Alongside applauding our partners’ achievements, we highlighted the transformative impact of AI in security. AI is the defining technology of our time, revolutionizing how we anticipate, prevent, and respond to threats. MISA—a coalition of Microsoft leaders and subject matter experts, independent software vendors (ISVs), and managed security service providers (MSSPs)—and its members play a pivotal role in driving this evolution, ensuring a safer digital future for everyone.

Together, we work to defend organizations around the world from increasing cyberthreats. In San Francisco, California, on May 6, 2024, the first day of RSA Conference 2024 (RSAC), we were honored to bring together MISA members and Microsoft Security leadership to honor the top finalists and announce award winners.

“I’m so pleased to congratulate this year’s Microsoft Security Excellence awards recipients and to acknowledge all those who were nominated,” said Vasu Jakkal, Corporate Vice President, Microsoft Security Business. “Our partner community plays such an important role in helping our customers navigate a rapidly evolving cybersecurity landscape. Each of this year’s recipients demonstrates true innovation and an inspiring dedication to the mission of security. We are so proud to work alongside them in a shared commitment to building a safer world for everyone.”

Celebrating innovation and impact

This year we streamlined the award categories to spotlight the achievements that not only redefine our industry but also significantly advance our collective mission towards a more secure and efficient digital future.

We also introduced a new award category: the Endpoint Management Trailblazer, which celebrates partners’ contributions to modernizing endpoint and device management. As the landscape of cyberthreats continues to evolve, the security perimeter of organizations extends beyond traditional boundaries, making endpoint management more critical than ever.

Effective endpoint and device management ensures that every device connected to an organization’s network is continuously monitored and secured, reducing the risk of breaches. This not only includes safeguarding the devices themselves but also involves managing access to networks and data in a way that keeps up with the dynamic nature of cyberthreats.

By spotlighting our partners who excel in this area, we aim to underscore the importance of adopting forward-thinking security measures that align with the modern workplace’s needs, ultimately fostering a safer and more resilient digital environment for businesses and their stakeholders.

Meet the leaders behind this year’s awards

Executives from across Microsoft came together to recognize and celebrate all the award winner finalists and winners, including:

Security Trailblazer: Alym Rayani, Vice President Security GTM.

Compliance and Privacy Trailblazer: Herain Oberoi, General Manager, Data Security, Governance, Compliance, and Privacy.

Identity Trailblazer: Irina Nechaeva, General Manager, Identity and Network Access; and Morgan Webb, Principle Group Manager, Security Customer Experience Engineering.

Endpoint Management Trailblazer: Dilip Radhakrishnan, General Manager, Microsoft Intune.

Security Customer Champion: Jeffrey York, Vice President, Security Partner Investments and Incentives.

Security Changemaker: Ann Choi, General Manager, Commercial Cloud Partner Strategy.

Diversity in Security: Tara Knapp, Director, Security Business Development; and Tara Ragan, Channel Strategy and Operations Manager, Lighthouse.

Security MSSP of the Year: Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

Security ISV of the Year: Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

2024 Security Excellence Award winners

In line with this year’s theme focused on the evolution of cybersecurity, we’re proud to spotlight the key role of innovative technology and dedicated individuals in shaping a more secure future. After receiving many impressive award nominations, our review panel shortlisted five nominees for each category, with winners determined by votes from Microsoft and MISA members. The finalists and winners in each category are:

Security Trailblazer 

Partners that have delivered innovative solutions or services that leverage the full Microsoft range of security products and have proven to be outstanding leaders in accelerating customers’ efforts to mitigate cybersecurity threats.

• Bulletproof—Winner
• Atech Cloud
• BlueVoyant
• Kovrr
• Performanta

Compliance and Privacy Trailblazer

Partners that deliver innovative solutions or services and are distinguished leaders in driving holistic or end-to-end Microsoft compliance or privacy strategy with customers.

• Lighthouse—Winner
• archTIS
• Infotechtion
• PwC
• Secude

Identity Trailblazer

Partners that are leaders in the identity space, have driven identity-related initiatives, and delivered innovative solutions or services with Microsoft Entra ID.

• Thales—Winner
• InSpark
• Oxford Computer Group
• Valence Security
• Wipro

Endpoint Management Trailblazer

Partners that have proven expertise in helping customers modernize their endpoint and device management posture while enabling organizations to reduce costs.

• water IT Security—Winner
• CGI
• Insight
• Senserva
• Synergy Advisors

Security Customer Champion

Partners that go above and beyond to drive customer impact and that have a proven track record of customer obsession and success.

• Ascent Solutions—Winner
• Protiviti
• PwC
• Quorum Cyber
• Tanium

Security Changemaker

Individuals within partner organizations who have made a remarkable security contribution to the company or the larger security community.

• Anna Webb, Kocho—Winner
• Adrianna Chen, D3 Security
• Ricardo Nicolini, Bulletproof
• Scott Edwards, Summit 7
• Tom Boltman, Kovrr

Diversity in Security

Partners that have demonstrated a significant commitment to enhancing diversity, equity, and inclusion to better serve security customers and foster change in the industry.

• Avanade—Winner
• Check Point
• CyberProof a UST Company
• Entrust
• Eviden

Security MSSP of the Year  

MSSPs that are all-around powerhouses with strong integration between Microsoft products and ongoing managed security services that drive the end-to-end Microsoft Security stack to our mutual customers.       

• Wortell—Winner
• Difenda
• glueckkanja AG
• Quorum Cyber
• Transparity

Security ISV of the Year

ISVs that are all-around powerhouses, show growth potential, and have innovative security solutions that integrate with a MISA-qualifying security product.

• ContraForce—Winner
• Kovrr
• Netskope
• Senserva
• Silverfort

We’re ready for what’s next 

This was an amazing evening, bringing together MISA members, Microsoft executives, and future security experts. Many thanks to all who came, and congratulations again to all our finalists and winners. One constant within the ever-changing world of cybersecurity is the way our community comes together to protect and empower customers. We look forward to seeing everything you accomplish in the upcoming year. 

If you’re at RSA Conference May 6-9, 2024, come and visit us at the Microsoft Booth 6044 North Expo where MISA members will be showcasing their solutions at our MISA demo station and the Microsoft Theater. We’d love to see you at the following Theater sessions: 

• ContraForce and Bulletproof—Hyperautomation for SecOps Service Management. Tuesday, May 7, 2024, 5:00 PM PT to 5:20 PM PT.
• glueckkanja AG—Use Microsoft Copilot for Security to bring context to your incidents. Tuesday, May 7, 2024, 5:30 PM PT to 5:50 PM PT.  
• Kovrr—The need for Shift Up Strategy: Financially Quantifying C-Suite Cyber Risk Management Decisions. Wednesday, May 8, 2024, 5:00 PM PT to 5:20 PM PT. 
• Darktrace—Combining the power of Darktrace & Microsoft Copilot for Security to Empower the Modern SOC. Wednesday, May 8, 2024, 5:30 PM PT to 5:50 PM PT.
• Avanade—Real world stories of using Microsoft Purview Data Protection to enable responsible adoption of Copilot for Microsoft 365. ​Thursday May 9, 2024, 10:30 AM PT to 10:50 AM PT. 

Learn more

Learn more about the Microsoft Intelligent Security Association.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft announces the 2024 Microsoft Security Excellence Awards winners appeared first on Microsoft Security Blog.

Software as a service (SaaS) adoption has accelerated at a lightning speed, enabling collaboration, automation, and innovation for businesses large and small across every industry vertical—from government, education, financial service to tech companies. Every SaaS application is now expanding its offering to allow better integration with the enterprise ecosystem and advanced collaboration features, becoming more of a “platform” than an “application.” To further complicate the security landscape, business users are managing these SaaS applications with little to no security oversight, creating a decentralized administration model. All this is leading to a growing risk surface with complex misconfigurations that can expose organization’s identities, sensitive data, and business processes to malicious actors. 

To combat this challenge, Valence and Microsoft Security work together to ensure that SaaS applications are configured according to the best security practices and improve the security posture of identities configured in each individual SaaS application. Together, Valence and Microsoft:  

• Centrally manage SaaS identities permissions and access.
• Enforce strong authentication by ensuring proper MFA (multi-factor authentication) and SSO (single sign-on) enrollment and managing local SaaS users.
• Detect and revoke unauthorized non-human SaaS identities such as APIs, service accounts, and tokens.
• Incorporate SaaS threat detection capabilities to improve SaaS incident response.

As most of the sensitive corporate data shifted from on-prem devices to the cloud, security teams need to ensure they manage the risks of how this data is being accessed and managed. Integrating Valence’s SaaS Security with the Microsoft Security ecosystem now provides a winning solution. 

SaaS applications are prime targets  

Recent high profile breaches have shown that attackers are targeting SaaS applications and are leveraging misconfigurations and human errors to gain high privilege access to sensitive applications and data. While many organizations have implemented SSO and MFA as their main line of defense when it comes to SaaS, recent major breaches have proven otherwise. Attackers have identified that MFA fatigue, social engineering and targeting the SaaS providers themselves can bypass many of the existing mechanisms that security teams have put in place. These add to high-profile breaches where attackers leveraged legitimate third-party open authorization (OAuth) tokens to gain unauthorized access to SaaS applications, and many more attack examples. 

State of SaaS security risks 

According to our 2023 SaaS Security Report which analyzed real SaaS environments to measure their security posture before they implemented an effective SaaS security program. The results showed that every organization didn’t enforce MFA on 100% of their identities—there are some exceptions, such as service accounts, contractors, and shared accounts, or simply lack of effective monitoring of drift. In addition, one out of eight SaaS accounts are dormant and not actively used. Offboarding users is not only important to save costs, but attackers also like to target these accounts for account takeover attacks since they are typically less monitored. Other key stats were that 90% of externally shared files haven’t been used by external collaborators for at least 90 days and that every organization has granted multiple third-party vendors organization-wide access to their emails, files, and calendars. 

Figure 1. Top SaaS Security gaps identified in the 2023 State of SaaS Security Report.

Holistic SaaS security strategy 

Establishing a holistic SaaS security strategy requires to bring together many elements—from shadow SaaS discovery, through strong authentication, identity management of both humans and non-humans, managing and remediating SaaS misconfigurations, enforcing data leakage prevention policies, and finally, establishing scalable incident response. Valence and Microsoft take security teams one step further toward a more holistic approach. 

Valence joined the Microsoft Intelligence Security Association (MISA) and integrated with Microsoft security products—Microsoft Entra ID and ​​​​Microsoft Sentinel—to enhance customers’ capabilities to manage their SaaS risks, effectively remediate them, and respond to SaaS breaches. The Valence SaaS Security Platform provides insight and context on SaaS risks such as misconfigurations, identities, data shares, and SaaS-to-SaaS integrations. Extending existing controls with SaaS Security Posture Management (SSPM) capabilities and SaaS risk remediation capabilities. Valence is also a proud participant of the Partner Private Preview of Microsoft Copilot for Security. This involves working with Microsoft product teams to help shape Copilot for Security product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Copilot for Security’s extensibility. 

Figure 2. Illustrative data: The Valence Platform provides a single pane of glass to find and fix SaaS risk across four core use cases: data protection, SaaS to SaaS governance, identity security, and configuration management. 

Secure SaaS human and non-human identities

In the modern identity-first environment, most attackers focus on targeting high privilege users, dormant accounts, and other risks. Enforcing zero trust access has become a core strategy for many security teams. Security teams need to identify all the identities they need to secure. Microsoft Entra SSO management combined with Valence’s SaaS application monitoring—to detect accounts created—provides a holistic view into human identities and non-human (Enterprise Applications, service accounts, APIs, OAuth and 3rd party apps).  

Microsoft Entra ID centrally enforces strong authentication such as MFA and Valence discovers enforcement gaps or users that are not managed by the central SSO. Valence also monitors the SaaS applications themselves to discover the privileges granted to each identity and provides recommendations on how to enforce least privilege with minimal administrative access. To continuously validate verification based on risks, the final piece of zero trust strategy, Valence leverages the risky users and service principals signals from Microsoft Entra ID and combines them with signals from other SaaS applications for a holistic view into identity risks. 

Protect SaaS applications 

Microsoft has a wide SaaS offering that is fueling enterprise innovation. These services are central to core business functions and employee collaboration, cover many use cases, and are spread across multiple business units, but are tied together in many cases such as identity and access management, and therefore their security posture is often related as well. Managing the security posture of SaaS services can be complex because of the multiple configurations and the potential cross service effects that require security teams to build their expertise across a wide range of SaaS.  

Many security teams view SaaS apps as part of their more holistic view into SaaS security posture management and would like to create cross-SaaS security policies and enforce them. Valence’s platform integrates with Microsoft Entra ID and other SaaS services using Microsoft via Microsoft Graph to normalize the complex data sets and enable security teams to closely monitor the security posture of their SaaS applications in Microsoft alongside the rest of their SaaS environment. 

Enhance SaaS threat detection and incident response 

Improving SaaS security posture proactively reduces the chances of a breach, but unfortunately SaaS breaches can still occur, and organizations need to prepare their threat detection coverage and incident response plans. The built in human and non-human identity threat detection capabilities of Microsoft Entra ID, combined with Microsoft Sentinel log correlation and security automation, and Microsoft Copilot for Security’s advanced AI capabilities, create a powerful combination to detect and respond to threats. Valence expands existing detections from compromised endpoint and identity with important SaaS context—for example, did the compromise device belong to a SaaS admin user? Did the compromised identity perform suspicious activities in other SaaS applications? The expanded detections provide critical insights to prioritize and assess the blast radius of breaches. Additionally, Valence’s SaaS threat detection can trigger threat detection workflows in Microsoft products based on its unique indicator of compromise monitoring. 

Together, Valence and Microsoft combine the best of all worlds when it comes to SaaS security. From SaaS discovery, through SaaS security posture management, remediating risks, and detecting threats—Valence and Microsoft enable secure adoption of SaaS applications. Modern SaaS risks and security challenges require a holistic view into SaaS risk management and remediation. Get started today. 

About Valence Security 

Valence is a leading SaaS security company that combines SSPM and advanced remediation with business user collaboration to find and fix SaaS security risks. SaaS applications are becoming decentrally managed and more complex, which is introducing misconfiguration, identity, data, and SaaS-to-SaaS integration risks. The Valence SaaS Security Platform provides visibility and remediation capabilities for business-critical SaaS applications. With Valence, security teams can empower their business to securely adopt SaaS. Valence is backed by leading cybersecurity investors like Microsoft’s M12 and YL Ventures, and is trusted by leading organizations. Valence is available for purchase through Azure Marketplace. For more information, visit their website. 

Be among the first to hear about new products, capabilities, and offerings at Microsoft Secure digital event on March 13, 2024.​ Learn from industry luminaries and influencers. Register today.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products. 

​​To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post ​​Secure SaaS applications with Valence Security and Microsoft Security​​ appeared first on Microsoft Security Blog.

In a scenario familiar to many universities worldwide, Claremont Graduate University (CGU), a renowned research university located in Southern California, was struggling with how to bring Oracle PeopleSoft Campus Solutions into its Microsoft 365 and Microsoft Entra ID (formerly Azure Active Directory) environment and enable multifactor authentication and single sign-on (SSO) for students and staff who access Oracle PeopleSoft on a daily basis. The only option for the resource-strapped IT department seemed to be an expensive development effort until the university discovered Datawiza and accomplished its goal in just a few weeks.

CGU lacked security expertise and SDK programming experience to connect PeopleSoft to Microsoft Entra ID themselves. The IT team also lacked the resources to consult with PeopleSoft, Microsoft, and outside security resources, or had to hire a third party to do the project. The combination of Datawiza and Microsoft enabled CGU to quickly and easily connect PeopleSoft to Microsoft Entra ID and enable multifactor authentication and SSO. Datawiza swiftly crafted a proof of concept that CGU then thoroughly tested. Once approved, Datawiza promptly configured the solution to precisely suit the university’s needs, subsequently transitioning it to production.

Universities like CGU rely on PeopleSoft, one of the first client-server solutions introduced in the 1990s to store student records, which typically includes personally identifiable information (PII), such as social security numbers, credit card numbers, transcripts, schedules, financial aid history, and more. Though it remains a powerful and functional solution, PeopleSoft has no built-in support for modern security standards such as multifactor authentication or SSO, nor does it easily connect to Microsoft Entra ID to bridge the gap.

As a result, CGU students and staff needed to log into an application outside of their secure Microsoft account to access and update information in PeopleSoft. This led to confusion and frustration for them and significant ongoing support issues and trouble tickets related to password management. It also increased security risks as users who must remember multiple passwords are more likely to write them down and leave them where others can access them.

“With Datawiza, CGU was able to rapidly enhance security and improve the user experience for Oracle PeopleSoft through [multifactor authentication] and SSO without having to go through the time and expense of coding their own connector,” said Manoj Chitre, Associate Vice President and Chief Information Officer, Technology Services and Information Systems at Claremont Graduate University. “The response from students and staff has been tremendous. Users no longer need to maintain and remember a separate PeopleSoft password, and the number of trouble tickets related to PeopleSoft login issues has plummeted.”

Today, nearly 2,000 GCU students and staff access PeopleSoft through multifactor authentication and their single SSO password, completely eliminating the unnecessary security risk, as well as all the time and resource-consuming effort associated with IT having to maintain a separate password environment for PeopleSoft.

“Microsoft Entra ID is the flagship of our identity and access solutions which help organizations secure access to everything in a hybrid, multicloud world. We are pleased to see companies like Datawiza support this mission through the Microsoft Intelligent Security Association.” 

– Irina Nechaeva, General Manager, Identity, Microsoft

Datawiza, the Zero Trust Access Management Platform

Datawiza provides Microsoft Entra ID-based SSO and multifactor authentication integration with PeopleSoft using Security Assertion Markup Language (SAML) or OpenID Connect. The cloud-native, no-code or low-code Datawiza platform can be deployed in minutes and connected to PeopleSoft—and other legacy or on-premises applications—without the need for Oracle Access Manager or Oracle Identity Cloud Service and without any application patches or additional installations for the existing PeopleSoft deployment.

Once PeopleSoft is connected to Microsoft Entra ID, IT administrators can also easily apply existing Microsoft Entra Conditional Access policies to PeopleSoft.

Datawiza is a simple, highly secure platform consisting of two major components. The Datawiza Access Proxy (DAP) is a lightweight container-based proxy. DAP integrates with identity providers to enable SSO, multifactor authentication, and granular authorization. DAP can be deployed in a customer’s environment or hosted by the Datawiza Cloud. The Datawiza Cloud Management Console (DCMC) is a centralized console for configuring access policies. DCMC aggregates logs and provides visibility. Once the solution is set up and configured by Datawiza, IT administrators will only need to manage user access through the DCMC.

Datawiza: A trusted solution

Datawiza joined the Microsoft Intelligent Security Association Program (MISA) in February 2021, and the solution has previously been described in detail in a MISA blog post. Datawiza is also a fully managed service built by security experts, eliminating the need for a university’s IT team to deploy and manage a new solution or hire or contract with additional security expertise. This makes the combination of Datawiza and Microsoft the easiest and most powerful way to rapidly improve security and user access for the valuable data stored in PeopleSoft.

Microsoft Entra ID

Safeguard your organization with a cloud identity and access management solution that connects employees, customers, and partners to their apps, devices, and data.

Learn more and try free

Learn more

The Datawiza Platform is available in the Microsoft commercial marketplace. More information and a free trial are also available on the Datawiza website.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.    

Learn more about Microsoft Entra ID.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post How Datawiza uses Microsoft Entra ID to help universities simplify access appeared first on Microsoft Security Blog.

Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound impact on the identity and access management (IAM) postures of both companies. With a newly combined workforce, where does all the user information live? Where are the authentications going to be handled? What changes are going to be made for authorization to applications; will users have access to the apps of the other organization? All these problems must be solved quickly in order to provide continuous day-to-day operations in a secure way.

While most combined organizations aspire to eventually consolidate their identity systems, this is a challenging and time-consuming process. The untangling (and re-entangling) of dozens or hundreds of enterprise applications and their identity stacks takes time and deliberation. Meanwhile, there may be immense pressure from users and app owners for secure access to the appropriate apps, along with pressure from regulators and investors to unlock and demonstrate value from the combined organization. Not to mention the pressure from investors and the board to deliver immediate value after the transaction’s close.

As one of the most comprehensive and advanced IAM platforms available today, Microsoft Entra ID is often the choice to be the dominant set of identity services in the combined architecture. Microsoft strives to make the merger and acquisition process as easy as possible and works with Strata Identity for a seamless integration. Strata’s Maverics Identity Orchestration platform does this by acting as abstraction layer to accelerate and simplify the path to consolidation.

The identity challenges with mergers and acquisitions

Addressing IAM issues is one of the most pressing issues in a merger and acquisition scenario. Typically, other operational issues such as application workloads can continue to operate in their status quo indefinitely until such time as it makes sense to address them. The cybersecurity implications of user access, however, are immediate and need to be addressed quickly, whether this be through some sort of identity consolidation, or through a higher-level abstraction encompassing the existing systems.

One factor that makes a migration complex is the tendency for applications to be tightly coupled with their current identity provider (IdP). When creating an application, developers and app owners may end up writing code that is very specific to their current IdP. Switching that IdP is seldom trivial, especially for long-lived applications that may have been written against a now-legacy protocol, or may have “rolled their own” authentication and authorization. Very often this calls for a complete rewrite of the application; an onerous task that is particularly daunting years or decades after its inception, when the original app team may be long gone.

This makes the common natural approach of wholesale migration somewhat untenable, especially with the time constraints imposed by governance and regulation. Even disregarding those factors, the sheer expense of refactoring and rewriting a sizable portion of your application library—anything older than about five years is probably using an outdated security profile—is prohibitively expensive.

The end goal in a merger and acquisition scenario is to quickly (and cost effectively) transition to a unified and tractable IAM posture, despite having a mix of user pools, protocols, and applications tightly coupled. Such transitions often need to happen in weeks or months, whereas a wholesale rewrite-and-migration might take years.

Microsoft Entra ID

Safeguard your organization with a cloud identity and access management solution that connects employees, customers, and partners to their apps, devices, and data.

Learn more and try free

Addressing your merger and acquisition challenges with Microsoft Entra ID and Strata Identity

Strata Identity takes a different approach to the challenges of managing disparate identity systems during a merger or acquisition. Instead of focusing on a migration of identities, Strata’s Maverics Identity Orchestration Platform provides an abstraction layer on top of your apps, IdPs, and services to enable you to create your own identity fabric.

The Maverics Platform is composed of individual Orchestrators distributed throughout the target environment. These lightweight Orchestrators can live anywhere within the infrastructure on any operating system within Kubernetes clusters or just on standalone virtual machines. They act as a distributed mesh of control, able to pull identity information from any system—whether that be through directing for authentication or just pulling additional user information for an existing session—and convert identity information into the formats needed and expected by applications.

Importantly, this approach means that existing applications do not need to be refactored or rewritten as part of the identity consolidation process. Any application that cannot be trivially swapped over to a new source of identity information—and, importantly, that isn’t up-to-date on the very latest security practices—is simply harnessed by Maverics. It continues to consume identity information in the way that it has always known and Maverics handles the rest. Sessions that are allowed to flow through to the application have had the Microsoft Entra identity controls applied for both authentication and authorization before the traffic is permitted to reach the application in the first place. Even app owners have their burdens reduced significantly, being needed only for some basic smoke testing during a changeover.

This also allows for a deliberate and calculated roll out of changes to your infrastructure. No more stressful projects with hard cutover dates, with those long all-or-nothing weekend cutovers and the associated frantic testing of every application to make sure everything transitioned smoothly. Using the Maverics platform from Strata allows for measured incremental changes. Cutover a single application, at a time—or even a subset of an application’s users—and test with leisure.

Better yet, if any issues are found the rollback is trivial. Since Maverics is acting as an abstraction layer over the identity process, the swapping between user stores or IdPs is handled in one simple interface. The user is unlikely to notice any impact at all as changes are made—either to migrate to the new identity source or to roll back to the old configuration.

Another benefit of this approach is that user impacting changes can be rolled out with deliberation, giving users a chance to acclimate to any new process. Let’s say, for instance, that as part of your migration you need to add multifactor authentication to a body of users that didn’t use it previously. The identity abstraction layer allows you to notify your users of impending changes, and can even assist in the enrollment of the new security factors.

This abstraction layer lets Maverics serve as the single pane of glass through which you can view the combined identity systems, securely controlling all access while, at the same time, making the incremental updates and changes to move the locus of control from these disparate systems into Microsoft Entra ID.

Strata Identity: The last mile in mergers and acquisitions with Microsoft Entra ID

With Strata’s Maverics Orchestration Platform, mergers and acquisitions don’t have to be a long, risky, and labor-intensive effort. By adding an abstraction layer over the existing identity stacks, Strata makes shifting control of authentication and authorization over to Microsoft Entra ID seamless and simple, regardless of how complex and disjointed the previous implementation might have been. Strata also prevents the nightmare of having to rewrite all your apps, using its ability to harness legacy apps with modern identity protocols to save your team immense time and effort.

About Strata Identity

Strata Identity is a pioneer in Identity Orchestration for multicloud and hybrid cloud. The orchestration recipe-powered Maverics platform enables organizations to integrate and control incompatible identity systems with an identity fabric that does not change the user experience or require rewriting apps. By decoupling applications from identity, Maverics makes it possible to implement modern authentication, like passwordless, and enforce consistent access policies without refactoring apps.

The Maverics platform is available on the Azure Marketplace and is an IP co-sell Benefits Eligible solution.

Learn more

Learn more about Microsoft Entra ID.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.   

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions appeared first on Microsoft Security Blog.

Passwords are a security weakness and phishing attacks to exploit accounts protected by passwords are on the rise. The last 12 months have seen an average of more than 4,000 password attacks per second an almost threefold increase from the previous year, a phishing continues to be the preferred attack method by cybercriminals.¹ Clearly, better solutions are needed to help reduce reliance on passwords and increase security. Phishing-resistant multifactor authentication methods like certificate-based authentication (CBA) are proven to increase account security while decreasing reliance on passwords. Microsoft studies found that your account is more than 99.9 percent less likely to be compromised if you use multifactor authentication.² The power of Axiad Cloud complements Microsoft Azure Active Directory, now Microsoft Entra ID, with Axiad CBA for identity and access management (IAM) to prevent common phishing attacks by provisioning and managing phishing-resistant, passwordless credentials for users everywhere. Together, Axiad and Microsoft enable customers to secure entities, enhancing security and reducing IT complexity.

The rise in cyberattacks

Multifactor authentication fatigue has become increasingly popular among bad actors in recent years. Multifactor authentication fatigue involves flooding user authentication apps with push notification requests to authorize a sign-in. The goal is to frustrate users to the point where they accept one of the approval notifications typically to get the notifications to stop. Once that occurs, the attacker can gain access to the victim’s account. Sometimes these attacks become more sophisticated and add a social engineering or spear phishing component where an attacker will pose as an IT or help desk employee to a targeted victim and ask the victim to approve authentication through an app or ask for the victim’s one-time password (OTP) code. Both techniques can result in an organization losing money and damaging its reputation to remediate the attack.

One example of a high-profile multifactor authentication fatigue attack is the ridesharing platform breach by Lapsus$, a hacking group notorious for their social engineering attacks, that occurred in September 2022. According to an article by Infosecurity Magazine, one of the documents included in the breach may have contained email addresses and information for more than 77,000 employees.³

As IT environments become more complex and multilayered to combat cybersecurity attacks, authentication processes for applications, operating systems, and workplace locations are increasingly managed in silos. This leaves IT teams overwhelmed and organizations vulnerable to the attacks they are working to avoid.

Implementing CISA’s guidance for enhanced security

As bad actors have found ways to bypass some authentication protocols, many organizations are looking to enhance their security with phishing-resistant multifactor authentication. Cybersecurity and Infrastructure Security Agency (CISA) has released guidance for implementing stronger, phishing-resistant multifactor authentication to enhance authentication security and avoid phishing attacks.⁴ The guidance urges all organizations to implement phishing-resistant multifactor authentication methods, such as CBA. These protocols have additional built-in protections to prevent phishing and resist increasingly automated, sophisticated attacks on authentication processes. The Identity Defined Security Alliance (IDSA) recently created an infographic illustrating the 2022 trends in securing digital identities.⁵ IDSA found that 96 percent of organizations that have suffered a breach report that it could have been prevented or minimized by implementing identity-related security outcomes. Implementation of phishing-resistant multifactor authentication methods can drastically help reduce that risk.

Axiad recommends organizations implement phishing-resistant multifactor authentication methods. This is one of the simplest steps organizations can take to protect their environments and keep hackers out. Axiad Cloud is a great complement to existing Microsoft Entra ID customers looking to strengthen their security perimeter.

Integrate with Microsoft Entra ID

The power of Axiad Cloud complements Microsoft Entra ID with Axiad CBA for IAM by provisioning and managing phishing-resistant, passwordless credentials for users everywhere. Microsoft customers can leverage Microsoft Entra ID CBA with certificates provisioned and managed by Axiad Cloud. Axiad CBA for IAM can support issuing and managing certificates with a variety of authenticators such as physical smart cards, virtual smart cards, and YubiKeys. The Axiad Cloud-issued user certificates can be used to authenticate Microsoft 365 applications and workstations to protect companies’ most sensitive information and devices. This eliminates the need for multiple forms of authentication and reduces IT complexity. All entities are secured without using passwords or shared secrets, so the authentication process is secure from end to end.

This joint solution offers the following benefits:

Passwordless multifactor authentication: Provisions multiple types of authenticators that do not rely on a password or push notification that can easily be intercepted or compromised and supports phishing-resistant authentication as recommended by CISA.

Consolidated view: Provides administrators and users with a consolidated view of all authenticators and helps manage them from Axiad MyIdentities, which uniquely provides visibility into all user authenticators, including Microsoft Authenticator, Windows Hello for Business, OTP codes, and security keys. All authenticators and credentials can be managed with the Axiad Unified Portal. The portal provides administrators and users, the ability to provision credentials through a number of delivery workflows.

Self-service: Empowers self-service by enabling the workforce to issue department-level credential resets with Axiad MyCircle, thereby avoiding temporary passwords and reducing user friction. This improves user experience and reduces calls to the IT help desk for credential resets.

Increased efficiency: Replaces the use of multiple tools for enterprise deployment, management, and support of authenticators and credentials with Axiad Airlock. Organizations can automate multifactor authentication processes and checklists (for example, enforcing initial smart card setup and renewal) before an employee can gain full access to systems. Axiad Airlock allows organizations to streamline provisioning authenticators and credentials. Organizations can provide self-service credential lifecycle management including account recovery (replacement, temporary credentials, and PIN resets), expirations, renewals, and more.

With these benefits, CBA is increasingly deployed in the public sector. The majority of federal agency and defense employees and contractors use a Personal Identity Verification (PIV) card or Common Access Card (CAC), which are both forms of smart cards used for authentication. CBA simplifies the process of authenticating to Microsoft Entra ID using PIV- or CAC-based smart cards and meets the federal government’s requirement to move to phishing-resistant multifactor authentication solutions.

To further support Microsoft users on their journey to passwordless, Axiad is also an active member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers that have integrated their solutions with Microsoft Security products to better defend against a world of increasing threats. Through working in MISA, and with Microsoft product teams, Axiad is fully committed to aligning with Microsoft’s vision for securing customers’ environments with the best solutions possible.

Support cloud migration

Microsoft has recently advised their customers with on-premises Active Directory Federation Services (AD FS) to migrate to cloud-based Microsoft Entra ID for identity and access management. This helps customers to authenticate to Microsoft services directly against Microsoft Entra ID and eliminates the need for federated AD FS. This allows customers to simplify infrastructure and improve costs, security, and scalability. But how do customers ensure secure CBA remains intact while migrating to the cloud?

Customers can enable cloud migration by using the same certificate issued by Axiad Cloud to authenticate to on-premises resources protected by AD FS, and Microsoft 365 services by leveraging Microsoft Entra ID CBA. Axiad Cloud credentials used by AD FS to authenticate on-premises resources can continue to be used as applications are migrated to authenticate to Microsoft Entra ID. This provides flexibility in a cloud migration strategy and deployment. Users will also have the same authentication experience during the migration process as the same Axiad Cloud-issued credential will be used for authentication. This supports CBA across Microsoft 365 services.

Overall, this joint solution supports authentication needs across an enterprise environment. Together, these products can manage a broad range of phishing-resistant authenticators ranging from enterprise-grade mobile-based to government-grade compliant approaches. By creating a consolidated authentication experience across devices, authenticators, and locations, the solution both enhances security and reduces user friction. Axiad CBA for IAM helps organizations migrate to Microsoft Entra ID more rapidly or operate a hybrid Azure AD and on-premises active directory environment by keeping secure certificate-based authentication intact during the migration process.

Learn more about how Axiad Cloud, with Microsoft Entra ID, allows organizations to protect and easily authenticate to Microsoft 365 applications by visiting their website.

For more information about Axiad’s support of Microsoft Entra ID, visit the Azure Marketplace.

Microsoft Entra ID

New name, same powerful capabilities: Azure Active Directory is becoming Microsoft Entra ID.

Learn more

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.   

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID, Joy Chik. July 11, 2023.

²Your Pa$$word doesn’t matter, Alex Weinert. July 9, 2019.

³Uber Hit By New Data Breach After Attack on Third-Party Vendor, Alessandro Mascellino. December 13, 2022.

⁴More than a Password, CISA.

⁵2022 Trends in Securing Digital Identities, IDSA. 2022.

The post Boost identity protection with Axiad Cloud and Microsoft Entra ID appeared first on Microsoft Security Blog.

Cloud development challenges conventional thinking about risk. A “perimeter” was always the abstraction that security teams could start from—defining their perimeter and exposing the cracks in firewalls and network access. With more and more infrastructure represented as ephemeral code, protecting your perimeter is no longer a matter of software vulnerabilities and network checks. It’s a complex web of interconnected risks that can exacerbate network gaps or workload vulnerabilities.

When it comes to remediating risks, context is always king, and siloed pillars of cloud security—identity, data, platform, and workloads—kill context. Protecting a broad Microsoft Azure footprint means having a deep understanding of how these risks can combine to create unintended access to your company’s sensitive data, and then prioritizing threats based on potential business impact. This means understanding identity, workload, platform configuration, and data security through a single pane of glass providing visibility across the entire digital estate.

Sonrai integrates with Microsoft Sentinel and Microsoft Defender for Cloud to uncover and remediate sophisticated threats in a timely manner.

Microsoft released Defender for Cloud to protect across hybrid and multicloud environments. Sonrai works with Defender for Cloud’s infrastructure and operational controls for powerful event logging to ingest all information and bring context into one place. Sonrai’s patented analytics evaluate how identity and data risks compound with platform and workload risks to create access to sensitive data within Azure.

To help Azure customers understand the true blast radius of every vulnerability, Sonrai integrates with Microsoft Sentinel to monitor threats across vectors and automate responses by leveraging security orchestration, automation, and response (SOAR) playbooks, and Defender for Cloud to provide visibility across the entire digital estate by identifying possible attack paths and remediating vulnerabilities.

Backed by these insights, an organization can successfully operationalize a risk remediation practice. They are additionally able to enable DevOps and security teams to fully harness the digital transformation and time-to-delivery benefits that Azure can power, without worrying about sacrificing speed for security.

Microsoft Defender for Cloud

Secure multicloud and hybrid environments.

Learn more

Identity as perimeter, data as prioritizer

A consistent research finding is that most cloud data breaches involve a compromised identity—one study cites 81 percent of breaches¹ involve exploiting an overprivileged identity, while another claims that 74 percent of breaches² surveyed started with privileged credential abuse. It’s clear that the way we use identity now in the cloud—as a de facto “perimeter” and locus of privileges and access—makes it imperative to put identity at the center of any enterprise security strategy.

The behavior and management of non-people identities (think: service principles) are conceptually much different than when we managed a list of users from Microsoft Azure Active Directory. The main reason? The majority of identities in a given cloud represent services, devices, and applications—not employees. For example, your cloud may have many identities representing Azure Serverless compute, which may only exist for a few minutes a day, rely on assuming access from a role, and being capable of cross-organization access. The privileges associated with this identity might be in a policy several degrees of separation away through a nested group. Using managed identities and, ideally, the enforcement of the Principle of Least Privilege, is a good place to start. The harder part is the hidden relationships that don’t show in a traditional identity management tool.

Especially as DevOps gets more sophisticated with infrastructure as code (IaC) provisioning, these complex relationships become commonplace. Templatized infrastructure means further nested rights and inheritances through complex relationships.

Continuous monitoring and analytics of identity trust chains become imperative for understanding what privileges any identity truly has. The most important thing is: How do these identities tie back to sensitive data?

Data is the pot of gold at the end of an attacker’s rainbow. In the cloud, identity is the stepping stone attackers can leverage to move laterally and find ways to your data. Exposed data and overprivileged identities are red flags organizations need to look for when considering vulnerabilities and posture misconfigurations. Sonrai Security’s Workload Protection Platform refers to these red flags as “Risk Amplifiers.” In the next section, we’ll address why understanding how threats tie back to identity and data risks matter.

Vulnerabilities: Which are relevant?

Cloud development has changed how we look at vulnerabilities. Distributed, rapid, and open source-fueled continuous integration and continuous delivery (CI/CD) pipelines can introduce more vulnerabilities to staging and production environments, lending enterprises to deal with thousands of common vulnerabilities and exposures (CVEs) regularly. If cloud innovation continues at such a rapid pace, and developers leverage public libraries and prioritize speed over security, CVEs will proliferate. The question is: which ones should we care about first?

Traditionally, information about the vulnerability itself would determine its priority for patching. A common vulnerability scoring system score, its age, and known exploits would give you a picture of how likely it was to lead to a breach. But this tells only half the story: the context of the workload that vulnerability is on tells you what the potential blast radius could be, and therefore gives you the true potential impact on the business.

A vulnerability on a deadened workload shouldn’t be prioritized before one with a Service Principal on it that can self-escalate privileges and access sensitive data. This prioritization is critical, otherwise, your security operations center (SOC) team might be chasing alerts that would never impact the business, but meet the traditional definition of a risk. Fixing it will close a ticket, but “tickets closed” is a poor stand-in for real risk reduction.

Connecting the dots: Analyzing an Azure attack path

Let’s piece this story together by examining an example of a typical path that a bad actor might take to access data.

We’ll start with a vulnerability, let’s say one from Microsoft Defender for Cloud’s agentless vulnerability scanner in Microsoft Defender Cloud Security Posture Management.

Figure 1. Sonrai platform displaying a vulnerability with risk amplifiers including network and identity risks.

There are a few things to review examining Figure 1. First, Sonrai has detected multiple network-related risk amplifiers, showing a path into the environment from an exposed Azure Virtual Machine open to the internet.

This basic risk aggregation is critical to have network issues detected and remediated through Defender Cloud Security Posture Management (or through Sonrai). You can see a visualization of the “Azure Port 22 Host with Ingress from Internet” in Figure 2.

Figure 2. Sonrai platform permission chain showing how a machine identity connects to a network misconfiguration.

Next, this alert is rated with critical severity, but it’s on a sandbox account. Normally, a vulnerability in a sandbox environment without sensitive data wouldn’t trigger critical severity, so there must be something deeper. Looking further at Figure 1, there’s an “additionally impacted swimlane” (Sonrai’s grouping mechanism for cloud environments) named “creditapp-production.” Now, looking at the identity-related risk amplifiers from Figure 1, we see there are several sources for this.

One of the identity amplifiers listed is “Compute has access to sensitive data in Azure.” How is it possible that Compute in a sandbox account ends up accessing Production data? Let’s examine Figure 3. There are multiple complex potential routes that could be leading this Compute to sensitive data. Once the Compute is attached to the user, or service principle, it has access to several nested groups and policies. To learn exactly where Sonrai finds data access, let’s go a step further.

Figure 3. Sonrai platform complex permission chaining, revealing how a machine identity holds covert privileges.

By examining the piece of Compute in the Sonrai Security Platform “Node” view, the platform tells us exactly the subscriptions the Compute has access to, among them being “creditapp-production”—what we’re concerned with currently. Within prod, we can see in Figure 4, all the data accessible to the Compute and what actions it can take.

Figure 4. Sonrai platform data node view displaying every asset a particular identity can access.

Finally, we see in Figure 5 an exact path of how the Compute ended up accessing production data. You can consider this an Azure attack path waiting to be exploited.

Figure 5. Sonrai platform permission chain revealing how compute access data through nested groups and policies.

Ultimately, we have a typical vulnerability on our hands, but what’s impactful is knowing how both an identity and platform misconfiguration severely exacerbate the severity of this vulnerability and created an exploitable attack path.

This is useful when you consider the scale of vulnerabilities and security tickets your typical environment is experiencing. It begs the question of how security and cloud ops teams can keep up with remediating them all. When you can understand each security threat’s risk amplifiers and how they tie back to platform, identity, and data risks, your team can chip away at the highest priority threats based on potential business impact.

Microsoft and Sonrai Security make cloud security better together.

About Sonrai Security

Sonrai offers a total public cloud security solution for Microsoft Azure. Sonrai has been a MISA member since 2021 and works with Microsoft Defender for Cloud, Advanced Data Security, Microsoft Sentinel, Azure Active Directory, and many other Azure Services.

The Sonrai Security Platform is available on the Azure Marketplace and offers a Shared Responsibility Model with Azure.

Sonrai Security has offices in New York and New Brunswick, Canada and is backed by ISTARI, Menlo Ventures, Polaris Partners, and TenEleven Ventures. For more information, visit their website.

Learn more

Learn more about Microsoft Sentinel and Microsoft Defender for Cloud.

To learn more about the Microsoft Intelligent Security Association (MISA), visit the website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹IBM’s 2018 Data Breach Study Shows Why We’re In A Zero Trust World Now, Louis Columbus. July 27, 2018.

²74% Of Data Breaches Start With Privileged Credential Abuse, Louis Columbus. February 26, 2019.

The post How Microsoft and Sonrai integrate to eliminate attack paths appeared first on Microsoft Security Blog.

MISA is a coalition of Microsoft leaders and subject matter experts, independent software vendors (ISVs), and managed security service providers (MSSPs). Together, we work to defend organizations around the world from increasing threats. Security is a broad, collaborative business, and our amazing partners continue to show their resilience and excellence in delivering comprehensive protection integrated with Microsoft Security technology.

In San Francisco, California, on the first day of the RSA Conference (RSAC), we were honored to bring together MISA members and Microsoft Security leadership to honor the top finalists and announce award winners.

“It is my privilege to acknowledge this year’s Microsoft Security Excellence Awards recipients, who continually inspire us with their commitment to building a safer world for all. Their solutions, services, innovative spirit, and customer focus are integral to this goal. Security is a team sport, and we are proud to partner with our MISA community. My warmest congratulations to all the awardees.”

—Vasu Jakkal, Corporate Vice President (CVP), Microsoft Security, Compliance, Identity, and Privacy

Security for all  

We believe that inclusivity is not just an ethical choice, but also a strategic advantage. That’s why we’re proud to showcase the investment and efforts our partner ecosystem has made to promote diversity and inclusion. This year we recognized the first winner of the new Diversity in Security award. This award honors a partner who has gone above and beyond to foster diversity and cultivate positive change within the industry, and ultimately improve our ability to protect customers against cyberthreats.

Security is a team sport, one that always needs new players. So, we were also proud to recognize the next generation of security defenders. Microsoft is partnering with Last Mile Education Fund by funding scholarships for underrepresented students to help target the nationwide shortage of cybersecurity talent while Shadow Hunter is our gamified experience that immerses contestants in a simulated real-world cybersecurity scenario to build and test security skills. Bringing the two together was natural. We invited students from around the United States to challenge themselves in our special Last Mile Education Fund and Microsoft Security Immersion Event: Shadow Hunter four-hour virtual events. To acknowledge those students who achieved the top scores among their peers, Bret Arsenault, CVP and Chief Information Security Officer, Microsoft, and Ruthe Farmer, Founder, Last Mile Education Fund, recognized the top 10 students—Logan Gamma, Joan Waldron, Dialla Diarra, Cristian Carrillo Mendez, Lisa Friel, Afraz Sakib, Alexandra Farina, Sean Dixon, Amanda Hite, and Angelina Zhukova—for their ongoing accomplishments.

2023 Security Excellence Award winners

Both technology and people are essential for creating a secure future, and we were thrilled to recognize some of the top companies and individuals in the field across 11 award categories that reflect the diverse and valuable contributions of MISA members. We were impressed by the hundreds of award nominations we received. The panel diligently reviewed each one and shortlisted five nominees for each category. Winners were then decided by the votes of Microsoft and MISA members.

We are proud to announce the finalists and winners in each category:

Security Trailblazer

Partners that have delivered innovative solutions or services that leverage the full Microsoft range of security products and have proven to be outstanding leaders in accelerating customers’ efforts to mitigate cybersecurity threats.

• Ascent Solutions—Winner
• Critical Start
• D3 Security
• Quorum Systems
• Synack

Compliance and Privacy Trailblazer

Partners that deliver innovative solutions or services and are distinguished leaders in driving holistic or end-to-end Microsoft compliance or privacy strategy with customers.

• Protiviti—Winner
• archTIS
• Epiq
• Infotechtion
• Relativity

Identity Trailblazer

Partners that are leaders in the identity space and have driven identity-related initiatives and delivered innovative solutions or services with Microsoft Azure Active Directory.

• EY—Winner
• HCLTech
• Squadra Technologies
• Synergy Advisors
• Thales

Zero Trust Champion

Partners that are dedicated to supporting customers in their Zero Trust journey and have demonstrated vital integrations with the Microsoft Zero Trust platform.

• Silverfort—Winner
• Avanade
• Netskope
• Oxford Computer Group
• Yubico

Security Software Innovator

ISVs that have developed innovative solutions with disruptive and transformative technology in collaboration with Microsoft that makes work easier for our mutual customers.

• Relativity—Winner
• 42Crunch
• Axiad
• ContraForce
• Theom

Security Services Innovator

MSSPs that are exceptional at educating the market on security risks and driving holistic end-to-end managed extended detection and response (MXDR) security strategy with customers using Microsoft Security products and that deliver innovative and transformative security services to customers.

• Ontinue—Winner
• Bridewell
• Difenda
• Quorum Cyber
• Wortell

Security Customer Champion

Partners that go above and beyond to drive customer impact and that have a proven track record of customer obsession and success.

• Vectra—Winner
• Epiq
• F5
• Lighthouse
• Ontinue

Security Changemaker

Individuals within partner organizations who have made a remarkable security contribution to the company or the larger security community.

• Katie Nickels, Red Canary—Winner
• Federico Charosky, Quorum Cyber
• Jeffrey J. Engle, Conquest Cyber
• Harry Haramis, Keyfactor
• Mike Ounsworth, Entrust

Diversity in Security

Partners that have demonstrated a significant commitment to enhancing diversity, equity, and inclusion to better serve security customers and foster change in the industry.

• Lighthouse—Winner
• Difenda
• KnowBe4
• Recorded Future
• Wortell

Security ISV of the Year

ISVs that are all-around powerhouses, show growth potential and have innovative security solutions that integrate with a MISA-qualifying security product.

• Adobe—Winner
• Cloudflare
• Delinea
• Silverfort
• Thales

Security MSSP of the Year

MSSPs that are all-around powerhouses with strong integration between Microsoft products and ongoing managed security services that drive the end-to-end Microsoft Security stack to our mutual customers.

• BlueVoyant—Winner
• glueckkanja-gab
• PwC
• Red Canary
• Wipro

We’re ready for what’s next

This was an amazing evening, bringing together MISA members, Microsoft executives, and future security experts. Many thanks to all who came, and congratulations again to all our finalists and winners. One constant within the ever-changing world of cyberthreats is the way our community comes together to protect and empower customers. We look forward to seeing everything you accomplish in the upcoming year.

If you’re at the RSA Conference through April 27, 2023, come and visit us at the Microsoft Booth 6044 North Expo where MISA members will be showcasing their solutions at our MISA demo station and the Microsoft Theater. We’d love to see you at the following sessions:

• Session 20: Build your MXDR environment using the Azure Marketplace in 5 minutes (Wednesday, April 26, 2023, 10:10 AM PT to 10:30 AM PT).
• Session 21: Using breach and attack simulation across the Microsoft Security portfolio to optimize your SecOps (Wednesday, April 26, 2023, 10:40 AM PT to 11:00 AM PT).
• Session 22: Achieving Zero Trust application access with Cloudflare One and Microsoft Security (Wednesday, April 26, 2023, 11:10 AM PT to 11:30 AM PT).
• Session 23: “Power of Partnerships”—Services + Technology + Microsoft (Wednesday, April 26, 2023, 11:40 AM PT to 12:00 PM PT).
• Session 28: The new MXDR paradigm: Nonstop SecOps through real-time collaboration and AI-driven automation (Wednesday, April 26, 2023, 2:10 PM PT to 2:30 PM PT).

Figure 1. MISA member companies will share how they work together with Microsoft to protect customers from cyberthreats. Sessions will be presented by the following MISA members: BUI, SafeBreach, Cloudflare, Relativity and Epiq, and Ontinue.

Figure 2. MISA and its ecosystem of ISVs and MSSPs, with solutions integrated with the Microsoft’s security technology, will have a demo station at the RSAC Microsoft booth. Demos will take place on Monday, April 24, 2023, through Thursday, April 27, 2023, throughout the conference hours. The following MISA ISV and MSSP vendors will be giving demos: Cerby Kovrr, Elevate Security, Red Canary, Yubico, Lighthouse, Ascent Solutions, Wipro, Adobe, Forsyte, Corelight, 42Crunch, Maureen Data Systems, Datawiza, Secude, Avanade, archTIS, Difenda, Quorom Cyber, Netrix, Theom, BlueVoyant, BigID, and Synergy Advisors.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft announces the 2023 Microsoft Security Excellence Awards winners appeared first on Microsoft Security Blog.

Global supply chains face a broad range of risks, from physical threats to cybersecurity threats. Sharing information with suppliers is essential for the supply chain to function effectively, but it creates significant risks simultaneously with a potential loss of intellectual property (IP). Security is only as strong as the weakest link in the supply chain. Data compromised in the supply chain can be as damaging as that from within the organization. Digital rights management (DRM) is used by many industries, such as the music industry, to protect intellectual property. Organizations are beginning to look at this technology to protect their corporate IP. Netwoven Govern 365 and Microsoft Purview Information Protection provide a robust solution for managing your IP. 

Nine must-haves to implement a resilient supply chain information protection framework 

The following items are essential for a robust supply chain framework: 

1. Keep an updated database of leading suppliers and their sub-tiers. This hierarchy can be very fluid, so it must be maintained and used carefully.  
2. Deploy Microsoft Purview Information Protection to automatically discover, classify, label, and protect sensitive data found in files and documents within your organization.  
3. Ensure all IP-related files emanating from applications such as computer-aided design software, productivity software, and other types of software are protected using the labels for the appropriate suppliers.  
4. Ensure that all information is protected appropriately based on the current hierarchy of leading suppliers and their sub-tiers.  
5. Establish that all data egress points from the company where sharing of files can occur with suppliers are protected. 
6. Put in place all appropriate legal contracts with the leading suppliers. 
7. Confirm that external users are registered appropriately in your identity management system to have access to the files.  
8. Limit trade restricted individuals from accessing critical information as a violation could lead to fines by the government. 
9. Create a solution that is easy to use by all users for adoption. 

Using Govern 365 for managing your supply chain 

Govern 365 with Microsoft Purview Information Protection provides an automated and frictionless solution to protect your company’s sensitive information and limit litigation and compliance exposure, without burdening productivity. 

The key features of Govern 365 that help improve supply chain protection are:

• Supply chain hierarchy management.
• Content Protection across the supply chain hierarchy.
• Easy to use self-service provisioning with Microsoft Teams.
• Ability to add and remove users easily using the workspace manager.
• Ability to restrict restricted individuals from accessing the workspace.
• Visibility and auditing capabilities for tracking usage.
• Dynamic Watermarking capabilities for additional protection.

Govern 365 provides these features by leveraging your investments in Microsoft Purview. Microsoft Purview comes with information protection and data loss prevention capabilities leveraged by Govern 365. 

A particular use case of Intellectual Property Management is a Virtual Data Room (VDR). Historically, VDR platforms were primarily used in specific industries that required enhanced protection of sensitive information. Consequently, the emphasis of these solutions has always been on the secure sharing of said information rather than secure collaboration during its ideation and creation.  

Govern 365 provides the ability to create VDRs. Here are some of the key features of Govern 365 VDR that organizations can use for supply chain IP protection. 

Unified Dashboard 

The Unified Dashboard is a simple interface available in Microsoft Teams and the web that provides access to your existing VDRs and creates new ones easily. 

Figure 1. Govern 365 Unified Dashboard.

The icons in the dashboard cards provide easy-to-navigate features for the user. 

Self-Service Workspace Provisioning 

The provisioning wizard provides a self-service mechanism to create VDR workspaces easily. The choices below are examples that can be configured differently for your organization at the time of deployment. 

Figure 2. Govern 365 New Workspace Request.

User Permissions Management 

Using Govern 365 Access Manager, the workspace owner can easily add or remove users from the workspace or manage permissions at the workspace level. This automatically adjusts the permissions of the content in the workspace for the users.  

Figure 3. Govern 365 Workspace Manager.

The workspace manager allows for access management at the workspace level. 

Use of Corporate Sensitivity Labels 

Govern 365 leverages your corporate sensitivity labels to protect content in VDRs for internal and external use. It allows for encryption and content marking including dynamic watermarking. 

Analytics 

The solution should automatically collect the necessary information about the user’s actions within a given workspace in the form of an audit log that you can extract as a CSV file format at any time, better monitoring your security. 

The workspace analytics integrates with Microsoft Power BI to offer an exhaustive content inventory report of the workspace utilization. 

Doing more with less 

Choosing a VDR provider for your organization takes work. Govern 365’s VDRs are built to work with Microsoft Teams and SharePoint to protect your sensitive information while ensuring data sovereignty. Built on Information Protection, external and internal recipients can safely and securely take advantage of secure collaboration while having data stored in their repository, having an intuitive user experience that allows you to customize the product to suit your organizational needs. All in all, Govern 365 enables you to do more with less by utilizing your existing Microsoft 365 estate to its fullest, keeping your return on investment calculator ticking. 

About Netwoven

Netwoven is a Microsoft Solutions Partner focused on unraveling complex business problems leveraging Microsoft technologies. They work with their clients to create and execute digital transformation strategies around secure collaboration, modern software applications, more profound insights from data, advanced infrastructure, and security. Explore Govern 365 and visit the Microsoft Azure Marketplace for a free trial. 

Learn more

Learn more about Microsoft Purview Information Protection. 

To learn more about the Microsoft Intelligent Security Association (MISA), visit the website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Protect intellectual property with Govern 365 and Microsoft Purview appeared first on Microsoft Security Blog.

You’ve implemented multifactor authentication for access to your enterprise network. But what if multifactor authentication isn’t as foolproof as you’re hoping?

Are you comfortable betting your organization’s security on it?

Multifactor authentication isn’t a silver bullet

The premise behind multifactor authentication is a good one—anybody who wants to access your network needs two or more things:

1. Something they know (such as a password or personal identification number).
2. Something they have in their possession (cryptographic identification device, token).
3. Something they are (biometric, fingerprint).

Users enter two of those (or three of them, to access especially sensitive resources), your server authenticates them, and they’re on your network. It’s more robust security than a simple username and password, and it makes bad actors work a lot harder to access your network.

That’s why multifactor authentication is such a commonly used approach in security for solving the problem of leaked or compromised credentials. But it’s not foolproof, and here’s why Recorded Future thinks you can do better.

SMS is vulnerable

Many multifactor authentication products, especially the ones suitable for consumer use, rely on SMS and send a code to the user’s phone in a text message. Unfortunately, SMS can be hacked or spoofed, with the result that the bad actor receives the code and is able to pass the authentication test.

Also, not all applications support multifactor authentication—that’s especially true of older systems—which leaves the door open to bad actors. There are passwordless authentication methods, but credentials are used to authenticate the system on the back end, so password security and the user’s identity can still be avenues for compromise.

Multifactor authentication isn’t enough

Threat actors can brute force their way into accounts, defeat multifactor authentication, and breach organizations. There are many ways, unfortunately, that threat actors can accomplish this.

One way is by hijacking session cookies. Another way involves exploiting default multifactor authentication protocols. For instance, the United States Cybersecurity and Infrastructure Security Agency recently released a report warning that Russian state-sponsored threat actors were able to gain network access by taking advantage of an account set to default multifactor authentication protocols. That allowed them to enroll a new device for multifactor authentication access in their victim’s network, and then take advantage of a critical Windows vulnerability to run any code they wanted on the hacked network—with system privileges. One small mistake with multifactor authentication enabled threat actors to gain not only access but also significant control over the network.

Beyond multifactor authentication: Identity Intelligence from Recorded Future

Of course, threat actors are trying to breach thousands of networks every day. Suppose you had up-to-date intelligence that told you about their attempts all over the globe. That would give you a lot more information about them than just their IP address. Wouldn’t that help you decide whether their visit to your site was legitimate or not?

That’s the identity management model Recorded Future uses with Identity Intelligence. It arms security teams with real-time information about identity compromises worldwide so they can respond confidently, without any manual research. Identity Intelligence automates the collection, analysis, and production of intelligence from open-source, dark-web, and technology entities, including unique sourcing of malware log information. It combines that intelligence with world-class research to deliver an unmatched source of truth for identity management and authentication at a massive scale.

Identity Intelligence covers the most prominent use cases that enterprises face in a landscape of employees, partners, supply chains, and customers in an era of account takeovers and identity fraud:

• Preventing business email compromise and account hijacking.
• Identifying and mitigating the risk of account takeover.
• Checking for risk automatically during critical events (such as password creation or reset).
• Monitoring employee and customer identities on an ongoing basis.

It represents an important tool for securing user identity, as remote work and digital interactions across multiple channels increase the responsibilities of security and IT teams.

Integration with Microsoft

Recorded Future has released an integration between Identity Intelligence and Microsoft Azure Active Directory. The integration monitors new, compromised credentials found by Recorded Future, and places at-risk users into one or more different security groups, based on the client’s security policies and the nature of the compromise.  For example, credentials from bulk data dumps that have been circulated before may pose a relatively low risk and warrant only an “informational” warning to the user. On the other hand, credentials stolen recently by info stealer software are at high risk and require immediate remediation by the affected users.

Microsoft Azure Active Directory (Azure AD) supports identity protection and can score user risk as low, medium, or high. The integration with Identity Intelligence complements that insight, layering more context and transparency into the risks associated with users’ identities. The easiest way to do this is by placing an at-risk user into one or more security groups based on the Identity Intelligence available from Recorded Future and pushing the details of Recorded Future’s Identity Intelligence into Microsoft Sentinel. That allows forensic teams to examine the compromised credentials and respond to any potential incidents.

A Microsoft Sentinel example

Imagine how your company’s attack surface is constantly growing and your security team is seeing more events with each passing day. The team has too little context on user activity, so it can’t connect the dots between the external risk of detected threats and other insights. Its responses grow slower, increasing the likelihood that threats will slip through the cracks.

Identity Intelligence integrates with Azure AD through Azure Logic Apps. It uses one playbook to connect to Azure AD and Microsoft Sentinel and mitigate security risk by automatically positioning threat data in your Microsoft Sentinel environment. By layering real-time evidence on top of internal activity in Microsoft Sentinel, Identity Intelligence gives your security analysts the evidence they need to deal with threats.

Recorded Future is a member of the Microsoft Intelligent Security Association (MISA). It joins the independent software vendors and managed security service providers who integrate their solutions with Microsoft products to better defend against threats. Recorded Future indicators are also available as Microsoft Graph Security API indicators for use in security products from Microsoft and other partners.

Take the next step

Strong identity authentication is a must-have as your company faces a growing threat landscape and higher attack volumes.

Identity Intelligence from Recorded Future uses a combination of public sources and proprietary methods to help security teams to focus on the highest-risk user activity. It enables companies to address threats automatically, with out-of-the-box integrations and real-time insights for Azure AD and Microsoft Sentinel.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit the website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Gain real-time identity protection with Microsoft and Recorded Future appeared first on Microsoft Security Blog.

Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent in the past year, and 1 in 40 organizations has fallen victim to ransomware.¹ To protect high-value business documents such as partnership agreements, service contracts, and purchase orders, which are typically shared as PDFs, organizations require the best possible security, compliance, and information protection. This will ensure only the most important stakeholders can view, manage, and approve these important documents.

As more workflows become digitized, protecting information is becoming more crucial. To avoid these scenarios, a secure, unified workflow is needed. This allows IT and business leaders to control who can view and access digitized documents and data, ensuring they are stored securely and for the appropriate duration.

Figure 1. The “Select a Microsoft Sensitivity Label” available within the Protect tool in Adobe Acrobat.

Adobe is committed to security

Together with Microsoft, Adobe builds value by earning trust with their customers, who are counting on them to do the right thing when it comes to their data and their business. When Adobe engages with its customers, they have a responsibility to treat their data with care. Customers entrust Adobe with their data, and in exchange, they expect them to be world-class at securing it, governing it, and protecting it. Doing the right thing means taking a proactive approach to data protection—embedding security and compliance from the ground up.

Acrobat helps users enhance the security of confidential documents such as partnership agreements, service contracts, and purchase orders by offering the option to add passwords or utilize certificates. To learn more about the defense-in-depth approach and security procedures implemented by Adobe, read the whitepaper “Adobe Acrobat with Document Cloud Services Security Overview.”²

Together Microsoft and Adobe care about customers’ data security

Adobe and Microsoft, as trusted providers of business solutions used by millions, are joining forces to bring unparalleled modern work experiences to customers globally. Adobe is combining the innovations of Adobe Document Cloud and Microsoft Cloud to make the modern, secure, connected, and hybrid workplace a reality.

Microsoft Purview Information Protection helps organizations discover, identify, classify, and protect sensitive data that is business critical, then manage and protect it across their digital estate. Adobe, together with Microsoft, introduced new functionality at Microsoft Ignite in October 2022 that brings the same classification, labeling, and protection already available to Microsoft Word documents, Excel spreadsheets, and PowerPoint presentations to the PDF file format through Acrobat Desktop.³

Organizations using Microsoft Purview Information Protection can now apply and edit sensitivity labels and policies to PDFs using the latest versions of Acrobat Pro or Standard (version 22.003.20258 or later) without needing a separate plug-in or installation. Acrobat leverages the Microsoft Purview Information Protection SDK to make the user experience intuitive, considering finer details such as label descriptions, embedded content markings, and justification logic. Along with manual labels, Acrobat also supports default labeling, mandatory labeling, and user-defined permissions for customized access.

Figure 2. See the benefit of the integration for a company that shares labeled PDFs with external organizations. This integration reduces time to value and improves productivity.

Consider a company that works with various external clients. If they share a labeled PDF with these external clients, and those clients don’t have the right plug-in installed to open and view the PDF, it may take days before their IT admin responds to their request. This may cause them to try risky alternative approaches to open the PDF. With this integration, as illustrated in Figure 2, the external client that has Microsoft Purview Information Protection for Acrobat enabled by their IT admin will be able to view the document without needing to download a plug-in. Similarly, applying a label previously required an older information protection client and then opening the PDF in an information protection-supported PDF viewer. Now, these actions can be done from within Acrobat Pro or Standard desktop versions directly.

How the Microsoft and Acrobat integration works

For Acrobat Pro or Standard users with a Microsoft 365 E3 or higher subscription, information protection can be accessed within Adobe Acrobat through the Protect tool. A sensitivity label can be applied using the “Select a Microsoft Sensitivity label” option. The sensitivity label dialog box displays a list of labels already configured in the Microsoft Purview Compliance Portal, ensuring consistency across Microsoft 365 apps and Acrobat. Each sensitivity label can include headers, footers, and watermarks to visually indicate the applied label. Check out this video for a demonstration of how to add a label.

An IT administrator can enable this feature for your organization. Consult the Microsoft Purview Information Protection support in Acrobat installation instructions for help. To gain further knowledge on how to secure PDFs and mitigate risk with Microsoft Purview Information Protection, watch this on-demand webinar.

Who benefits from this Microsoft and Adobe Acrobat integration?

The integration of information protection labeling in Adobe Acrobat has proven valuable for customers in regulated industries, such as government, healthcare, and financial services, as well as in departments such as legal, HR, finance, and procurement. This integration provides a heightened level of data security, which is highly valued by chief information security officers.

What is Adobe excited for next?

Protecting customers’ digital assets is Adobe’s top priority, and they believe this integration is a game-changing and essential feature. This journey started in 2018 with Adobe Acrobat and Reader apps supporting consistent viewing of PDFs protected by Microsoft Purview Information Protection. Adobe is now adding the ability to apply and edit Microsoft sensitivity labels to PDFs natively in the Acrobat desktop version, with plans to support information protection use cases for PDFs (viewing, labeling, and persistent protection during export workflows) on mobile and web platforms in the future.

About Adobe

Adobe Document Cloud helps turn manual document processes into efficient digital ones with the world’s leading PDF and e-signature solutions. Learn more about Acrobat support for Microsoft Purview Information Protection.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit the website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

Learn more about Microsoft Purview Information Protection.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Check Point Research: Weekly Cyber Attacks increased by 32% Year-Over-Year; 1 out of 40 organizations impacted by Ransomware, Check Point blog. July 26, 2022.

²Adobe Acrobat with Document Cloud Services Security Overview, Adobe. 2022.

³A simple approach to data protection, Microsoft. October 13, 2022.

The post Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available appeared first on Microsoft Security Blog.