{"id":66644,"date":"2017-01-17T10:00:03","date_gmt":"2017-01-17T18:00:03","guid":{"rendered":"http:\/\/blogs.microsoft.com\/microsoftsecure\/?p=66644"},"modified":"2023-06-23T09:53:55","modified_gmt":"2023-06-23T16:53:55","slug":"microsofts-cyber-defense-operations-center-shares-best-practices","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/01\/17\/microsofts-cyber-defense-operations-center-shares-best-practices\/","title":{"rendered":"Microsoft\u2019s Cyber Defense Operations Center shares best practices"},"content":{"rendered":"

This post is authored by a Security Principal of Cyber Security Services and Engineering<\/em><\/p>\n

Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. In 2016 alone, over 3 billion customer data records were breached in several high-profile attacks globally. As we look at current state of cybersecurity challenges today, we see the same types of attacks, but the sophistication and scope of each attack continues to grow and evolve. Cyber adversaries are now changing their tactics and targets based on the current security landscape. For example, as operating systems became more secure, hackers shifted back to credential compromise. As Microsoft Windows continually improves its security, hackers attack other systems and third-party applications.<\/p>\n

Both the growth of the internet and the Internet of Things (IoT) is creating more connected devices, many of which are unsecure, to carry out larger Distributed Denial-of-Service (DDoS) attacks. Due to the insecure implementation of internet-connected embedded devices, they are routinely being hacked and used in cyberattacks. Smart TVs and even refrigerators have been used to send out millions of malicious spam emails. Printers and set-top-boxes have been used to mine Bitcoins and cybercriminals have targeted CCTV cameras (common IoT devices), to launch DDoS attacks.<\/p>\n

Microsoft has unique visibility into an evolving threat landscape due to our hyper-scaled cloud footprint of more than 200 cloud services, over 100 datacenters, millions of devices, and over a billion customers around the globe and our investment in security professionals focused on secure development as well as protect, detect and respond functions. In an effort to mitigate attacks, Microsoft has developed an automated platform, as part of Microsoft Azure, that provides a rapid response to a DDoS attack. On our software-defined networks, the data plane can be upgraded to respond and stay ahead of network traffic, even while our service or corporate environment is under attack. Our DDoS protection platform analyzes traffic in real-time and has the capability to respond and mitigate an attack within 90 seconds of the detection.<\/p>\n

\"microsoft-cyber-defense-operations-center\"<\/a><\/p>\n

Microsoft Cyber Defense Operations Center operates 24×7 to defend against cyberthreats<\/em><\/p>\n

In November 2015, we opened the Cyber Defense Operations Center<\/strong> (CDOC) to bring together the company\u2019s cybersecurity specialists and data scientists in a 24×7 facility to combat cyber adversaries.<\/p>\n

In the year since opening, we have advanced the policies and practices that accelerate the detection, identification and resolution of cybersecurity threats, and have shared our key learnings with the thousands of enterprise customers who have visited the CDOC. Today, we are sharing a Cyber Defense Operations Center strategy brief<\/a> that details some of our best practices for how we Protect<\/strong>, Detect<\/strong> and Respond<\/strong> to cyberthreats in real time.<\/p>\n

Microsoft\u2019s first commitment is to protect the computing environment used by our customers and employees to ensure the resiliency of our cloud infrastructure and services, products, devices, and the company\u2019s internal corporate resources.<\/p>\n

Microsoft\u2019s protect tactics include:<\/p>\n