Technology Record - Issue 25: Summer 2022

45 COV E R S TOR Y that we will help provide more accurate detection and faster response,” says Jakkal. “Today’s threat landscape is incredibly fastpaced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centres must be equipped with tools and expert insight to identify and resolve potentially highimpact threats before attackers set up persistence mechanisms, steal data or deploy ransomware.” In May 2022, Microsoft announced its new service category, Microsoft Security Experts, that is designed to meet the unique needs of customers across healthcare, financial services and other industries. This new category brings together Microsoft’s existing incident response and security advisory services with three new managed security services. “Our experts will help augment a customer’s existing security team or – alongside our partners – manage security for them entirely,” says Rob Lefferts, corporate vice president of modern protection and security operation centre at Microsoft. “Our vision is to deliver this new category of services across security, compliance, identity, management and privacy, and the first step on that journey is offering new and expanded services for security.” With input from its partners, Microsoft created three new managed services as part of the Security Experts service that will augment customer’s existing security teams. Microsoft Defender Experts for Hunting was created for customers who already have a robust security operations centre and want Microsoft to help them proactively hunt for threats. “It goes beyond traditional end-point hunting and expands the scope across end points, Office 365, cloud applications and identity,” says Lefferts. “Through their security portal, customers will get targeted attack notifications and access to experts on demand at the click of a button.” Defender Experts for Hunting is an evolution of a managed hunting service called Microsoft Threat Experts that was launched in 2019. The new version can hunt across all of Microsoft 365 Defender. “This is because we can find more threats with better contextual information on what the attacker is doing if we correlate endpoint data across Office 365, cloud apps and identity data as well,” says Lefferts. Microsoft Defender Experts for XDR is a managed extended detection and response service that combines machine automation and human expertise to proactively hunt for threats and reactively respond to incidents alongside customer’s existing security team. According to Lefferts, one of the major changes in the cybersecurity landscape is the shift to ‘attack kill chains’ that are no longer limited to end points. “They extend beyond the end point to identity, cloud apps, and email,” Lefferts explains. “Protection across each of those domains requires a solution that can intelligently correlate alerts from each into an incident. Incidents are what alert security teams that there is a larger-scale attack. This more comprehensive and complete view is imperative in today’s security landscape.” According to Microsoft Azure Active Directory authentication log data from 2022, there are 921 attempted password attacks every second, which equates to over 79 million attempts every day. And this has nearly doubled over the past 12 months. In the multi-cloud, multi-platform world in which enterprises currently operate, the number of platforms, devices, users, services, and locations multiplies exponentially. As such, securing those dynamically changing identities and permissions is becoming an increasingly important aspect of defence. “We believe that the best way for organisations to protect themselves is not to detect an intrusion after it happened, but to hunt for threats proactively within existing and new data, correlate signal intelligence to see complete incidents, not just alerts, and to build a modern, zero-trust security posture,” says Lefferts. Zero-trust strategies play an integral role in business security, and therefore in Microsoft’s offerings. “People and organisations need to have trust in the technologies that bring them together,” says Lefferts. “The term ‘zero trust’ may feel like the opposite of that, but when you assume breach and provide the least privileged access necessary, it actually empowers employees “ People and organisations need to have trust in the technologies that bring them together” ROB LEFFERTS , MICROSOFT

RkJQdWJsaXNoZXIy NzQ1NTk=