Tag: Security

This post was coauthored by Diana Kelley, Cybersecurity Field CTO, and Siân John, EMEA Chief Security Advisor, Cybersecurity Solutions Group.

You’ve got a big dinner planned and your dishwasher goes on the fritz. You call the repair company and are lucky enough to get an appointment for that afternoon. The repairperson shows up and says, “Yes, it’s broken, but to figure out why I will need to run some tests.” They start to remove your dishwasher from the outlet. “What are you doing?” you ask. “I’m taking it back to our repair shop for analysis and then repair,” they reply. At this point, you’re annoyed. You have a big party in three hours, and taking the dishwasher all the way back to the shop for analysis means someone will be washing dishes by hand after your party—why not test it right here and right now so it can be fixed on the spot?

Now, imagine the dishwasher is critical business data located throughout your organization. Sending all that data to a centralized location for analysis will give you insights, eventually, but not when you really need it, which is now. In cases where the data is extremely large, you may not be able to move it at all. Instead it makes more sense to bring services and applications to your data. This at the heart of a concept called “data gravity,” described by Dave McCrory back in 2010. Much like a planet, your data has mass, and the bigger that mass, the greater its gravitational pull, or gravity well, and the more likely that apps and services are drawn to it. Gravitational movement is accelerated when bandwidth and latency are at a premium, because the closer you are to something the faster you can process and act on it. This is the big driver of the intelligent cloud/intelligent edge. We bring analytics and compute to connected devices to make use of all the data they collect in near real-time.

But what might not be so obvious is what, if anything, does data gravity have to do with cybersecurity and the security operations center (SOC) of tomorrow. To have that discussion, let’s step back and look at the traditional SOCs, built on security information and event management (SIEM) solutions developed at the turn of the century. The very first SIEM solutions were predominantly focused on log aggregation. Log information from core security tools like firewalls, intrusion detection systems, and anti-virus/malware tools were collected from all over a company and moved to a single repository for processing.

That may not sound super exciting from our current vantage point of 2018, but back in 2000 it was groundbreaking. Admins were struggling with an increasing number of security tools, and the ever-expanding logs from those tools. Early SIEM solutions gave them a way to collect all that data and apply security intelligence and analytics to it. The hope was that if we could gather all relevant security log and reporting data into one place, we could apply rules and quickly gather insights about threats to our systems and security situational awareness. In a way this was anti–data gravity, where data moved to the applications and services rather than vice versa.

After the initial “hype” for SIEM solutions, SOC managers realized a few of their limitations. Trying to write rules for security analytics proved to be quite hard. A minor error in a rule led to high false positives that ate into analyst investigative time. Many companies were unable to get all the critical log data into the SIEM, leading to false negatives and expensive blind spots. And one of the biggest concerns with traditional SIEM was the latency. SIEM solutions were marketed as “real-time” analytics, but once an action was written to a log, collected, sent to the SIEM, and then parsed through the SIEM analytics engine, quite a bit of latency was introduced. When it comes to responding to fast moving cyberthreats, latency is a distinct disadvantage.

Now think about these challenges and add the explosive amounts of data generated today by the cloud and millions of connected devices. In this environment it’s not uncommon that threat campaigns go unnoticed by an overloaded SIEM analytics engine. And many of the signals that do get through are not investigated because the security analysts are overworked. Which brings us back to data gravity.

What was one of the forcing factors for data gravity? Low tolerance for latency. What was the other? Building applications by applying insights and machine learning to data. So how can we build the SOC of tomorrow? By respecting the law of data gravity. If we can perform security analytics close to where the data already is, we can increase the speed of response. This doesn’t mean the end of aggregation. Tomorrow’s SOC will employ a hybrid approach by performing analytics as close to the data mass as possible, and then rolling up insights, as needed, to a larger central SOC repository for additional analysis and insight across different gravity wells.

Does this sound like an intriguing idea? We think so. Being practitioners, though, we most appreciate when great theories can be turned into real-world implementations. Please stay tuned for part 2 of this blog series, where we take the concept of tomorrow’s SOC and data gravity into practice for today.

Microsoft is offering new security tools to political campaigns — some measures with a level of technology usually reserved for government and big corporate customers — as it expands its efforts to stifle hacking attempts from foreign entities.

The Redmond company announced late Monday a new set of tools, called AccountGuard,  that will closely watch hacking attacks and attempts made against campaigns, and notify their staff when threats occur. Microsoft will also offer training for staffers on how to make accounts more secure, and let them test new security tools “on a par” with the features Microsoft sells to government and corporate clients.

The AccountGuard services will be included for free to campaigns, candidates, think tanks and other political groups that are Office 365 customers. The service is the newest part of Microsoft’s Defending Democracy program announced this spring, which aims to make elections secure.

Microsoft pointed to the need to expand security efforts, saying it seized six website domains last week, with the help of a court order, that belonged to hacking group Fancy Bear. The group is believed to have ties to the Russian government and was behind the 2016 hack against the Democratic Party.

That group and others like it use domains such as senate.group and office365-onedrive.com to give the appearance of a trusted organization when they send out phishing emails. The emails could be used to obtain passwords and infiltrate political organizations.

So far, Microsoft has shut down 84 of these fake domains set up by Fancy Bear in the past two years. The company also revealed last month that it thwarted two attempts last fall by hackers trying to get inside two Senate candidate campaigns, including Missouri Democrat Sen. Claire McCaskill’s.

The number of hacking attempts has ticked up as midterm election campaigns get underway, Microsoft President Brad Smith wrote in a blog post Monday. It’s widely believed the threats aren’t as numerous as they were during the 2016 elections, but cybersecurity executives say they are still serious.

“We can only keep our democratic societies secure if candidates can run campaigns and voters can go to the polls untainted by foreign cyberattacks,” Smith wrote.

Black Hat USA 2018 brings together professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. This is an exciting time as our Microsoft researchers, partners, and security experts will showcase the latest collaborations in defense strategies for cybersecurity, highlight solutions for security vulnerabilities in applications, and bring together an ecosystem of intelligent security solutions. Our objective is to arm business, government, and consumers with deeply integrated intelligence and threat protection capabilities across platforms and products.

Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at Black Hat USA, the Microsoft Security Response Center (MSRC) highlights the contributions of these researchers through the list of “Top 100” security researchers reporting to Microsoft (either directly or through a third party) during the previous 12 months. While one criterion for the ranking is volume of fixed reports a researcher has made, the severity and impact of the reports is very important to the ranking also. Given the number of individuals reporting to Microsoft, anyone ranked among the Top 100 is among some of the top talent in the industry.

In addition to unveiling the Top 100 and showcasing Microsoft security solutions at Booth #652, there are a number of featured Microsoft speakers and sessions:

Join us at these sessions during the week of August 4-9, 2018 in Las Vegas and continue the discussion with us in Booth #652, where we will have product demonstrations, theatre presentations, and an opportunity to learn more about our Top 100 and meet with some of Microsoft’s security experts and partners.

We live in a time of both great opportunity and great responsibility. Our children have access to more information, entertainment and more ways to connect than ever before, but with that comes plenty of new things that parents like you and I need to worry about and new ways to distract their attention. Today, we are excited to introduce new features that make it easier and safer for families to interact with technology and, each other, across devices and platforms.

Creating tools and features that empower both parents and kids has always been an important part of our work and is becoming increasingly vital, not only to us as a business, but to us as individuals – parents, aunts and uncles, siblings and friends. As a mother to a young and curious daughter, I deeply understand the need for tools to help balance the use of technology in the home as well as out of the home. It’s especially near and dear to me as leader of a team building experiences for mobile devices. We emphasize the idea of transparency as a guiding principle for these new experiences. Today, I am happy to share new features that will help create greater transparency between parent and child, as well as between Microsoft and parents in what to expect from our tools.

We’re bringing new features to the popular Microsoft Launcher app for Android with two new mobile experiences, currently in preview, that give parents more peace of mind for their family and a look at your child’s activity across their devices – Windows 10 PCs, Xbox One devices, and now their Android phone.

With Microsoft Launcher installed on your family’s Android devices and a Microsoft family group of accounts set up, parents can:

• Stay up to date on kids’ whereabouts. At home and on the go, you can use Microsoft Launcher to get an update on your kids’ location and rest easier knowing they are safely where they should be. You can see your child’s (or children’s) last known location and time.
• Be aware of which apps your kids are using. Check in on your kids’ app activity on their Android device, including which apps are accessed and time spent on each app. With Xbox One or a Windows 10 PC set up in your family portal, you can also view their activities on those devices through Microsoft Launcher.

Microsoft Launcher is the only launcher that gives parents this visibility across Android, Windows 10, and Xbox One devices. Children and parents always have the option to toggle features off and on at any time and, best of all, it’s free. If you have a Microsoft family group, you can install Microsoft Launcher on your family’s Android devices. If you don’t have a family group set up yet, it’s easy – here’s how.

With Microsoft Edge, the ability to allow or block websites has always existed on your PCs. Now, we are extending this feature to you and your family’s Android devices. If you have set up a Microsoft family group, any websites you have already tagged as allowed or blocked for your kid(s) will carry the same settings as they try to access websites in Microsoft Edge on their Android devices. The update will begin rolling out today.

We are also excited to announce MSN Kids, currently in preview, a curated news site created specifically for children in the elementary and middle school age group. We saw a need for a place for kids to learn about the world in a safe, trustworthy and fun environment. The site offers editorially curated, age-appropriate news and features from partner publishers such as Time for Kids, Popular Science, Sports Illustrated for Kids, National Geographic, and USA TODAY.

Content is kid-friendly and helps children find things of interest to stay engaged, learn, and have fun – with no sponsored content or advertising. Kids can learn about animals, the world around them, kids like them doing interesting things around the globe and more. When using Microsoft Edge, kids can also use pen and read aloud to engage with puzzles or assist with reading articles. Check out the preview today at msnkids.com.

These new experiences are the next step in a long history of creating products, features, and settings with families in mind, spanning gaming to mobile to PC and the web.

• Family safety settings in Windows 10 and Xbox One:  With families today owning more personal devices than ever, including kids at increasingly younger ages, we’ve invested in family settings that work across devices and platforms. A core set of family safety settings – including the ability to block mature content and apps, set screen time limits, and review kids’ purchase requests – have long been available for Windows 10 PCs and Xbox One devices. These settings help parents keep kids safer, while also fostering independence and letting kids do homework, research, and be creative, using technology as a powerful learning tool.
• Safer online spending with Ask a parent:  One especially useful setting, called Ask a parent, lets parents avoid surprise spending on Xbox or the Microsoft Store by receiving notifications when kids want to make a purchase. Parents can decide whether to approve based on the maturity level, cost, and whether it fits within screen time allowed. From the kids’ perspective, it’s a good way to let Mom or Dad know what cool new game they want. From the parents’ perspective, it’s a good way to help kids manage temptations (such as in-app purchases) and make good choices.
• Shared family notebook in OneNote: Earlier this month we released the new family notebook in OneNote. We know families are busier than ever and with a family notebook your whole family can stay in sync and organized – from shopping lists to vacation planning, the whole family can share, edit and access information in one place.

These are just some of the many great features across our devices and services that empower families with peace of mind, tools to learn, grow and, of course, have fun. More information can be found at this page. Please download Microsoft Launcher and Microsoft Edge for Android and give the new features a try. We look forward to hearing your feedback so we can empower you with the best tools to create the safest, most productive and fun experiences for our families.

Microsoft gives parents peace of mind with new family features across devices

Tweet This