We are announcing a resource to help our customers answer these questions: The Microsoft Zero Trust Workshop, a self-service tool to help you plan and execute your Zero Trust journey guide by yourself or with the guidance of a partner.

The Zero Trust Workshop lets you customize your organization’s end-to-end security deployment to your unique business needs and your environment with a powerful tool that: provides a comprehensive assessment of zero trust capabilities learned from hundreds of deployments; guides you with a visual easy-to-use tool that explains each step of the journey; and delivers a digital artifact that you and your team can use to plan and prioritize your next steps and to compare and measure progress regularly. 

Zero Trust Workshop

A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.

Learn more

How our workshop helps customers and partners solidify their Zero Trust strategy 

Over the past year, we have piloted this workshop with more than 30 customers and partners. They have consistently told us that this provides them with the clarity, coverage, and actionable guidance they need to secure their organization within each Zero Trust pillar and across the pillars. When asked how likely they are to recommend the workshop to their partner teams or to other customers, customers give the workshop a net promoter score of 73.

The layout and question structure is fantastic as it provokes a fair amount of thought around adding each of the capabilities to take a multi-faceted approach to authentication and authorization.

—Senior vice president at a major financial institution

Security is a team sport, and we recognize that customers often need security partners to help them plan and execute their security strategy. This is why we partnered with several deployment partners across the pillars of Zero Trust to get their feedback on the workshop and how they would use it to help their customers.

The Zero Trust Workshop is a great starting point for our customers who want to embrace Zero Trust principles, but don’t know how to align the technology they already own. Furthermore, the workshop allows our customers to measure the progress they’ve made and aim for the next incremental hardening of the Zero Trust model, which is part and parcel of the Zero Trust manner of thinking. As a Microsoft partner and as an MVP, I advocate that customers use the materials provided by Microsoft, including these workshops, to measure and further their security posture.

—Nicolas Blank, NBConsult

[The Zero Trust workshop] has enabled Slalom to help clients accelerate their efforts towards a comprehensive cyber resilience strategy. It provides a clear picture of an organization’s current state and provides a template for order of operations and best practices in a very tidy package. It’s an easy-to-use tool with a huge impact, and our clients and workshop participants have been very impressed by how it organizes and prioritizes a complex set of operations in an approachable and manageable way.

—Slalom

How to start using the workshop to plan your Zero Trust journey

The Zero Trust Workshop is comprised of two main components, all in one handy file you can download and use to drive these conversations: 

• The Zero Trust Basic Assessment (optional): For customers starting on their Zero Trust journey, the assessment is a foundational tool that customers can run before the workshop to check for common misconfigurations and gaps in settings (for example, having too many global admins) to remediate before starting to enable the security features and capabilities of a Zero Trust journey.  

• The Zero Trust Strategy workshop: This is a guided breakdown of the Zero Trust areas according to the standard Zero Trust pillars (Identity, Devices, Data, Network, Infrastructure and Application, and Security Operations). For each pillar, we walk you through the associated areas with a proposed “do this first, consider this then, think about this next” order to how you should tackle them. For each area and capability, you have guidance on why it matters and options to address it and then can discuss it with your stakeholder and decide if this is something you already did, something you are going to do, or something you do not plan to implement at this time. As you progress through the different boxes and areas, you create an artifact for your organization on how well-deployed you are in this Zero Trust pillar and what are the next areas to tackle.  

Now, we are launching the Identity, Devices, and Data pillars. We will add the Network, Infrastructure and Application, and Security Operations in the coming few months. The website for the workshop will announce these as they become available.

I invite you to check out the Zero Trust Workshop site where we have detailed training videos and content. 

For our valued security deployment partners, the workshop is also included in the recently launched Zero Trust Partner kit where, as a partner, you can take the workshop material and customize it for your customer engagements based on your needs. 

Closing thoughts

We all need to work together to help secure the world we live in and keep people safe with the intention of collective defense. As shared in the most recent Microsoft Digital Defense Report, the cyber threat landscape is ever-growing and requires a collaborative approach between product vendors, security experts, and customers to help protect everyone. In the spirit of working with the wider ecosystem to help secure all customers, we recently partnered with NIST’s NCCoE and more than 20 security vendors to publish a guide on how to adopt NIST’s Zero Trust reference architecture using Microsoft’s Security products and this is another example of us working with all of you deploying security out there to help secure the ecosystem. 

We would love to hear how you are using it. Use the feedback form on the site to share with us how we can improve it to help your organization implement a Zero Trust journey. 

Additional resources to accelerate your Zero Trust journey 

This joins a library of other resources to guide your security modernization and Zero Trust journey, including: 

• The Zero Trust Guidance center

• The Microsoft Security Adoption Framework (SAF) which includes the Microsoft Cybersecurity Reference Architecture and the Chief Information Security Officer (CISO) Workshop.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. 

The post ​​Zero Trust Workshop: Advance your knowledge with an online resource appeared first on Microsoft Security Blog.

A Leader in the market with an innovative solution for the SOC  

Microsoft Sentinel provides a unique experience for customers to help them act faster and stay safer while managing the scaling costs of security. Customers choose our SIEM in order to:  

Protect everything with a comprehensive SIEM solution. Microsoft Sentinel is a cloud-native solution that supports detection, investigation, and response across multi-cloud and multi-platform data sources with 340+ out-of-the-box connectors A strength of Microsoft’s offering is its breadth, which includes user entity and behavior analytics (UEBA), threat intelligence and security orchestration, automation, and response (SOAR) capabilities, along with native integrations into Microsoft Defender threat protection products. 

• Enhance security with a unified security operations platform. Customers get the best protection when pairing Microsoft Sentinel with Defender XDR in Microsoft’s unified security operations platform. The integration not only brings the two products together into one experience but combines functionalities across each to maximize efficiency and security. One example is the unified correlation engine which delivers 50% faster alerting between first- and third-party data, custom detections and threat intelligence.³ Customers can stay safer with a unified approach, with capabilities like automatic attack disruption—which contains attacks in progress, limiting their impact at machine speed.   

• Address any scenario. As the first cloud-native SIEM, Microsoft Sentinel helps customers observe threats across their digital estate with the flexibility required for today’s challenges. Our content hub offerings include over 200 Microsoft- created solutions and over 280 community contributions. The ability to adapt to the unique use cases of an organization is something called out in both the Forrester and Gartner reports.  

• Scale your security coverage with cloud flexibility. Compared with legacy, on-premises SIEM solutions, Microsoft Sentinel customers see up to a 234% return on investment (ROI).¹ This makes it an attractive option for customers looking for a scalable offering to meet the evolving needs of their business while managing the costs of data. We’ve recently launched a new, low-cost data tier called Auxiliary Logs to help customers increase the visibility of their digital environment, while keeping their budgets in check. In addition, Microsoft’s SOC Optimizations feature, a first of its kind offering, provides targeted recommendations to users on how to better leverage their security data to manage costs and maximize their protection, based on their specific environment and using frameworks like the MITRE attack map  

• Respond quickly to emergent threats with AI. Security Copilot is a GenAI tool that can help analysts increase the speed of their response, uplevel their skills, and improve the quality of their work. 92% of analysts reported using Copilot helped make them more productive and 93% reported an improvement in the quality of their work.²  

What’s next in Microsoft Security 

Microsoft is dedicated to continued leadership in security through ongoing investment to provide customers with the intelligence, automation, and scalability they need to protect their businesses and work efficiently. New and upcoming enhancements include more unified features across SIEM and XDR, exposure management and cloud security in the unified security operations platform, and our SIEM migration tool—which now supports conversion of Splunk detections to Microsoft Sentinel analytics rules and additional Copilot skills to help analysts do their job better.  

​​CTA​: To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

^[1] The Total Economic Impact™ Of Microsoft Sentinel (forrester.com) 

^[2] Microsoft Copilot for Security randomized controlled trial (RCT) with experienced security analysts conducted by Microsoft Office of the Chief Economist, January 2024 

³Microsoft internal data 

Gartner, Magic Quadrant for Security Information and Event Management, By Andrew Davies, Mitchell Schneider, Rustam Malik, Eric Ahlm, 8 May 2024 

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. 

The post ​​Microsoft now a Leader in three major analyst reports for SIEM appeared first on Microsoft Security Blog.

We must find a way to stem the tide of this malicious cyber activity. That includes continuing to harden our digital domains to protect our networks, data, and people at all levels. However, this challenge will not be accomplished solely by executing a checklist of cyber hygiene measures but only through a focus on and commitment to the foundations of cyber defense from the individual user to the corporate executive and to government leaders.  

These are some of the insights from the fifth annual Microsoft Digital Defense Report <link>, which covers trends between July 2023 and June 2024. 

State-affiliated actors increasingly are using cybercriminals and their tools.  

Over the last year, Microsoft observed nation state actors conduct operations for financial gain, enlist cybercriminals to collect intelligence, particularly on the Ukrainian military, and make use of the same infostealers, command and control frameworks, and other tools favored by the cybercriminal community. Specifically:  

• Russian threat actors appear to have outsourced some of their cyberespionage operations to criminal groups, especially operations targeting Ukraine. In June 2024, a suspected cybercrime group used commodity malware to compromise at least 50 Ukrainian military devices.  

• Iranian nation state actors used ransomware in a cyber-enabled influence operation, marketing stolen Israeli dating website data. They offered to remove specific individual profiles from their data repository for a fee. 

• North Korea is getting into the ransomware game. A newly-identified North Korean actor developed a custom ransomware variant called FakePenny, which it deployed at organizations in aerospace and defense after exfiltrating data from the impacted networks—demonstrating both intelligence gathering and monetization motivations.  

Nation state activity was heavily concentrated around sites of active military conflict or regional tension 

Aside from the United States and the United Kingdom, most of the nation-state-affiliated cyber threat activity we observed was concentrated around Israel, Ukraine, the United Arab Emirates, and Taiwan. In addition, Iran and Russia have used both the Russia-Ukraine war and the Israel-Hamas conflict to spread divisive and misleading messages through propaganda campaigns that extend their influence beyond the geographical boundaries of the conflict zones, demonstrating the globalized nature of hybrid warfare.  

• Approximately 75% of Russian targets were in Ukraine or a NATO member state, as Moscow seeks to collect intelligence on the West’s policies on the war. 

• Chinese threat actors’ targeting efforts remain similar to the last few years in terms of geographies targeted—Taiwan being a focus, as well as countries within Southeast Asia—and intensity of targeting per location. 

• Iran placed significant focus on Israel, especially after the outbreak of the Israel-Hamas war. Iranian actors continued to target the US and Gulf countries, including the UAE and Bahrain, in part because of their normalization of ties with Israel and Tehran’s perception that they are both enabling Israel’s war efforts. 

Example of Iran’s targeting shift following the start of the Israel-Hamas conflict.  

Russia, Iran, and China focus in on the U.S. election 

Russia, Iran, and China have all used ongoing geopolitical matters to drive discord on sensitive domestic issues leading up to the U.S. election, seeking to sway audiences in the U.S. to one party or candidate over another, or to degrade confidence in elections as a foundation of democracy. As we’ve reported, Iran and Russia have been the most active, and we expect this activity to continue to accelerate over the next two weeks ahead of the U.S. election.  

In addition, Microsoft has observed a surge in election-related homoglyph domains—or spoofed links—delivering phishing and malware payloads. We believe these domains are examples both of cybercriminal activity driven by profit and of reconnaissance by nation-state threat actors in pursuit of political goals. At present, we are monitoring over 10,000 homoglyphs to detect possible impersonations. Our objective is to ensure Microsoft is not hosting malicious infrastructure and inform customers who might be victims of such impersonation threats.  

Financially motivated cybercrime and fraud remain a persistent threat  

While nation-state attacks continue to be a concern, so are financially motivated cyberattacks. In the past year Microsoft observed:   

• A 2.75x increase year over year in ransomware attacks. Importantly, however, there was a threefold decrease in ransom attacks reaching the encryption stage. The most prevalent initial access techniques continue to be social engineering—specifically email phishing, SMS phishing, and voice phishing—but also identity compromise and exploiting vulnerabilities in public facing applications or unpatched operating systems. 

• Tech scams skyrocketed 400% since 2022. In the past year, Microsoft observed a significant uptick in tech scam traffic with daily frequency surging from 7,000 in 2023 to 100,000 in 2024. Over 70% of malicious infrastructure was active for less than two hours, meaning they may be gone before they’re even detected. This rapid turnover rate underscores the need for more agile and effective cybersecurity measures. 

Threat actors are experimenting with generative AI 

Last year, we started to see threat actors—both cybercriminals and nation states—experimenting with AI. Just as AI is increasingly used to help people be more efficient, threat actors are learning how they can use AI efficiencies to target victims. With influence operations, China-affiliated actors favor AI-generated imagery, while Russia-affiliated actors use audio-focused AI across mediums. So far, we have not observed this content being effective in swaying audiences.  

Nation-state adversarial use of AI in influence operations. 

But the story of AI and cybersecurity is also a potentially optimistic one. While still in its early days, AI has shown its benefits to cybersecurity professionals by acting as a tool to help respond in a fraction of the time it would take a person to manually process a multitude of alerts, malicious code files, and corresponding impact analysis. We continue to innovate our technology to find new ways that AI can benefit and strengthen cybersecurity.   

Collaboration remains crucial to strengthening cybersecurity. 

With more than 600 million attacks per day targeting Microsoft customers alone, there must be countervailing pressure to reduce the overall number of attacks online. Effective deterrence can be achieved in two ways: by denial of intrusions or by imposing consequences for malicious behavior. Microsoft continues to do our part to reduce intrusions and has committed to taking steps to protect ourselves and our customers through our Secure Future Initiative. 

While the industry must do more to deny the efforts of attackers via better cybersecurity, this needs to be paired with government action to impose consequences that further discourage the most harmful cyberattacks. Success can only be achieved by combining defense with deterrence. In recent years, a great deal of attention has been given to the development of international norms of conduct in cyberspace. However, those norms so far lack meaningful consequence for their violation, and nation-state attacks have been undeterred, increasing in volume and aggression. To shift the playing field, it will take conscientiousness and commitment by both the public and private sectors so that attackers no longer have the advantage.  

Microsoft continues to share important threat intelligence with the community, including our recent Cyber Signals research looking at cyber risks in the education sector. 

The post Escalating cyber threats demand stronger global defense and cooperation appeared first on Microsoft Security Blog.

Microsoft Defender for Cloud, the integrated CNAPP from Microsoft, delivers comprehensive security and compliance from code to runtime, enhanced by generative AI and threat intelligence to help you secure your hybrid and multicloud environments. With Defender for Cloud, organizations can support secure development, minimize risks with contextual posture management, and protect workloads and applications from modern threats in a unified security operations (SecOps) experience.  

Defender for Cloud not only transcends traditional security silos and extends its end-to-end security across multicloud and hybrid infrastructure, it delivers advanced security posture management and threat remediation capabilities as well. In order to prove the solution’s business benefits, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study. The study aims to provide business leaders and decision-makers with a solid framework with which they can evaluate the benefits and potential financial impact of Defender for Cloud on their organizations.

Through the course of the study, participating interviewees reported experiencing a wide variety of benefits related to Defender for Cloud, including reduced operational risk, a compressed, more secure development lifecycle, and reduced time to investigate and remediate threats faster.

All told, the study found that the benefits of Defender for Cloud add up to a significant net present value (NPV) of $4.25 million over three years. But that’s not the whole story. Here are some other key takeaways mentioned by Forrester’s interviewees.

1. Shorter threat investigation and remediation times

“[Defender for Cloud] just takes out the weird stuff happening on our network that ends up on the cybersecurity desk. We’ve already probably cut back about 60% of the workload, and a lot of that revolves around false positives, so I can get better data. The systems assess the data properly…I’m not even going to give it to the analyst. I’m going to auto-close.”

—Chief technology officer, Life Sciences

Defender for Cloud was found to register 50% fewer false positives than legacy security solutions. Simultaneously, the solution reduced the investigation and remediation times of legitimate threats by 30%. Due to these dramatic improvements, study participants avoided 36,000 investigation and remediation hours on average. By reallocating the corresponding $796,000 of SecOps labor to proactive threat hunting and other high-value activities, companies were able to further improve their security performance.

2. Improved security operations center (SOC) productivity

“[With Defender for Cloud], if the tools are configured properly, the [global] efficiencies in your SOC can probably be up to 30% for a fine-tuned environment.”

—Technical manager, Business-to-business Software

By broadening the number and types of workloads protected by Defender for Cloud, participating businesses saw an average 30% improvement in SecOps productivity. This boost was a combination of consolidating duplicative multicloud security policies, replacing patching processes and other similar time-consuming procedures with automation, and embracing the efficiency gains of a better-integrated Microsoft ecosystem. In financial terms, these productivity gains translate to a $5.6 million savings over three years.

3. Lower total cost of ownership

“[Without Defender for Cloud], it would be so much more complex. It would cost us double to maintain [our multicloud security stack].”

—Cyberdefense leader, Materials

Interviewees reported that Defender for Cloud reduced their licensing costs by 10% when compared to legacy security solutions. This savings is the result of eliminating the licensing and management costs associated with five legacy security solutions over three years—made possible because of the breadth of workloads protected by Defender for Cloud. Interviewees also reported 1,700-hour reduction in security stack administrative work thanks to their ability to consolidate workloads across their multicloud infrastructures. These adjustments together yielded more than $1 million in cost savings.

4. More comprehensive cyberthreat coverage and prioritization

“Microsoft is capturing 10% of real incidents [not caught by other solutions deployed], reducing our attack surface by 10%.“

—Chief information security officer (CISO), Technology

Defender for Cloud caught 10% more legitimate cyberthreats than the prior security environments study participants had been using, on average. Each of these threats required a response and would have been missed. Interviewees defined the incidents they had previously lacked the capacity to address a mix of increasingly complex and overlapping cyberthreats that included but were not limited to runtime container risk, overprovisioning container privileges, malware, phishing and social engineering efforts, and shadow IT. Not only did Defender for Cloud identify these incidents, it provided greater context surrounding them, improving threat prioritization and avoiding $292,000 in costs related to data breaches.

5. Lower compliance costs

“[Defender for Cloud] is capable of saving up to 5% of [my organization’s] engineering overhead around [audit and compliance] meetings and collaboration.”  

—CISO, Technology

With Defender for Cloud, participating organizations decreased their compliance-related costs. Auditing fees were avoided and compliance-related meeting schedules were streamlined, reducing reliance on outside auditing services. Over three years, the average savings related to these process improvements was $857,000, a 15% reduction in audit compliance overhead.

The advantages of Microsoft Defender for Cloud

Overall, the Forrester study found that Defender for Cloud markedly enhanced the security, compliance, and operational efficiency of each company participating in the TEI study. Through representative interviews and financial analysis, Forrester determined that a composite organization experiencing the aggregate benefits of the study’s participants received $8.52 million in financial benefits over three years. In balancing these benefits against $4.27 million in costs over the same period, Forrester determined that Defender for Cloud represents a net present value (NPV) of $4.25 million.

Interviewees participating in the study went beyond the financial benefits in their praise of Defender for Cloud. After adopting the solution, participants saw reduced risk and improvements to both their security and compliance postures at scale. Even as regulatory and compliance landscapes shifted beneath their feet, these organizations were better able to use the added context of Microsoft cloud security benchmarks to stay on solid ground—remaining compliant when others might not have.

Additionally, interviewees noted that Defender for Cloud helped them more securely collaborate with their technology partners and to establish more secure, more efficient software development pipelines. These benefits, interviewees emphasized, would have further benefits down the road as well, including reduced development times, improved time-to-value, and ultimately greater potential for business growth.

Learn more

To learn more about the business value of Microsoft Defender for Cloud, explore the Total Economic Impact™ Of Microsoft Defender for Cloud study for further analysis and findings, as well as the perspectives of Defender for Cloud users interviewed in the study. Also, register for the webinar featuring Forrester on top cloud security trends, key considerations, and quantifying the business value of CNAPP.

Learn more about Microsoft Cloud Security Solutions.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study appeared first on Microsoft Security Blog.

The key to fighting ransomware at scale is Microsoft’s unwavering commitment to simplifying, automating, and augmenting security analyst workstreams to meet the demands of today’s and tomorrow’s cyberthreat environment. We are excited to announce that Gartner has named Microsoft a Leader in the 2024 Gartner^® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time. We believe this announcement reflects Microsoft’s continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center (SOC) teams.

Microsoft Defender for Endpoint is an endpoint security platform that helps organizations secure their digital estate using AI-powered, industry-leading endpoint detection and response across Windows, Linux, macOS, Android, iOS, and Internet of Things (IoT) devices. It is core to Microsoft Defender XDR and built on global threat intelligence—informed by more than 78 trillion daily signals and more than 10,000 security experts—empowering security teams to fend off sophisticated threats.²

Our customers and partners have been an invaluable part of this multiyear journey, and we are grateful for both their business and their partnership. Read the complimentary report providing more details on our positioning as a Leader.

Microsoft Defender for Endpoint is built from the ground up with operational resilience in mind. It starts with our agent architecture that follows best practices for Windows by limiting its reliance on kernel mode while protecting customers in real-time. It does not load content updates from files in the kernel mode driver. As an added safeguard, we deliver updates to customers applying Microsoft’s long-established safe deployment practices (SDP) model. Customers have full control over how these updates are delivered and how controls are applied to their device estate. This model of shared control helps provide security and resiliency. 

Over the last 12 months, Microsoft has delivered significant innovations that have helped defenders gain the upper hand against cyberthreats including: improved attack disruption, Microsoft Copilot for Security, a new Linux agent, simplified settings management, the unified security operations platform and Microsoft Defender Experts for XDR.

Automatic attack disruption, unique to Microsoft, is a self-defense capability that stops in-progress cyberattacks by analyzing the attacker’s intent, identifying compromised assets, and isolating or disabling assets like users or devices at machine speed. For example, in July 2024 we discovered the CVE-2024-37085 vulnerability. Numerous ransomware operators exploited it to encrypt the entire file system and move laterally in the network. Attack disruption fends off such sophisticated ransomware attempts by blocking lateral movement and remote encryption in a decentralized way across all your device estate—in just three minutes on average.³ This is a capability that Microsoft continues to invest in to disrupt more scenarios even earlier in the cyberattack chain.  

Microsoft Copilot for Security is the industry’s first generative AI that empowers security teams to protect at the speed and scale of AI, generally available as of April 2024. Embedded within the Defender XDR experience, it assists analysts by providing enriched context for faster and smarter decisions. It accelerates investigation, containment, and remediation with prescriptive step-by-step guidance. Analysts can now easily understand attacker actions with intuitive script analysis and launch complex Kusto Query Language (KQL) queries using plain language. The results from a randomized controlled trial based on 147 security professionals showed significant efficiency gains including speed and quality improvements when using Copilot for Security. Security professionals were up to 22% faster across all tasks, and more than 93% of users wanted to use Copilot again.

A new Linux agent has been built from scratch, using eBPF sensor technology to deliver the performance and stability needed for mission-critical server workloads while providing visibility into cyberthreats. We continue prioritizing innovations across every type of endpoint from Windows, Linux, macOS, iOS, Android, and IoT to provide the holistic endpoint security that organizations need.

Simplified setup and change management help analysts configure devices correctly to minimize threat exposure. With the general availability of simplified settings management, SOC analysts can manage security policies without leaving the Defender XDR portal.

Unified security operations platform brings the foundational tools a SOC needs into a single experience, with a consistent data model, unified capabilities, and broad protection. This unification helps SOCs close critical security gaps and streamline their operations, delivering better overall protection, reducing their response time, and improving overall efficiency. Defender for Endpoint is core to this platform, which combines “the power of leading solutions in security information and event management (SIEM), extended detection and response (XDR), and generative AI for security.” By working seamlessly across Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot for Security, security analysts need only a single set of automation rules and playbooks. Plus, they can use plain language to execute complex tasks in an instant with Copilot for Security embedded in the platform.

Microsoft Defender Experts for XDR gives your security team coverage with around-the-clock access to Microsoft expertise. Recognizing that sophisticated cyberthreats go beyond the endpoint, Microsoft offers Microsoft Defender Experts for XDR. This managed service is available 24 hours a day, 7 days a week, helping organizations extend their SOC team to fully triage events and respond to incidents across domains.

Thank you to all our customers. You inspire us as together we work to create a safer world.

Learn more

If you’re not yet taking advantage of Microsoft’s leading endpoint security solution, visit Microsoft Defender for Endpoint and start a free trial today to evaluate our leading endpoint protection platform. 

Are you a regular user of Microsoft Defender for Endpoint? Review your experience on Gartner Peer Insights™ and get a $25 gift card.    

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹2024 Microsoft Digital Defense Report. Publishing October 15, 2024.

²Microsoft Digital Defense Report, Microsoft. 2023.

³Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview, Rob Lefferts. April 3, 2024.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, Satarupa Patnaik, Chris Silva, September 23, 2024. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

The post ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

At Microsoft, we have commitments to ensure Trustworthy AI and are building industry-leading supporting technology. Our commitments and capabilities go hand in hand to make sure our customers and developers are protected at every layer.

Building on our commitments, today we are announcing new product capabilities to strengthen the security, safety and privacy of AI systems.

Security. Security is our top priority at Microsoft, and our expanded Secure Future Initiative (SFI) underscores the company-wide commitments and the responsibility we feel to make our customers more secure. This week we announced our first SFI Progress Report, highlighting updates spanning culture, governance, technology and operations. This delivers on our pledge to prioritize security above all else and is guided by three principles: secure by design, secure by default and secure operations. In addition to our first party offerings, Microsoft Defender and Purview, our AI services come with foundational security controls, such as built-in functions to help prevent prompt injections and copyright violations. Building on those, today we’re announcing two new capabilities:

• Evaluations in Azure AI Studio to support proactive risk assessments.
• Microsoft 365 Copilot will provide transparency into web queries to help admins and users better understand how web search enhances the Copilot response. Coming soon.

Our security capabilities are already being used by customers. Cummins, a 105-year-old company known for its engine manufacturing and development of clean energy technologies, turned to Microsoft Purview to strengthen their data security and governance by automating the classification, tagging and labeling of data. EPAM Systems, a software engineering and business consulting company, deployed Microsoft 365 Copilot for 300 users because of the data protection they get from Microsoft. J.T. Sodano, Senior Director of IT, shared that “we were a lot more confident with Copilot for Microsoft 365, compared to other large language models (LLMs), because we know that the same information and data protection policies that we’ve configured in Microsoft Purview apply to Copilot.”

Safety. Inclusive of both security and privacy, Microsoft’s broader Responsible AI principles, established in 2018, continue to guide how we build and deploy AI safely across the company. In practice this means properly building, testing and monitoring systems to avoid undesirable behaviors, such as harmful content, bias, misuse and other unintended risks. Over the years, we have made significant investments in building out the necessary governance structure, policies, tools and processes to uphold these principles and build and deploy AI safely. At Microsoft, we are committed to sharing our learnings on this journey of upholding our Responsible AI principles with our customers. We use our own best practices and learnings to provide people and organizations with capabilities and tools to build AI applications that share the same high standards we strive for.

Today, we are sharing new capabilities to help customers pursue the benefits of AI while mitigating the risks:

• A Correction capability in Microsoft Azure AI Content Safety’s Groundedness detection feature that helps fix hallucination issues in real time before users see them.
• Embedded Content Safety, which allows customers to embed Azure AI Content Safety on devices. This is important for on-device scenarios where cloud connectivity might be intermittent or unavailable.
• New evaluations in Azure AI Studio to help customers assess the quality and relevancy of outputs and how often their AI application outputs protected material.
• Protected Material Detection for Code is now in preview in Azure AI Content Safety to help detect pre-existing content and code. This feature helps developers explore public source code in GitHub repositories, fostering collaboration and transparency, while enabling more informed coding decisions.

It’s amazing to see how customers across industries are already using Microsoft solutions to build more secure and trustworthy AI applications. For example, Unity, a platform for 3D games, used Microsoft Azure OpenAI Service to build Muse Chat, an AI assistant that makes game development easier. Muse Chat uses content-filtering models in Azure AI Content Safety to ensure responsible use of the software. Additionally, ASOS, a UK-based fashion retailer with nearly 900 brand partners, used the same built-in content filters in Azure AI Content Safety to support top-quality interactions through an AI app that helps customers find new looks.

We’re seeing the impact in the education space too. New York City Public Schools partnered with Microsoft to develop a chat system that is safe and appropriate for the education context, which they are now piloting in schools. The South Australia Department for Education similarly brought generative AI into the classroom with EdChat, relying on the same infrastructure to ensure safe use for students and teachers.

Privacy. Data is at the foundation of AI, and Microsoft’s priority is to help ensure customer data is protected and compliant through our long-standing privacy principles, which include user control, transparency and legal and regulatory protections. To build on this, today we’re announcing:

• Confidential inferencing in preview in our Azure OpenAI Service Whisper model, so customers can develop generative AI applications that support verifiable end-to-end privacy. Confidential inferencing ensures that sensitive customer data remains secure and private during the inferencing process, which is when a trained AI model makes predictions or decisions based on new data. This is especially important for highly regulated industries, such as health care, financial services, retail, manufacturing and energy.
• The general availability of Azure Confidential VMs with NVIDIA H100 Tensor Core GPUs, which allow customers to secure data directly on the GPU. This builds on our confidential computing solutions, which ensure customer data stays encrypted and protected in a secure environment so that no one gains access to the information or system without permission.
• Azure OpenAI Data Zones for the EU and U.S. are coming soon and build on the existing data residency provided by Azure OpenAI Service by making it easier to manage the data processing and storage of generative AI applications. This new functionality offers customers the flexibility of scaling generative AI applications across all Azure regions within a geography, while giving them the control of data processing and storage within the EU or U.S.

We’ve seen increasing customer interest in confidential computing and excitement for confidential GPUs, including from application security provider F5, which is using Azure Confidential VMs with NVIDIA H100 Tensor Core GPUs to build advanced AI-powered security solutions, while ensuring confidentiality of the data its models are analyzing. And multinational banking corporation Royal Bank of Canada (RBC) has integrated Azure confidential computing into their own platform to analyze encrypted data while preserving customer privacy. With the general availability of Azure Confidential VMs with NVIDIA H100 Tensor Core GPUs, RBC can now use these advanced AI tools to work more efficiently and develop more powerful AI models.

Achieve more with Trustworthy AI 

We all need and expect AI we can trust. We’ve seen what’s possible when people are empowered to use AI in a trusted way, from enriching employee experiences and reshaping business processes to reinventing customer engagement and reimagining our everyday lives. With new capabilities that improve security, safety and privacy, we continue to enable customers to use and build trustworthy AI solutions that help every person and organization on the planet achieve more. Ultimately, Trustworthy AI encompasses all that we do at Microsoft and it’s essential to our mission as we work to expand opportunity, earn trust, protect fundamental rights and advance sustainability across everything we do.

Related:

Commitments

• Security: Secure Future Initiative  
• Privacy: Trust Center 
• Safety: Responsible AI Principles

Capabilities

• Security: Security for AI
• Privacy: Azure Confidential Computing
• Safety: Azure AI Content Safety

The post Microsoft Trustworthy AI: Unlocking human potential starts with trust    appeared first on Microsoft Security Blog.

A focus on security above all else 

At Microsoft, we recognize our unique responsibility in safeguarding the future for our customers and community. As a result, every individual at Microsoft plays a pivotal role to “prioritize security above all else.” We’ve made significant progress in fostering a security-first culture. Some of the main updates include:  

• To improve governance, we announced the creation of a new Cybersecurity Governance Council and the appointment of Deputy Chief Information Security Officers (Deputy CISOs) for key security functions and all engineering divisions. Led by our CISO Igor Tsyganskiy, the Deputy CISOs form the Cybersecurity Governance Council, and are responsible for the company’s overall cyber risk, defense, and compliance.  

• Security is now a core priority for all employees at Microsoft and will be included in their performance reviews. This will empower every employee and manager to commit to—and be accountable for—prioritizing security, and a way for us to codify an employee’s contributions to SFI and celebrate impact.  

• We launched the Security Skilling Academy, a personalized learning experience of security-specific, curated trainings for all employees worldwide. The academy ensures that no matter the role, employees are equipped to prioritize security in their daily work and identify the direct part they have in securing Microsoft.  

• To ensure accountability and transparency at the highest levels, Microsoft’s senior leadership team reviews SFI progress weekly and updates are provided to Microsoft’s Board of Directors quarterly. Additionally, Microsoft’s senior leadership team now has security performance directly linked to compensation.  

Pillar highlights: A comprehensive approach to cybersecurity 

We’ve also made progress across our six key pillars, each representing a critical area of cybersecurity focus. These pillars guide our ongoing work to raise the bar for security across Microsoft and help us meet the evolving demands of the security landscape. These are the most recent updates across these areas:

1. Protect identities and secrets: We completed updates to Microsoft Entra ID and Microsoft Account (MSA) for our public and United States government clouds to generate, store, and automatically rotate access token signing keys using the Azure Managed Hardware Security Module (HSM) service. We have continued to drive broad adoption of our standard identity SDKs, which provide consistent validation of security tokens. This standardized validation now covers more than 73% of tokens issued by Microsoft Entra ID for Microsoft owned applications. We have extended standardized security token logging in our standard identity SDKs to support threat hunting and detections and enabled those in several critical services ahead of broad adoption. We completed enforcement of the use of phishing-resistant credentials in our production environments and implemented video-based user verification for 95% of Microsoft internal users in our productivity environments to eliminate password sharing during setup and recovery.  

2. Protect tenants and isolate production systems: We completed a full iteration of app lifecycle management for all of our production and productivity tenants, eliminating 730,000 unused apps. We eliminated 5.75 million inactive tenants, drastically reducing the potential cyberattack surface. We implemented a new system to streamline the creation of testing and experimentation tenants with secure defaults and strict lifetime management enforced. We have deployed more than 15,000 new production-ready locked-down devices in the last three months.  

3. Protect networks: More than 99% of physical assets on the production network are recorded in a central inventory system, which enriches asset inventory with ownership and firmware compliance tracking. Virtual networks with backend connectivity are isolated from the Microsoft corporate network and subject to complete security reviews to reduce lateral movement. To help customers secure their own deployments, we have expanded platform capabilities such as Admin Rules to ease the network isolation of platform as a service (PaaS) resources such as Azure Storage, SQL, Cosmos DB, and Key Vault. 

4. Protect engineering systems: 85% of our production build pipelines for the commercial cloud are now using centrally governed pipeline templates, making deployments more consistent, efficient, and trustworthy. We have slimmed down the lifespan of Personal Access Tokens to seven days, disabled Secure Shell (SSH) protocol access for all Microsoft internal engineering repos, and significantly reduced the number for elevated roles with access to engineering systems. We also implemented proof of presence checks for critical chokepoints in our software development code flow. 

5. Monitor and detect threats: We have made significant progress enforcing that all Microsoft production infrastructure and services adopt standard libraries for security audit logs, to ensure relevant telemetry is emitted, and retain logs for a minimum of two years. For instance, we have established central management and a two-year retention period for identity infrastructure security audit logs, encompassing all security audit events throughout the lifecycle of current signing keys. Similarly, more than 99% of network devices are now enabled with centralized security log collection and retention. 

6. Accelerate response and remediation: We updated processes across Microsoft to improve time to mitigate for critical cloud vulnerabilities. We began publishing critical cloud vulnerabilities as common vulnerability and exposures (CVEs), even if no customer action is required, to improve transparency. We established the Customer Security Management Office (CSMO) to improve public messaging and customer engagement for security incidents.  

Reaffirming our security commitment 

In security, consistent progress is more important than “perfection” and this is reflected in the scale of resources mobilized to achieve our SFI objectives. The collective work we are doing to continually increase protection, eliminate legacy or noncompliant assets, and identify remaining systems for monitoring conclusively measures our success. As we look ahead, we remain committed to ongoing improvement. SFI will continue to evolve, adapting to new cyberthreats and refining our security practices. Our commitment to transparency and industry collaboration remains unwavering. Earlier in 2024, Microsoft became a major supporter of the United States Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge, reinforcing our dedication to embedding security into every aspect of our products and services. Additionally, we continue to integrate recommendations from the Cyber Safety Review Board (CSRB) to strengthen our cybersecurity approach and enhance resilience. 

The work we’ve done so far is only the beginning. We know that cyberthreats will continue to evolve, and we must evolve with them. By fostering this culture of continuous learning and improvement, we are building a future where security is not just a feature, but a foundation. 

SFI Progress Report

Discover the key updates and milestones from the first SFI Progress Report.  

Read the report

​​Learn more

To learn more about Microsoft Security solutions and Microsoft’s Secure Future Initiative, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post ​​Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI) appeared first on Microsoft Security Blog.

We are excited to share that Microsoft has again been ranked number one in market share in the IDC Worldwide Modern Endpoint Security Market Shares, 2023: Evolving to Address New Work Modalities (doc #US52341924, June 2024).

And with more than 25.8% of the market share, Microsoft has the endpoint security solution more customers use to defend their multiplatform devices than any other vendor. As depicted in Figure 1, that’s a 40.7% increase in share over the previous year. Thanks to the invaluable partnership with organizations of all sizes around the globe, this distinction comes in addition to Microsoft being recognized as a Leader in the 2024 IDC MarketScape reports for Worldwide Modern Endpoint Security across all three segments—enterprise², midsize³, and small businesses⁴—the only vendor positioned in the “Leaders” category in all three reports. 

Microsoft Defender for Endpoint

Help secure endpoints with industry-leading, multiplatform detection and response.

Learn more

Disrupt ransomware on any platform

For enterprises, Microsoft Defender for Endpoint delivers AI-powered endpoint security with industry-leading, multiplatform threat detection and response across all devices—spanning client, mobile, Internet of Things (IoT), and servers. It is purpose-built to protect against the unique threat profiles per platform including Windows, macOS, Linux, Android, and iOS. It’s a comprehensive endpoint security platform that helps fend off known and emerging cyberattacks, with capabilities that include:

• Vulnerability management.
• Protections tailored to each operating system.
• Next-generation antivirus.
• Built-in, auto-deployed deception techniques.
• Endpoint detection and response.
• Automatic attack disruption of ransomware.

And with more than 78 trillion daily signals and insights from more than 10,000 world-class experts, you can quickly detect, protect, respond to, and proactively hunt for cyberthreats to keep intruders at bay.⁵ Plus, its automatic attack disruption capabilities stop sophisticated attacks with high confidence, so you can disrupt cyberthreats early in the cyberattack chain and block lateral movement of bad actors across your devices.

For small and medium-sized businesses (SMBs), Microsoft Defender for Business goes beyond traditional antivirus protection. Defender for Business delivers many of the enterprise-grade security features from Defender for Endpoint in a way that is easy for SMBs to use without requiring security expertise. 70% of organizations encountering human-operated ransomware attacks have fewer than 500 employees, so choosing the right endpoint protection is imperative.¹ Defender for Business is designed to help you save money by consolidating multiple products into one security solution that’s optimized for your business—and includes out-of-the-box policies that streamline onboarding, simplified management controls for security operations, and monthly security summary reports to help you understand your security posture.

Stay one step ahead of the evolving threat landscape

Defender for Endpoint is core to Microsoft Defender XDR, making it seamless to extend the scope of your organization’s cyberthreat detection to include other layers of your security stack with incident-level visibility across the cyberattack chain. Disrupt advanced cyberattacks and accelerate response—across endpoints, IoT, hybrid identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.

Built-in, security-specific generative AI with Microsoft Copilot for Security makes it easy for security analysts to rapidly investigate and respond to incidents and help them learn new skills such as quickly reverse-engineering malicious scripts, getting guided response actions, using natural language to do advanced hunting, and more. Copilot is now embedded in Microsoft Defender XDR for Copilot customers.

Learn more

If you are not yet using Microsoft Defender for Endpoint, learn more on our website. If you a regular user of Microsoft Defender for Endpoint, please review your experience on Gartner Peer Insights™ and get a $25 gift card.

If your organization has less than 300 users, we also encourage you to explore Microsoft 365 Business Premium and Defender for Business.  

Learn how to supercharge your security operations with Microsoft Defender XDR.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2023.

²IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2024 Vendor Assessment (doc #US50521223, January 2024).

³IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024).

⁴IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses 2024 Vendor Assessment (doc #US50521424, March 2024).

⁵Microsoft Threat Intelligence.

The post Microsoft again ranked number one in modern endpoint security market share appeared first on Microsoft Security Blog.

While the Zero Trust security model is continuing to gain momentum, customers regularly ask for guidance on how to deploy this model effectively using today’s available technology. Microsoft participating in an ongoing collaboration led by the National Institute of Standards and Technology’s (NIST’s) NCCoE. Microsoft joined this effort to support this important mission and to help answer our customer’s need for references on Zero Trust implementations.   

Since 2022, the NCCoE has collaborated with 24 vendors, including Microsoft, on developing a practice guide with practical steps for organizations eager to implement cybersecurity reference designs for Zero Trust. Zero Trust principles include assuming compromise (assuming breach) to drive a holistic and practical security approach, verifying trust explicitly before granting access to assets, and limiting the blast radius by granting the least privilege necessary. The Zero Trust model describes a collaborative comprehensive approach for end-to-end security that is required to keep up with continuous changes in threats, technology, and business.

“The NCCoE strives to launch initiatives that directly benefit organizations facing modern cybersecurity challenges. The lessons learned from integrating various products and services contributed by collaborators like Microsoft is an invaluable contribution toward this effort.”

—Alper Kerman of NIST

Security isn’t easy—it’s always been an extremely complex and challenging discipline and Zero Trust is now transforming how many aspects of that discipline are done. While there is much more to do, we are encouraged by seeing customers make rapid progress on Zero Trust and getting meaningful benefits from it.

NIST: Implementing a Zero Trust Architecture

This guide from NIST shares practical guidance to implement Zero Trust from the NCCoE labs.

Read the guide

Microsoft and the NIST NCCoE: United in prioritizing Zero Trust model

Both Microsoft and the NCCoE have been strong advocates of the Zero Trust model for years. This diagram illustrates how Microsoft technology maps to the NIST Zero Trust model:

NIST’s role in cybersecurity cannot be overstated. In addition to publishing security standards for decades, NIST’s collaborative hub, called the NCCoE, has brought clarity on how to design and implement Zero Trust by publishing how-to guides, practice guides, and business case examples.  

“The NCCoE is dedicated to helping organizations strengthen their cybersecurity. A major way we do this is by translating existing security standards into example implementation guidance, so organizations know exactly what they need to do to protect their most critical assets. By simplifying the process, we can get more organizations benefiting from Zero Trust principles.”

—Alper Kerman of NIST

The Microsoft and NIST NCCoE collaboration

Microsoft has participated for decades in NIST’s open and transparent process for standards development and in particular supported NIST NCCoE ‘s mission to develop practical, interoperable cybersecurity approaches that show how the components of Zero Trust architectures can securely mitigate risks and meet industry sectors’ compliance requirements. Microsoft has been impressed by NIST’s role serving as a credible and clear voice in the security industry. When we found out about this latest collaboration opportunity, we knew we wanted to play a part. 

In October 2020, when the NCCoE sought industry partners to support the implementation of the Zero Trust architecture project, we jumped at the opportunity. The NCCoE’s Zero Trust architecture project is its largest to date with 24 participating organizations, seventeen different builds, and a rich set of practical documentation. The goal of this NCCoE project is to demonstrate several example zero trust architecture solutions—applied to a conventional, general-purpose enterprise IT infrastructure—that are designed and deployed according to the concepts and tenets documented in NIST Special Publication (SP) 800-207, Zero Trust Architecture. The documents from this work effectively demonstrate how to practically implement Zero Trust principles using today’s technology.  

The project addresses several common scenarios you may face: 

• An employee seeks access to corporate resources to complete their work.
• An employee seeks access to internet resources from enterprise devices to complete tasks. 
• A contractor tries to access corporate resources and internet resources. 
• Servers within an enterprise are communicating with each other. 
• An organization is collaborating with a business partner and wants to securely access specific resources. 
• An organization wants to integrate monitoring and security information and event management (SIEM) systems with the policy engine for more precise trust scores.

As part of this effort, the NCCoE just announced the general availability of the Zero Trust Architecture 1800-35 practice guide in conjunction with the Zero Trust architecture project. The practice guide details a standards-based implementation of Zero Trust architecture. The guide offers a learning pathway to greater understanding of the Zero Trust security model, and includes practical use cases and various example implementations and associated documentation. It was developed to be simple, usable, and practical.

Collaboration brings learning and value

These resources help Microsoft customers support end-to-end integrations that lead to significant value over time. Our Zero Trust implementation with the NCCoE has already helped us evolve Microsoft technology and guidance for a successful Zero Trust product deployment and will continue to do so. 

What the future of Zero Trust will bring

Both Microsoft and NIST are investigating opportunities to leverage this foundational work to support other use case scenarios that will benefit from ZT deployment model. Microsoft is excited by the government’s deep commitment to Zero Trust architecture and have been closely monitoring US Executive Order 14028 on Cybersecurity and the OMB Implementation Strategy.

Microsoft is continuously working to achieve an integrated set of offerings to enable customers to more easily and comprehensively address the security challenges they face. Microsoft is also continuously integrating lessons learned from cyberattacks on ourselves as well as on our customer into our guidance and technology. The growth of AI and its close relationship to Zero Trust make this transformation an even more critical effort—a network perimeter can’t secure your AI or your data.

Explore strategies for implementing Zero Trust

We know that adopting a Zero Trust approach is challenging as it requires a shift in mindset, strategy, and architecture as well as a lot of engineering work. We are encouraged by the positive progress and feedback from our customers on this journey, from industry analysts, and other sources. Microsoft is working to ease these challenges through NIST’s NCCoE Zero Trust Architecture consortium, with our Security Adoption Framework (SAF), The Open Group Zero Trust Standards, and other security guidance. 

Learn more

Learn more about Zero Trust.

You can follow Mark Simos on LinkedIn and explore Mark’s List of commonly shared cybersecurity resources.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

About the National Cybersecurity Center of Excellence

The NCCoE, a part of NIST, is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under CRADAs, including technology partners—from Fortune 50 market leaders to smaller companies specializing in information technology and operational technology security—the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions by using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to re-create the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Maryland. Information is available at https://www.nccoe.nist.gov.

The post How Microsoft and NIST are collaborating to advance the Zero Trust Implementation appeared first on Microsoft Security Blog.

We are also excited to announce new innovations including an embedded Copilot in Microsoft Purview experience for data governance, deeper integrations with Microsoft Fabric, and broadening our partner network to help organizations confidently activate their data estate. In this post, we will highlight the growing challenges facing today’s data landscape and explore how Microsoft Purview Data Governance is helping customers establish a federated data-driven culture.

Microsoft Purview

Secure and govern data across your data estate while reducing risk and meeting compliance requirements.

Learn more

Security and governance have become a team sport

In today’s world, the sophistication of cyberattacks, increasing regulations, an ever-expanding data estate, and business demand for insights are converging. This convergence pressurizes business leaders to adopt a unified strategy to confidently ensure AI readiness. Microsoft Purview is a comprehensive set of solutions that can help organizations secure, govern, and manage their data, wherever it lives. The unification of data security and governance capabilities in Microsoft Purview reflects our belief that our customers need a simpler approach to data. Microsoft Purview’s modern data governance solution addresses the challenges of the AI era with a business-friendly solution that empowers organizations to confidently democratize their data.

Governing data has been easier said than done

The practice of data governance is not just about technology. It starts with people and processes. Without a clear vision, strategy, and roadmap, organizations often struggle to align stakeholders, define roles, and communicate the benefits of data governance across the organization. This can result in low adoption and resistance to change. Data leaders encounter four primary challenges when implementing governance solutions:

1. Fragmentation—Organizations find themselves using multiple tools to govern data. This can generate blind spots and lead to difficulties maintaining consistent data quality, security, and compliance.
2. Labor-intensive tasks—Processes such as data classification, metadata management, and compliance reporting can be manual and time consuming.
3. Centralized governance—A centralized approach stifles innovation and leads to shadow business intelligence where business units—often sales and marketing teams—resort to their own unauthorized tools.
4. Technical interfaces—A poor user experience for business units can block their participation, leaving the practice of data governance centralized around IT.

Microsoft Purview Data Governance: a solution for the era of AI

About a decade ago, Microsoft’s Senior Leadership team, led by Chief Executive Officer Satya Nadella, asked a team of senior leaders, “Do we know where all of our data lives?” The question was difficult to answer. Like many organizations, our data was kept in silos, contributing to a lack of visibility and governance. This realization created an urgency for Microsoft to solve this problem in a way that could help our own business and our customers. We needed to streamline data visibility, management and access.

The biggest cultural change was the shift from a centralized approach to a federated governance structure with central guidance, training, and policies. This allowed individual business units to manage their own data quality while staying in sync with the main data office to maintain policy efficacy. This federated approach combined with the right technology tilts the scale in favor of the business, enabling every user to leverage high quality, trusted data. The re-imagined solution is grounded in years of applied learning and proven practices from navigating our own data transformation journey. Our vision for the new data governance solution is based on the following design principles: 

AI-powered—To eliminate the drudgery of tasks surrounding manual classification and tagging of data, AI has been infused at every layer of the experience to help automate manual tasks and accelerate data curation, data management, and data discovery. For example, data stewards can now generate data quality rules automatically, saving hours of manual work. Data consumers can quickly find data products by specifying the data they are looking for in their natural language. With the power of AI, you can automate tasks like assigning business domains, providing glossary terms, and setting data quality rules and objectives and key results (OKRs) to make your data easily discoverable by the line of business users.

Figure 1. AI-powered data discovery in Microsoft Purview Data Governance.

Business-friendly—Designed with the user in mind, the new experience supports multiple functions across an organization with clear role definitions. The Data Catalog is an enterprise repository to help data stewards (people responsible for data governance) and data owners (people handling day-to-day maintenance of data) curate assets and enable responsible democratization of data. Within the experience, the data health capability was purpose-built for the data office to ensure data quality, alignment with industry standards (for example, Cloud Data Management Capabilities framework), and built-in reports to assess the health of the governance practice across the organization. For example, customers can easily define and organize data with business domains (such as finance and claims) and set OKRs to link business objectives to the Data Catalog.

Figure 2. Business-friendly browsing experience in the Data Catalog.

Unified—The unified experience reduces the need for fragmented point solutions. The integrated Microsoft Purview portal provides a centralized solution for data classification, labeling, lineage, audit logging, and management across a variety of platforms, including the built-in integration with Microsoft Fabric to ensure a best-in-class governance experience as you bring your data into the era of AI. The new experience also offers comprehensive data governance capabilities such as the extraction of metadata, scanning, and data quality across additional sources including SQL, ADLS, Synapse Analytics, and Azure Databricks, as well as third-party sources such as Snowflake. This streamlines the process, saving both time and the expense of integrating disparate solutions. Additionally, the new solution enables visibility across the health of your data assets, providing insights into curated data in your catalog, classification status, and sensitivity labels. Lastly, the solution includes built-in workflow capabilities to help you efficiently assign action owners to improve your governance posture.

Figure 3. Built-in workflows to improve governance posture.

“Embracing Microsoft Purview Data Governance has been a game-changer for Vanderlande. As a preview customer over the past 18 months, we’ve witnessed Microsoft Purview’s remarkable growth and the eagerness of Microsoft to bring a state-of-the-art governance solution to the market. Based on the general availability, we will start the implementation of these capabilities across our global organization.”

—Geert-Jan Verdonk, Data Governance Lead, Vanderlande (a Toyota automated logistics company)

New capabilities coming with general availability

Copilot embedded experience in Microsoft Purview (Preview)—We are introducing Copilot capabilities within the Data Governance experience to guide customers in getting started with the solution. This experience will recommend proven best practices to create an enterprise catalog, helping data professionals quickly discover, curate, and manage their data.

Deeper Microsoft Fabric integration (Preview)—As part of our tight integration with Microsoft Fabric, we are excited to announce the ability to build your own custom reports out of Fabric data. In addition, the data quality feature will now support any Microsoft Fabric source, whether it is mirrored or shortcut. If a source is supported by Fabric, Microsoft Purview can now scan it and use it as part of its data quality rules.

Broadening our partner network—As we announced in March 2024, a modern data governance solution integrates across your digital estate. We are excited to announce two more partners to our ecosystem: ER Studio (an Idera company) for data modeling and RELTIO for master data management. Additionally, CluedIn, Profisee, Semarchy, and Solidatus have their integrations live in Azure Marketplace today.

Try it today

Please log on to the Microsoft Purview portal and give the data governance experience within the “Data Catalog” icon a try. If you want to learn more, please access the following resources:

• Microsoft Purview Data Governance learning docs.
• Webinar: Fabric + Purview webinar—The CDO Dilemma.
• Visit the Microsoft Purview Data Governance website.
• Visit us at the CDOIQ Symposium at MIT in Massachusetts from July 16 to18, 2024.
• Blog: Modern Data Governance for the era of AI.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Purview Data Governance will be generally available September 1, 2024 appeared first on Microsoft Security Blog.