Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
Not long ago when I spoke with customers about Zero Trust, our conversations focused on discussing the principles, defining scope, or sharing our own IT organization’s journey. Zero Trust was something interesting to learn about, and most organizations were very much in the exploratory phase. As COVID-19 forced organizations across the world to send their workforce home, organizations rapidly focused on Zero Trust approaches to alleviate challenges of enabling and securing remote work. Using Zero Trust to secure users, data, and devices (wherever they may be) has changed from optional to a business imperative overnight.
Companies found that traditional security models required bringing users and data to ‘safe’ network places, which doesn’t scale and doesn’t provide the needed visibility. Employees are getting their work done any way they can– using personal devices, sharing data through new services, and collaborating outside the confines of traditional protections of the corporate network. Earlier adopters of Zero Trust approaches were able to adapt quickly, but many others instantly faced an expanded attack surface area and new security challenges they were not fully prepared for.
At Microsoft, we have been helping customers navigate these challenges by sharing our learnings and building controls, tools, and practices to enable daily application of Zero Trust principles. We have been focusing on providing organization quick wins that close critical gaps today and laying a strong foundation of Zero Trust expertise and technology to build on in the future.
Today and in my presentation at Blackhat 2020, I’d like to share some insights we’ve learned through this journey to help you with yours:
Many customers I meet with share that trying to figure out where to start their Zero Trust journey is a major challenge. I always recommend starting with multi-factor authentication (MFA). Verifying a user’s identity with strong authentication before granting them access to corporate resources is the most effective step to quickly improve security. Our studies have shown that accounts secured with MFA are 99.9% less likely to be compromised. Strong authentication strengthens your overall security posture and minimizes risk, it lays a strong foundation to build on—such as securely connecting employees to apps with single sign-on (SSO) experiences, controlling access to resources with adaptive access policies, and more.
In a Zero Trust security model, we want to have visibility into any and all endpoints accessing the corporate network so we can only allow healthy and compliant devices to access corporate resources. Device security posture and compliance should be used in your access policies to restrict access from vulnerable and compromised devices. This not only helps strengthen security and minimize risk, but also enables you to improve your employees’ productivity by supporting more device types and experiences. In a recent Microsoft study, more than 50% of organizations reported seeing a greater variety of endpoint platforms because of supporting remote work.
With employees increasingly accessing corporate data on new devices and collaborating in new ways, most security teams are seeing that their application and data security tools aren’t giving them the visibility and control they need. This de facto expansion of the enterprise attack surface makes it critical to discover the cloud apps in use, assess them for risk, and apply policy controls to ensure that data isn’t leaking through these applications. Finally, make sure the sensitive data in these apps is protected wherever it travels or lives by automatically classifying, labeling, and applying protection to files.
CISOs reported in a recent Microsoft study that Threat Protection is now a higher priority for them. With an increasing attack surface area and velocity, integrated threat protection solutions can now share signals across detection, prevention, investigation, and response. While most organizations already use threat protection tools, most don’t share signals or support end-to-end workflows. Because most attacks involve multiple users, endpoints, app, data, and networks, it’s imperative for tools to work together to deliver streamlined experience and end-to-end automation. Look for opportunities to integrate your threat protection solutions to remove manual tasks, process friction, and the morale issues they generate.
Security leaders are often challenged to balance security and a more streamlined end-user experience. Fortunately, Zero Trust enables both at the same time because security is built around the users and business assets, rather than the other way around. Instead of users signing in multiple times, dealing with VPN bandwidth constraints, and working only from corporate devices, Zero Trust enables users to access their content and apps from virtually any device and location securely.
To listen to my presentation on Zero Trust at Blackhat register here. Check out the Microsoft Zero Trust Maturity Model vision paper (click to download) detailing the core principles of Zero Trust, and our maturity model, which breaks down the top-level requirements across each of the six foundational elements.
We’re also publishing deployment guides for each of the foundational elements. Read the latest guides for Identities, Devices, and Networking. Look out for additional guides in the Microsoft Security blog.
Also, bookmark the Security blog to keep up with our expert coverage on security matters. And follow us at @MSFTSecurity for the latest news and updates on cybersecurity.