Microsoft as security vendor?
Microsoft does have a long – and not always so pleasant – history with security. The “old guys” in IT will remember the days that Microsoft was constantly faced with new security bugs and struggled to keep up with patching. In 2001, this resulted in the well-known “Trustworthy computing” note from Bill Gates to his employees. A shutdown of all “new feature” developments for months was the immediate consequence of this strategic note of Bill Gates. This allowed Microsoft developers to be trained on Secure Development and to perform in-depth code reviews of all source code of Microsoft products. It still took many years before this effort started to be visible for the user community. Where in the past threat actors primarily targeted Microsoft products because of their weak security and enormous attack surface, they started to turn their efforts to “easier” targets with a large attack surface, namely Acrobat reader, Flash and Java RTE.
Over the years, Microsoft itself has been a prime target for threat actors. Multiple security teams were established to be able to detect and respond to several types of security threats targeting Microsoft or its customers:
- Cyber Defence Operations Centre
- Digital Crimes Unit
- Cyber hunting teams
- Malware Protection Centre
- Security Response Centre
Today, all these different teams are feeding their intelligence and expertise to the Microsoft Security solutions. Moreover, the teams are following the “eat your own dog food”-principle, using the different solutions during their own security operations. Their decade-long experience with security threats and the broad availability of internal security skills and tools have now been turned into a comprehensive set of state-of-the-art cloud security services. Where Microsoft identified expertise gaps, they combined their internal expertise with a number of successful acquisitions:
- Giant Anti-Spyware in 2004, now Microsoft Windows Defender
- PhoneFactor in 2012, now Azure Multi Facto Authentication
- Aorato in 2014, now ATA/AATP
- Adallom in 2015, now Microsoft CloudApp Security
- Secure Islands in 2015, integrated in Azure Information Protection
- Hexadite in 2017, integrated in WD Advanced Threat Protection
The threat landscape is constantly changing, and any security vendor must have the ability to gather threat-intelligence globally while having the capacity and tools to process this data rapidly and create detection methods and protection measures for these new and evolving threats. Machine learning is a key component in this whole process, and Microsoft is one of the few companies in the world that have the capacity to gather, manage and process big data through machine-learning on a global scale. A few others are of course Google, Facebook, Amazon, Alibaba, Apple,… but none of these are currently using big data in combination with machine-learning to create security intelligence services to track the legitimate and malicious behaviour of users, processes, systems,…
As an example, Windows Error Reporting gathers terabytes of data on crashing Microsoft and non-Microsoft applications daily. A small percentage of these crashes are caused by malware (sometimes even zero-day-malware). Finding these malware-needles in the massive haystack of error-data can only be accomplished through clever machine-learning algorithms. Microsoft has already been using this technology for over 10 years. Other examples on how big data is used to feed the Microsoft Security Graph are the detection of malicious sites (or malware hosting sites) by Bing, security intelligence and threat analysis of attacks on Office 365 services, Azure and consumer services and more.
Whereas Microsoft was practically non-existent in the world of security products 10 years ago, they decided to become a Security Partner in 2015. Today, we see that this strategic decision of 2015, together with all the above-mentioned initiatives, is resulting in Microsoft becoming a major player in the cloud security solutions:
- Azure Active Directory has already been the leader in Gartner’s Cloud IAM Quadrant for a few years
- Windows Defender is getting top scores on the real-world antivirus tests
- Cloud-App Security is strongly growing in the CASB area
- Meanwhile, other products like Azure Information Protection don’t have a lot of direct competition…
Even though each of these services has several competitors, the main strength of Microsoft comes from cross-product integration, which in many cases makes it the best choice for businesses that have a Microsoft-oriented IT infrastructure. Based on our extensive experience with diverse small, medium and large organizations, security teams are drowning in the different security solutions. Product Specialists are required to properly configure each security tool. It is not an exception expensive security tools are ending up as shelf-ware. As a result, organisations get a false feeling of security and security budgets are not used efficiently. With this new end-to-end one ecosystem philosophy, we believe to have found a better approach to help security teams protect their organisation’s assets from the cyber threats of today.
So, while we will be diving into more technical stuff in our upcoming blogs, this article might have helped you understand why we at SecWise believe that Microsoft Security solutions can help many customers with their security challenges. And we are here to help you and make it happen!