruption, or other incidents that affect users. These service continuity solutions also apply during catastrophic outages (for example, natural disasters or an incident within a Microsoft data center that renders the entire data center inoperable).</p> </td> </tr> <tr> <td width="111">Platform hardening</td> <td width="233">Lock down platform against hacking attempts.</td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px">From a platform hardening perspective, Microsoft performs our own internal assessments through penetration testing and <a href="https://azure.microsoft.com/en-us/blog/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud/">red teams</a>. Microsoft uses Red Teaming to simulate real-world breaches, conduct continuous security monitoring, and practice security incident response to validate and improve the security of Microsoft Azure and Office 365. We strive to provide a robust cloud platform that customers can depend on for accessing critical applications and data in a secure manner.</p> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px"><a href="https://www.microsoft.com/en-us/trustcenter/cloudservices/office365">Office 365</a> is a security-hardened service, designed following the <a href="https://www.microsoft.com/sdl">Microsoft Security Development Lifecycle</a>. We bring together best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.</p> </td> </tr> <tr> <td width="111">Protect against email cyberthreats</td> <td width="233">Implement security policies for detecting and protecting users from opening email based web links and attachments that are suspicious or malicious (e.g. phishing).</td> <td width="280"> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px"><a href="https://products.office.com/en-us/exchange/online-email-threat-protection">Office 365 Advanced Threat Protection</a> helps protect mailboxes against new, sophisticated attacks in real time. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.</p> </td> </tr> <tr> <td width="111">Control access</td> <td width="233">Limit access to data and applications, to reduce risk.</td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px"><a href="https://azure.microsoft.com/en-us/services/multi-factor-authentication/">Azure Multi-Factor Authentication</a> helps safeguard access to data and applications, and helps to meet customer demand for a simple sign-in process. Get strong authentication with a range of easy verification optionsphone call, text message, or mobile app notificationand allow customers to choose the method they prefer.</p> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px"><a href="https://blogs.office.com/en-us/2014/02/10/multi-factor-authentication-for-office-365/">Multi-Factor Authentication for Office 365</a> helps secure access to Office 365. It increases the security of user logins for cloud services above and beyond just a password. Users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.</p> </td> </tr> <tr> <td width="111">Detect and defend against rogue systems</td> <td width="233">Apply conditional access-based security defenses to systems that have gone rogue</td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px">Conditional access in Azure Active Directory enables you to enforce controls on the access to apps in your environment based on specific conditions. With controls, you can either tie additional requirements to the access or you can block it. The implementation of conditional access is based on policies. A policy-based approach simplifies your configuration experience because it follows the way you think about your access requirements.</p> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px"><a href="https://technet.microsoft.com/en-us/library/mt750346.aspx">Device Health Attestation</a> (DHA) for Office 365 enables enterprises to raise the security bar of their organization to hardware monitored and attested security, with minimal or no impact on operation cost. You can use DHA to assess device health for:</p> <ul> <li>Windows 10 and Windows 10 Mobile devices that support TPM 1.2 or 2.0.</li> <li>On-premises devices that are managed by using Active Directory with Internet access, devices that are managed by using Active Directory without Internet access, devices managed by Azure Active Directory, or a hybrid deployment using both Active Directory and Azure Active Directory.</li> </ul> </td> </tr> <tr> <td width="111">Vulnerability assessment</td> <td width="233">Learn about vulnerabilities in order of severity to be able to focus mitigation efforts on those presenting the most risk to the organization</td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px">The vulnerability assessment in <a href="https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations">Azure Security Center</a> is part of the Security Center virtual machine (VM) recommendations. If Security Center doesn’t find a vulnerability assessment solution installed on your VM, it recommends that you install one.</p> </td> </tr> <tr> <td width="111">Software updates and patching</td> <td width="233">Continuously patch vendor software as new updates become available to help reduce probability of attack or at least mitigate damage incurred.</p> <p> </td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px">Hosting applications in Microsoft Azure not only alleviates management of systems for companies. It also helps with system updates and keeping servers up to date. As new security vulnerabilities are identified, Microsoft will automatically apply updates to Microsoft Azure roles (if configured to do so). Admins can choose to have Microsoft keep their roles (instances) up to date and apply these updates when they are available, thereby eliminating a tremendous administrative effort for the company.</p> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px">Microsoft Office 365 ProPlus software can receive <a href="https://support.office.com/en-us/article/Choose-how-to-manage-updates-to-Office-365-ProPlus-e486afce-ad31-4889-87a4-28796751bb86">updates</a> automatically from the Internet or from an on-premises location (based on organizations preference).</p> </td> </tr> <tr> <td width="111">Identification-based access control</td> <td width="233">Protect access to applications and resources end-to-end: across the corporate datacenter and into the cloud.</p> <p> </td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px"><a href="https://www.microsoft.com/en-us/cloud-platform/identity-management">Microsoft identity and management solutions</a> enable you to centrally manage identities across your datacenter and the cloud:</p> <ul> <li><a href="https://www.microsoft.com/en-us/cloud-platform/azure-active-directory">Azure Active Directory cloud identity and access management solutions</a> – get single sign-on to thousands of cloud apps and access to web apps that you run on-premises with Azure Active Directory Premium. Built for ease of use, Azure Active Directory management tools enable collaboration and deliver holistic identity protection and adaptive access control.</li> <li><a href="http://azure.microsoft.com/services/active-directory-b2c/">Azure Active Directory B2C</a> – cloud identity service allows you to connect to any customer. Governments and enterprises worldwide are using this service to serve their applications to their citizens and customers with fully customizable experiences, while protecting their identities at the same time.</li> </ul> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px">Office 365 uses <a href="https://support.office.com/en-us/article/Understanding-Office-365-identity-and-Azure-Active-Directory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9">Azure Active Directory</a> cloud based user authentication service to manage users. You can choose from three main identity models in Office 365 when you set up and manage user accounts:</p> <ul> <li>Cloud identity. Manage your user accounts in Office 365 only. No on-premises servers are required to manage users; it’s all done in the cloud.</li> <li>Synchronized identity. Synchronize on-premises directory objects with Office 365 and manage your users on-premises. You can also synchronize passwords so that the users have the same password on-premises and in the cloud, but they will have to sign in again to use Office 365.</li> <li>Federated identity. Synchronize on-premises directory objects with Office 365 and manage your users on-premises. The users have the same password on-premises and in the cloud, and they do not have to sign in again to use Office 365. This is often referred to as single sign-on.</li> </ul> </td> </tr> <tr> <td width="111">Regular data backups</td> <td width="233">Back up data in case your organization is impacted by ransomware or other cyberthreats.</td> <td width="280"> <p style="padding-left: 30px"><strong>Azure:</strong></p> <p style="padding-left: 30px"><a href="https://docs.microsoft.com/en-us/azure/backup/backup-azure-security-feature">Azure Backup</a> enables protection for hybrid backups via prevention, alerting, and recovery features.</p> <p style="padding-left: 30px"><strong>Office 365:</strong></p> <p style="padding-left: 30px"><a href="https://support.office.com/en-us/article/What-is-OneDrive-for-Business-187f90af-056f-47c0-9656-cc0ddca7fdc2?ui=en-US&rs=en-US&ad=US">OneDrive for Business</a> is an integral part of Office 365, and provides place in the cloud where you can store, share, and sync work files. It also allows for incremental restoration of files.</p> </td> </tr> <tr> <td width="111">Protection of administrative credentials</td> <td width="233">Secure administrative credentials from compromise and misuse.</td> <td width="280"> <ul> <li>Microsoft Cloud Services, including <a href="https://www.microsoft.com/en-us/trustcenter/cloudservices/azure">Azure</a> and <a href="https://www.microsoft.com/en-us/trustcenter/cloudservices/office365">Office 365</a>, are built on a foundation of <a href="https://www.microsoft.com/en-us/trustcenter">trust</a> and security. The following and many other principles apply to our cloud services:</li> <li>Microsoft provides you security controls and capabilities to help you protect your data and applications.</li> <li>You own your data and identities and the responsibility for protecting them, the security of your on-premises resources, and the security of cloud components you control.</li> </ul> </td> </tr> </tbody> </table> <h2>How Microsoft partners with the ecosystem</h2> <p>Cyber resiliency is not a problem we can address alone. Our commitment is to make sure our products work with technology our customers already use. Microsoft is fostering a vibrant ecosystem of partners who help us raise the bar across the industry. Through our technology partner network, we can offer proactive vulnerability tools as well as more feature rich solutions like application firewall and threat detection to customers. We also collaborate extensively with customers and industry standards bodies to help us meet specific customer cyber resiliency needs and industry regulations. Microsoft has been working with the Center for Internet Security (CIS) to demonstrate that our operating systems and most recently, our cloud platform, Azure, have been hardened against cyberthreats. We are working towards getting Azure to pass the CIS Benchmark requirements. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia. Also, Microsoft is actively working to align our offerings with the SANS Critical Security Controls set of recommendations, which organizations use to prepare for the most important actual threats that exist in todays Internet world.</p> <h2>Summary</h2> <p>Developing and executing a cyber resilience program is not trivial it is a journey, not a destination. It requires organizational focus, commitment, and effort. For additional, detailed guidance on this topic, stay tuned for a white paper to be published later this year.</p> <hr /> <p> </p> ]]></content:encoded>
</item>
<item>
<title>Microsoft Security Intelligence Report Volume 22 is now available</title>
<link>https://cloudblogs.microsoft.com/microsoftsecure/2017/08/17/microsoft-security-intelligence-report-volume-22-is-now-available/</link>
<pubDate>Thu, 17 Aug 2017 12:30:40 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Featured]]></category>
<guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=69579</guid>
<description><![CDATA[The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir.]]></description>
<content:encoded><![CDATA[<p>The latest volume of the Microsoft Security Intelligence Report is now available for free download at <a href="http://www.microsoft.com/sir">www.microsoft.com/sir</a>.</p> <p>This new volume of the report includes threat data from the first quarter of 2017. The report also provides specific threat data for over 100 countries/regions. As mentioned in a recent <a href="https://blogs.microsoft.com/microsoftsecure/2017/08/02/5-reasons-why-microsoft-should-be-your-cybersecurity-ally/">blog</a>, using the tremendous breadth and depth of signal and intelligence from our various cloud and on-premises solutions deployed globally, we investigate threats and vulnerabilities and regularly publish this report to educate enterprise organizations on the current state of threats and recommended best practices and solutions.</p> <p>In this 22nd volume, weve made two significant changes:</p> <ul> <li>We have organized the data sets into two categories, cloud and endpoint. Today, most enterprises now have hybrid environments and its important to provide more holistic visibility.</li> <li>We are sharing data from a shorter time period, one quarter (January 2017 March 2017), instead of the typical six months, as we shift our focus to delivering improved and more frequent updates in the future.</li> </ul> <p>The threat landscape is constantly changing. Going forward, we plan to improve how we share the insights, and plan to share data on a more frequent basis – so that you can have more timely visibility into the latest threat insights. We are committed to continuing our investment in researching and sharing the latest security intelligence with you, as we have for over a decade. This shift in our approach is rooted in a principle that guides Microsoft technology investments: to leverage vast data and unique intelligence to help our customers respond to threats faster.</p> <p><strong>Here are 3 key findings from the report:</strong></p> <p><strong>As organizations migrate more and more to the cloud, the frequency and sophistication of attacks on consumer and enterprise accounts in the cloud is growing.</strong></p> <ul> <li>There was a 300 percent increase in Microsoft cloud-based user accounts attacked year-over-year (Q1-2016 to Q1-2017).</li> <li>The number of account sign-ins attempted from malicious IP addresses has increased by 44 percent year over year in Q1-2017.</li> </ul> <p><strong>Cloud services such as Microsoft Azure are perennial targets for attackers seeking to compromise and weaponize virtual machines and other services, and these attacks are taking place across the globe.</strong></p> <ul> <li>Over two-thirds of incoming attacks on Azure services in Q1-2017 came from IP addresses in China and the United States, at 35.1 percent and 32.5 percent, respectively. Korea was third at 3.1 percent, followed by 116 other countries and regions.</li> </ul> <p><strong>Ransomware is affecting different parts of the world to varying degrees.</strong></p> <ul> <li>Ransomware encounter rates are the lowest in Japan (0.012 percent in March 2017), China (0.014 percent), and the United States (0.02 percent).</li> <li>Ransomware encounter rates are the highest in Europe vs. the rest of the world in Q1-2017. <ul> <li>Multiple European countries, including the Czech Republic (0.17 percent), Italy (0.14 percent), Hungary (0.14 percent), Spain (0.14 percent), Romania (0.13 percent), Croatia (0.13 percent), and Greece (0.12 percent) had much higher ransomware encounter rates than the worldwide average in March 2017.</li> </ul> </li> </ul> <p>Download Volume 22 of the Microsoft Security Intelligence Report today to access additional insights: <a href="http://www.microsoft.com/sir">www.microsoft.com/sir</a>.</p> ]]></content:encoded>
</item>
</channel>
</rss>


