Author Archives: Lauren Goodwin

IoT security: how Microsoft protects Azure Datacenters

Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices. Security is the foundation for durable innovation and business resilience. Every industry investing in IoT must consider the vulnerabilities of the cyberthreat landscape. For our customers, Azure Sphere has helped unlock opportunities for new insights and to deliver magical new experiences simply by providing a secured foundation for IoT.

Our customers are leading innovations across industries, and they are our strongest resource when it comes to security needs. One of the most significant blockers for customers is the risk assumed by connecting business-critical devices and equipment to the internet. Datacenters are a notable example. When you look at the datacenter’s essential infrastructure, the most critical functions of maintaining the environment have been intentionally kept offline to protect and preserve them. While the servers and network of a datacenter function as this powerful hub of innovation that drives global computing, the mechanical, and electrical systems that they depend on are, out of necessity, air gapped.

Mike Czamara, a General Manager at Microsoft, leads a team dedicated to the critical environment and availability of Azure Datacenters worldwide. “We approach datacenters with a necessarily conservative methodology. There’s the shell and there’s the critical space,” he says. Mike describes the shell as the building, the walls, the roof, the electrical system, the mechanical systems; everything that functions around the critical spaces or in service of them. The core is the servers and all the networking. The shell’s multiple systems operate simultaneously, but not always symbiotically since they are not digitally connected. Connecting critical equipment is a substantial risk for a datacenter focused on reducing, if not eliminating downtime.

However, disruptions happen. Outages happen. Mike’s team was finding that there were sometimes problems across building automation systems or power monitoring systems running code written by a third party. These issues sometimes lead to breakdowns. But, because the code at the heart of the issue was controlled by a third party, as Mike puts it, “Part of our destiny, and that of our customers, was out of our control.” Having greater control over the datacenter environment promised better outcomes for customers. The need for more control over the datacenter environment was nested in a larger challenge: the datacenter ecosystem itself.

Taking the first step

We’re at the very beginning. We’re just walking up to the starting line. IoT was the first step,” says Mike. Really, the first step was an email. Adolfo Ferreira, a Senior Principal Technical Program Manager on Mike’s team, learned about Azure Sphere from the public announcement in April 2018. Adolfo immediately emailed Galen Hunt, the Managing Director of Azure Sphere. “I wrote him, begging him to give me a development kit. I told him what I wanted to do with it, and he took a kit away from one of his developers to give to me.” As Mike puts it, “From that point, it was game on.

Azure Sphere really triggered this big opportunity for us,” says Adolfo. At the time he discovered Azure Sphere, Adolfo and his team were looking to develop secured data acquisition from the mechanical and electrical systems, which have always been “read-only” systems. Azure Sphere gave them a way to securely connect these systems. The end-to-end solution includes secured hardware, the custom-built Azure Sphere OS, the cloud-based Azure Sphere Security Service, and ongoing servicing by Microsoft security experts for more than ten years. “I understood what Azure Sphere was trying to do, I knew the security was the highest level in the industry. I knew nothing could come close to the level of security Azure Sphere could offer,” says Adolfo.

For every Azure datacenter, security is the greatest priority, and the security requirements are spectacularly stringent. “Our data centers are not just running Microsoft’s businesses, but other tens of thousands of other company’s businesses within them. The Azure Sphere guardian module has layers and layers of security. The guardian module had no problem meeting our bar,” says Mike.

With Azure Sphere, the team started connecting mechanical and electrical systems—air handling units, power distribution units—to collect telemetry from the devices. In parallel, they started collecting data from servers and network devices. By using guardian modules powered by Azure Sphere, the team was able to confidently connect their most critical equipment when before the risk had been too great.

The team is exploring multiple scenarios that Azure Sphere has made possible. Maintenance, for example, is probably the most substantial commitment required of a datacenter. The standard approach is to have a regular, planned maintenance schedule to prevent problems. Sometimes it’s necessary, but often it’s just scheduled and so it just happens even when there’s no apparent need. Mike estimates that by staying on top of this sort of “blind maintenance” routine, only about 15 percent of maintenance will be reactive, meaning in response to an immediate need.

Informed by telemetry from connected systems, maintenance can become incisive, truly predictive, and can reduce reactive maintenance to as little as five percent. This can make a dramatic difference for organizations that forecast a budget one to five years out. Says Mike, “We are not spending money in hopes of preventing an outage. Our spend can become more targeted.”

Unlocking insights

Mike envisions a future of diagnostics in the datacenter. He sees a cache of information in every piece of equipment, “When we unlock that, it’s data that can create a wealth of knowledge. When I can see that a specific component in a certain generator is acting funny, and I can see how it affects performance health, I can make a more informed choice of what to do.” But he is thinking bigger than just generators or even just one datacenter. The knowledge gained from a single issue or incident in one datacenter can inform and improve performance for all the other datacenters located around the world.

But Mike is still thinking bigger than that—bigger than Microsoft. Having access to diverse sets of data, from partners and, maybe one day, from other organizations running equipment securely connected with Azure Sphere, can drive more informed decisions, and improve safety.

Smarter and safer

Mike’s team has been pioneering new safety measures enabled by Azure Sphere. Anytime a person must go into a datacenter to work on a piece of equipment, it is a point of risk. “There’s a problem of human error when a person goes into the wrong panel. They might turn off the wrong panel, which disrupts our customers.” In addition to the risk of uptime, there is also a serious risk to personal safety. Datacenters use a ton of power. A single datacenter uses between thirty-two and forty megawatts of power, roughly equivalent to six thousand homes. Panels have power sensors that will trip a warning siren when necessary, but a person’s instinctive reaction is to immediately shut the panel to turn off the alarm, potentially leaving problems unresolved. The team had to think about the problem, safety risk, and human behavior.

The team paired a klaxon siren with an Andon light and using a board built with Azure Sphere connected to the power sensor and datacenter control system. This setup made it possible to send the step-by-step of a work order, called a digital method of procedure (DMOP), directly to the panel requiring work. When a DMOP is released, the Andon light for the specific panel will change color to identify it as the panel requiring work. As the person goes through the DMOP for the work order, step by step, the light will reflect their progress. If the person misses a step, the light will signal the mistake and the klaxon will sound. Says Mike, “It’s exactly like bowling with bumpers.

The team went a step further and integrated their electrical power monitoring system and their incident monitoring system. If a person working in the datacenter opens the wrong panel, a security alert is automatically sent, and a ticket is cut to a manager. “We immediately know when something has gone off-script if someone has put themselves or the datacenter in jeopardy. We can stop all work and figure out what’s going on,” says Mike.

Azure Sphere made it possible to securely coordinate multiple systems to create a new safety process. The connected panels do more than just help ensure correct and safe execution of processes, they also capture data when things go wrong so that the team can learn from incidents and resolve problems. “We’re creating systems that will keep us within the lines of safety and security and that help us adjust and refine those lines,” says Mike.

Impressive too is that Adolfo’s team developed the first of these safer electrical panels in only two months. “The Azure Sphere SDK made it possible for us to move fast and develop a complete solution from scratch, that was fully integrated with Azure Cloud Services,” he says. “With Azure Sphere, we can quickly turn any idea into a proof of concept.”

Strategic advantages

Adolfo’s team is focused on developing systems to increase reliability, security, and safety, and to optimize the building and systems that make up the “shell” of the datacenters. The total Azure Sphere offering, particularly the ongoing servicing by Microsoft security experts for more than ten years, has amplified the team’s ability to deliver business value. The cloud-based Azure Sphere Security Service automatically delivers OS and security updates to every device, so Adolfo and his team never have to worry about patching. “That’s all taken care of by Azure Sphere,” he says. And when the team needs to push new firmware to devices, Adolfo says it’s incredibly straightforward to do that at scale. Plus, Azure Sphere attestation guarantees the right firmware version is running on all their devices. “The services and support that Azure Sphere just provides have taken away the burden on my team,” he says.

Handling all that work at scale, especially security, would have required building out a dedicated team. “Having a whole team just for upkeep doesn’t actually add business value. Instead, we can spend our time on how to implement technology to improve availability, to reduce costs, to increase visibility into operations—that’s really how we add value. It’s a huge advantage. We have the opportunity to set the new standard in the datacenter industry, using Azure Sphere,” says Adolfo.

The business case for creativity

Mike sees the true value of Azure Sphere in how it enables innovation on a much larger scale of influence: “This tiny little thing is enabling us to evolve—not iterate anymore—evolve our space, our industry. It’s going to make our datacenters much more predictable, more usable, so that our customers reap the benefits and rewards of everything we’re doing.”

Mike started out by giving one engineer, Adolfo, total freedom to innovate with that first Azure Sphere development kit. Now Adolfo leads a team of ten whose only job is to create, to invent, to explore. “Because we were seeing such gains with one, two, then three people driving innovation, I was able to make a legitimate business case to bring on more people,” says Mike.

One of the reasons why Mike can confidently turn his team loose, without rails (“you can’t really have rails if you want to innovate,” he says), is because Azure Sphere offers a secured platform. The team’s grounding principles are safety, security, uptime, and cost. It must be safe. It must be secure. It cannot impact the customer. And it has to be affordable. Says Mike, “Azure Sphere delivers it all. It gives us this great foundation to work through wild ideas and opportunities.

Get started with Azure Sphere today to build and test innovative, secured solutions for your organization, even while you’re working remotely.

The post IoT security: how Microsoft protects Azure Datacenters appeared first on Microsoft Security.

Modernize secure access for your on-premises resources with Zero Trust

Change came quickly in 2020. More likely than not, a big chunk of your workforce has been forced into remote access. And with remote work came an explosion of bring-your-own-device (BYOD) scenarios, requiring your organization to extend the bounds of your network to include the entire internet (and the added security risks that come with it).

At this year’s Microsoft Ignite, we demonstrated how to bring your legacy on-premises resources into a Zero Trust security model that provides seamless access to all—SaaS, IaaS, PaaS, and on-premises—with a global presence and no extra steps to remember. You’re invited to watch our full presentation and review the highlights below.

The new decentralized workplace

Organizations that steadfastly relied on the “flat network” approach of firewalls and VPNs to regulate access now find themselves lacking the visibility, solution integration, and agility needed to deliver end-to-end security. A new model needed to adapt to a remote workforce, protecting people, devices, applications, and data—from anywhere.

Legacy access model

Figure 1: Legacy access model

In a Zero Trust security model, every access request is strongly inspected for anomalies before granting access. Everything from the user’s identity to the application’s hosting environment is authenticated and authorized using micro-segmentation and least privileged-access principles to minimize lateral movement.

Zero Trust means adhering to three cohesive principles:

  • Verify explicitly: Always authenticate and authorize based on all available data points, including—user identity, location, device health, service or workload, data classification, and anomalies.
  • Use least privileged access: Limit user access with just-in-time (JIT) and just-enough-access (JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.
  • Assume breach: Minimize the blast radius and prevent lateral movement by segmenting access by network, user, devices, and app awareness. Verify all sessions are encrypted and use analytics to gain visibility, drive threat detection, and improve defenses.

Microsoft Zero Trust model

Figure 2: Microsoft Zero Trust model

In the diagram above, you can see how access is unified across users, devices, and networks; all the various conditions that feed into the risk of a session. Acting as a gateway, the access policy is unified across your resources—SaaS, IaaS, PaaS, on-premises, or in the cloud. This is true whether it’s Azure, Amazon Web services (AWS), Google Cloud Platform (GCP) or some other cloud. In the event of a breach, rich intelligence, and analytics help us identify what happened and how to prevent it from happening again.

Cybersecurity for our time

The right security solution for our new perimeterless workplace employs the principles of Zero Trust, allowing users access only to the specific applications they need rather than the entire network. Because Zero Trust access is tied to the user’s identity, it allows IT departments to quickly onboard new and remote users, often on non-corporate devices, scoping permissions appropriately.

A cybersecurity model for today’s digital estate should include:

For the end-user:

  • Access to all resources: SaaS, IaaS, PaaS, on-premises.
  • Seamless experience: No extra steps or unique URLs to remember.
  • Great performance: Proxy services should have a global presence and use geo-location.

For the security/IT admin:

  • Segmentation by app, not network.
  • Adaptive access based on the principles of Zero Trust.
  • Reduce infrastructure complexity and maintenance.

Connect apps to an identity based, secure access solution

With Microsoft Azure Active Directory (Azure AD), it’s easy to connect all your applications through a single identity-based control plane. When it comes to cloud apps, Azure AD supports standard authentication modes such as Security Assertion Markup Language (SAML) and OpenID Connect (OIDC). To accommodate new apps your organization may be developing, Azure AD also provides tools and software development kits (SDK) to help you integrate these as well.

Figure 3: Microsoft Azure Active Directory

When it comes to classic or on-premises applications, Azure AD Application Proxy enables your security team to easily apply the same policies and security controls used for cloud apps to your on-premises apps. All that’s needed is to install a lightweight agent called a connector onto your Windows server, allowing a connection point to your on-premises network. In this way, one connector group can be configured to serve multiple back-end applications, giving you the freedom to architect a truly micro-segmented solution.

Azure Active Directory Application Proxy

Figure 4: Azure Active Directory Application Proxy

Azure AD Application Proxy Connectors use outbound connections as well; meaning, no additional inbound firewall rules need to be opened. Also, it doesn’t require placement in a demilitarized zone (DMZ), as was the case with the legacy Purdue Model. Your apps won’t need to change, and Azure AD Application Proxy also supports multiple authentication modes; so your users can still get a single sign-on (SSO) experience. Users can then access the app from an external URL using any device—no VPN required.

Azure AD pre-authenticates every request, ensuring that only verified traffic ever gets to your app; thus giving you another layer of protection. In addition, any conditional access policies you’ve set up can be enforced at that point.

Protecting you in real-time

Microsoft Cloud App Security integrates natively with Azure AD conditional access to extend real-time security into the session for both your cloud and on-premises applications. This native Microsoft solution stack ensures that your on-premises applications will still boot up quickly and look the same. The difference is you’re now able to control granular actions, such as uploads, downloads, and cut, copy, and paste, based on the sensitivity of the data. For example, users accessing an on-premises instance of Team Foundation Server (TFS) through the App Proxy can use Cloud App Security to enable developers to make code changes but block their ability to download files onto an unmanaged device. Many other scenarios are supported like, blocking malware in file upload attempts to ensure that your on-premises infrastructure remains secure.

Malware detection screen

Figure 5: Malware detection screen

See what else Azure AD and Microsoft Cloud App Security can do

At Microsoft, we believe that tight integration between identity and security is pivotal to your Zero Trust strategy, and we are constantly innovating in this area. To see some of the existing capabilities described in this blog come to life, watch the archived presentation for demonstrations of the powerful capabilities that Microsoft identity and security tools enable for your on-premises applications. Learn how you can easily set controls to allow or block access, require a password reset, block legacy authorization, require multifactor authentication, control sessions in real-time, and more.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Modernize secure access for your on-premises resources with Zero Trust appeared first on Microsoft Security.

Key layers for developing a smarter SOC with CyberProof-managed Microsoft Azure security services

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA here 

Security teams are struggling to reduce the time to detect and respond to threats due to the complexity and volume of alerts being generated from multiple security technologies.

With more workloads being migrated to the cloud, this brings an additional perimeter, which requires constant vigilance for early signs of a cyber-attack. New security challenges also emerge due to its elastic nature and the constant provisioning of new services.

How CyberProof is working with Microsoft to solve these challenges

CyberProof partnered with Microsoft to provide customers with cloud-scalable security monitoring, detection, and response services across the endpoint, network, identities, SaaS applications, and Azure cloud infrastructure.

With the CyberProof Defense Center (CDC) service delivery platform pre-integrated with Microsoft’s cloud-native SIEM, Azure Sentinel, CyberProof’s built-in virtual analyst, SeeMo, automates up to 80 percent of tier one and two activities such as monitoring, enrichment, incident handling, and remediation. This frees up your team to focus on the most critical business issues.

Key Layers to Building a Smarter SOC

We recommend that security operations center teams implement the following three key layers of a smarter system on a chip (SOC) architecture when looking to generate continuous value from your Azure security stack with managed security services.

Each layer includes the integrations between Microsoft and CyberProof that help facilitate this architecture. For more information, check out our on-demand webinar—which we ran in collaboration with Microsoft’s Chief Security Advisor EMEA, Cyril Voisin.

1. Data collection and integration layer—enrichment of security data from multiple sources

This is particularly useful for enterprise-grade SOCs that collect and parse relevant data from multiple business units before going into a data lake. Organizing and classifying all of this data will save time and money when you start introducing integration and automation technologies, as the information will already be structured in an optimum way. Here’s how log collection, normalization, and analysis work:

  1. Integration: An organization identifies the assets, tools, technologies, and applications that need to be integrated.
  2. Data normalization: Enterprise SOCs need to parse data before it enters the data lake—to tag and filter it—so the right information is being fed into the SOC in the most efficient way.
  3. Data collection and analysis: Using a solution such as Microsoft’s Azure Monitor Log Analytics and scalable storage such as Azure Data Lake, terabytes of data can be ingested in order to query and manage at scale. Machine learning can be used for the identification of anomalies and monitoring whether log sources are operating correctly, as well as to support threat hunting.

At CyberProof, we leverage Azure Monitor Log Analytics and CyberProof Log Collection (CLC) SaaS technology to pull logs from all sources of data. These include a customer’s existing Microsoft investments—including on-premises, SaaS, and Azure assets—and existing Microsoft security controls that generate alerts across identities, endpoints, data, and email, and cloud apps.

2. Security analytics layer—generating contextual alerts and minimizing false positives

The traditional on-premises SIEM architecture has limited scalability—such as, infrastructure costs are incurred up-front, based on peak requirements rather than on-demand provisioning that scales with current demand and growth over time. Also, effectively mapping logs from all ecosystems can be a time-consuming endeavor when having to correlate rules and create clear reporting.

The world of security data collection has evolved. It is no longer a single query or rule that triggers the discovery of an incident. Typically, security monitoring identifies the proverbial “needle in the haystack”—and to do this type of threat detection requires broad visibility across the enterprise. This requires more processing power and data collection, in order to establish what the baseline really looks like. These are attributes are best accomplished by implementing security in the cloud.

That’s where Azure Sentinel comes in, supplying correlation and analytics rules and filtering massive volumes of events to obtain high-context alerts. Azure Sentinel uses machine learning to proactively find anomalies hidden within acceptable user behavior and generate alerts.

Microsoft Azure Sentinel is fully integrated with CyberProof CDC platform, so customers can work from a single console to manage high-context alerts, carry out investigations, and handle incidents.

3. Orchestration, automation, and collaboration layer—facilitating faster threat detection and response

Forrester’s recent assessment of midsized MSSPs notes that orchestration and security automation plays a vital role for overburdened SOC staff.

By automating tier one and two activities like monitoring, enrichment, investigation, and incident handling, our CDC platform takes much of the strain out of the process. Essentially, the CDC platform provides our IP as a service—helping customers avoid the expenditure necessary to develop their own IP for a next-generation SOC.

The CDC platform gives customers a “single pane of glass” view from which to manage high context alerts, incidents, and report generation for stakeholders. It integrates the functionality of Azure Sentinel as well as other security investments.

The CDC platform’s benefits include:

  • Orchestration: Integrates external intelligence sources, enrichment sources, the IT service management system, and more into a single view.
  • Automation: Leverages CyberProof virtual analyst, SeeMo, who uses our Use Case Factory—a catalog of attack uses cases consisting of prevention, detection rules, and response playbooks all aligned to the MITRE ATT&CK framework—to continuously update playbooks.
  • Collaboration: Facilitates real-time communication with our nation-state level analysts to help remediate incidents.
  • Hybrid engagement: Supports collaboration of CyberProof experts with the customer’s team to remediate incidents and upskill the customer’s team.

Customers can start benefiting now

CyberProof solution, used in tandem with Azure Sentinel provides 24/7 security monitoring, which frees up SOC teams to focus on critical incidents.

The platform’s use of machine learning and behavioral analysis can reduce alert fatigue and false positives by up to 90 percent. It offers large-scale collection and correlation of data from the endpoint, cloud network, and users—facilitating high-context alerts.

These capabilities, as well as the platform’s high-level collaboration abilities and up-to-date response playbooks, contribute to greater efficiency in threat detection and in responding to validated incidents.

Yet, it doesn’t take a lot of time to transition to CyberProof solution. CyberProof has a defined onboarding process that’s based on each customer’s requirements.

As a managed service provider, we find that we can help customers get through the transition much more quickly than they would have on their own—accelerating the process and shortening the time needed to start reaping the benefits of the solutions.

Want more information? Check out our Azure Security Services page and the CDC platform from CyberProof. Or contact us to learn more about how we can help you transition to a smarter SOC.

To learn more about the Microsoft Intelligent Security Association (MISA), visit the Microsoft Intelligent Security Association website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Key layers for developing a smarter SOC with CyberProof-managed Microsoft Azure security services appeared first on Microsoft Security.

Extend data loss prevention to your devices with Microsoft Endpoint Data Loss Prevention, now generally available

Microsoft Endpoint Data Loss Prevention

Endpoint Data Loss Prevention (DLP) | What it is and how to set it up in Microsoft 365.

Watch today

Managing and protecting data is critical to any organization. Data is growing exponentially, and remote work is making it even harder to manage risks around data. In fact, a recent Microsoft survey of security and compliance decision-makers found that data leaks are the top concern in remote and hybrid work scenarios.

To help our customers to address this challenge, today we are excited to announce the general availability of Microsoft Endpoint Data Loss Prevention (DLP).

A unified approach to data loss prevention

At Microsoft, we have long invested in developing information protection solutions for our customers. Microsoft Information Protection (MIP) is a built-in, intelligent, unified, and extensible solution that understands and classifies your data, keeps it protected, and prevents data loss across Microsoft 365 Apps (including Word, PowerPoint, Excel, and Outlook), services (including Microsoft Teams, SharePoint, and Exchange), third-party SaaS applications, and more—on premises or in the cloud. This unified data loss prevention approach provides simplicity, enabling you to set a DLP policy once and have it enforced across services, devices, and first-and third-party apps.

Endpoint DLP builds on the labeling and classification in Microsoft Information Protection and extends the existing DLP capabilities in Microsoft 365, helping you to meet compliance requirements and protect sensitive information on endpoints. It’s built into Windows 10, the Microsoft 365 Apps, and Microsoft Edge—without the need to deploy additional software on the device, which eliminates friction and makes it far easier to have visibility into your data. For users, it ensures security, without compromising productivity. Endpoint DLP provides policy tips to help educate users when they are about to violate a policy. It’s also integrated with Microsoft Defender for Endpoint (formerly known as Microsoft Defender Advanced Threat Protection), which can help you prioritize incident response based on additional factors.

New capabilities based on public preview feedback

With the general availability today, we’re happy to share that we’ve added additional capabilities as a part of the public preview program based on valuable feedback from our customers.

Last month, we also announced the addition of integration of unified data loss prevention with Microsoft Cloud App Security (MCAS) in public preview, allowing you to extend data protection to non-Microsoft cloud apps. For example, say a user is trying to share a document in a third-party app on his or her mobile device. Because Microsoft Cloud App Security helps protect cloud apps, the same DLP policy will be triggered, both the end-user and the admin will receive a notification, and in this case, the link will be automatically disabled.

In addition, we heard feedback from some of you that you’d like to be able to leverage your existing security investments. Endpoint DLP integrates with Microsoft Defender for Endpoint, but it is also compatible with most anti-virus software, which enables you to have a choice and extend the investments you’ve already made.

Today’s general availability announcement is only the beginning. We are also excited to announce some new capabilities going into preview today:

  • Sensitivity labels are now included as a condition for Microsoft Data Loss Prevention (DLP) policies. This lets you define new enforcement actions and locations within Endpoint DLP that take into account the sensitivity context of information to better meet protection requirements.

Using sensitivity labeling as a condition of a policy in Endpoint DLP.

Figure 1: Using sensitivity labeling as a condition of a policy in Endpoint DLP.

  • A new dashboard within Microsoft 365 compliance center helps you to manage DLP alerts. Alerts provide details about DLP events—including the sensitive information types detected in the content, confidence score rating, and event count—to help DLP reviewers quickly identify high-risk events so they can more effectively triage and remediate events.

Data loss prevention event alerts show in the new dashboard in Microsoft 365 compliance center.

Figure 2: Data loss prevention event alerts show in the new dashboard in Microsoft 365 compliance center.

  • New conditions and exceptions announced in public preview enhance the already existing predicate capabilities in DLP. Mail flow predicates provide a high degree of flexibility to configure the applicable ‘include’ and ‘exclude’ conditions in DLP policies to ensure that specific policies are applied to emails that only match the defined conditions.

New conditions and exceptions you can extend to your DLP policies to email messages.

Figure 3: New conditions and exceptions you can extend to your DLP policies to email messages.

You can learn a lot more about these new public preview capabilities in the TechCommunity blog.

Protecting your data

We continue to invest in providing you with the tools and visibility you need to help to protect your most precious asset – your data.

Endpoint DLP general availability will start rolling out to customers’ tenants in Microsoft 365 E5/A5, Microsoft 365 E5/A5 Compliance, and Microsoft 365 E5/A5 Information Protection and Governance starting today. Learn more about Endpoint DLP by reading the TechCommunity blog and visiting our documentation. You can sign up for a trial of Microsoft 365 E5 or navigate to the Microsoft 365 compliance center to get started today.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Extend data loss prevention to your devices with Microsoft Endpoint Data Loss Prevention, now generally available appeared first on Microsoft Security.

It’s Cybersecurity Awareness Month and there is still a lot to do

October is National Cyber Security Awareness Month (NCSAM). And there is still a lot to do!

For the last 17 years, the National Cybersecurity Awareness Month (NCSAM) campaign, driven by the Department of Homeland Security, has raised awareness about the importance of cyber security across the Nation with the mission of ensuring that all Americans have the resources they need to be safer and more secure online.

In alignment with this noble mission, Microsoft Security is providing educational content and executive speakers to empower our customers, employees and families. Tune into the CyberTalks recap to listen to the keynoted delivered by @Ann Johnson, Corporate Vice President of Security, Compliance and Identity, on how to future proof your security strategy.

Cyber security podcasts

In addition to the blog series that is taking over our blog in October, Microsoft Security is also sponsoring two security podcasts in we want to encourage our community to tune in and listen to both conversations.

  • Available nowEnabling secure remote work by embracing Zero Trust—One of the greatest challenges we often hear from public and private sector CISOs, when it comes to achieving a Zero Trust IT operating environment, is the question of how to tackle such a massive undertaking—and where to begin. Tune in to listen to CTO, Steve Faehl, to learn more about Microsoft’s journey towards Zero Trust.
  • Available October 19: Risk Reduction—Podcast featuring GM, Alym Rayani who delivers an in-depth conversation about compliance and its connection to security.

Additional security blogs to read

Government agency audit traceability

The reality today for many government agencies is there is no audit traceability to determine which email messages and content an attacker may have seen during a breached session into a user’s mailbox. The standard level of Office 365 auditing includes events that a user logged into their mailbox but does not include detailed information on the activity that occurs within the mailbox. As a result, organizations have no choice but to assume all content within the mailbox is compromised whether sensitive data or PII was viewed by the adversary. To learn more about how using Advanced Audit can help improve forensic investigation capability, read this blog from Matthew Littleton, Principal Technical Specialist on this Public Sector blog.

Top 5 security questions asked by US Government customers

In an era of remote work, end users wanted to collaborate with outside agencies but in a way that meant their data was secure. IT Admins wanted to know which configuration options best fit their organization’s security posture. CIO’s wanted to lean in and give their workforce the best in class technology, all while following US Government accreditation standards. The common theme in most questions asked by our customers was around security. Read more about the top 5 security questions asked by our US Government customers for Microsoft Teams.

October is my favorite time of year, between the change of season, Major League Baseball playoffs, and with football underway. It’s also National Cybersecurity Awareness Month, though with so many cyberattacks and incidents in the news, one month of dedicated focus hardly seems sufficient. Learn how Microsoft delivers on an end-to-end security strategy to reduce risk and deliver on its commitment to customers.

Working with the enemy

With so many external cyber threats facing Government agencies, it can be easy to overlook risks from insiders. Learn how Predictive Analytics can help agencies reduce risk and identify insider threats at scale.

To learn more about how to be #Cybersmart visit the cybersecurity website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post It’s Cybersecurity Awareness Month and there is still a lot to do appeared first on Microsoft Security.

Unilever CISO on balancing business risks with cybersecurity

Imagine showing up to work every day knowing that your job requires protecting 160,000 employees creating more than 450 products around the world—tea, ice cream, personal care, laundry and dish soaps—across a customer base of more than two and a half billion people every day. Unilever Chief Information Security Officer (CISO) Bobby Ford embraces the challenge, summing up his proactive approach this way: “I believe the responsibility of our group—the cybersecurity risk management group—is to enable the business to take risks.”

In this episode of “The Shiproom” I talk with Bobby about striking that balance between risk versus business needs, along with some of his strategies for protecting Unilever’s global workforce. We also discuss the ongoing challenges of communication and collaboration between the business and security sides of an organization. “I’m not the captain of the ‘no’ police,” Bobby explains. “Recognizing that the organization has to take risks—that’s what it means to be in business.”

On managing those risks, Bobby provides a useful metaphor: “For me, a mature cybersecurity strategy happens at the intersection of business intelligence and threat intelligence.” We discuss what constitutes threat intelligence, and why it’s important to maintain an ongoing conversation between business and security—so that decisions aren’t made in a vacuum.

Bobby also addresses the importance of diversity in the workplace, including “diversity of thought” and why a diverse workforce makes for better security. “The simplest answer is that the adversary is diverse. It’s hard to combat and defend against a diverse opponent when you lack diversity [on your team].”

We also discuss British food, arm wrestling, the Queen, shampoo, quesadillas, wombats, and more. Check out the whole discussion on:

What’s next

In an upcoming Shiproom episode, I’ll talk with Kurt John, CISO at Siemens USA. Kurt is listed in Security Magazine’s top 10 most influential cybersecurity leaders, and he’s a board member of the Virginia Innovation Partnership Authority tasked with enhancing Virginia’s tech-based economy. Kurt also serves on a special cybersecurity committee organized by the Under-Secretary-General of the United Nations. Don’t miss it.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Unilever CISO on balancing business risks with cybersecurity appeared first on Microsoft Security.