Microsoft Announces General Availability of Threat Protection, Insider Risk Management

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Announces General Availability of Threat Protection, Insider Risk Management


Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.



Microsoft today announced the general availability of its Threat Protection and Insider Risk Management platforms, as well as the decision to bring Microsoft Defender Advanced Threat Protection to iOS and Android. The announcements come amid a wave of security product news ahead of RSA Conference.
When Microsoft Threat Protection (MTP) arrived in public preview last December, it was described as an integrated solution built on the Microsoft 365 security suite: Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for email and collaboration, Azure ATP for identity alerts, and Microsoft Cloud App Security (MCAS) for software-as-a-service applications.
MTP is
designed
to bring the capabilities of all of these Microsoft systems together into a single tool and, in doing so, to coordinate threat detection and response. It looks across domains to understand a chain of events, pinpoint affected assets, and protect resources. MTP prioritizes incidents for investigation and response, terminates malicious processes on endpoints, and removes mail-forwarding rules an attacker may have put in place. Its meant to give admins greater visibility, stop attacks from spreading, and automatically fix assets affected in an attack.
Insider Risk Management, built into Microsoft 365 and launched in preview at last years Ignite, aims to help security teams address a threat that has become a primary concern among CISOs. It started with an internal demand at Microsoft to use machine learning to detect threats based on user behavior, explains Ann Johnson, corporate vice president of cybersecurity at Microsoft.
Its one of those solutions that when we brought it to market, the demand was instant, she says. Insider Risk Management uses the same technology that classifies and protects 50 billion documents for Microsoft users; its meant to bring signals, sensitivity labels, and content into a single view so admins can get a picture of whats happening and take appropriate action.
Many insider threat cases are not inherently malicious, Johnson explains. In one preview case, an employee had forwarded a work email to their personal email because there was data they wanted to access, and they didnt realize the email contained confidential proprietary data. In another, the tool picked up on users authenticating into applications from different locations.
The preview process taught Microsoft about how companies approach
insider threats
, which the company believed would be more of a compliance issue, Johnson says. What weve learned is a lot of customers consider insider risk management solely a SOC problem, she explains. Going forward, a goal is to add new capabilities to educate customers on how they can integrate insider threat management into their broader risk management platforms.
In addition to making MTP and Insider Risk Management generally available, Microsoft is bringing Defender ATP to Linux in public preview and plans to bring the security platform to Android and iOS later this year. Mobile apps for both platforms will be demonstrated at next weeks RSA Conference. Defender ATP is already
available
on Windows and Mac platforms.
Among Microsofts
announcements
are changes and capabilities to Azure Sentinel, first
debuted
in February 2019 and made generally
available
in September. The cloud-native SIEM narrows down high volumes of signals into the significant incidents security teams should prioritize. In December, Microsoft used Sentinel to evaluate nearly 50 billion suspicious signals and generated 25 high-confidence alerts for the security operations team to investigate.
Microsoft is bringing in new data connectors and workbooks from Forcepoint, Zimperium, Quest, CyberArk, Squadra, and other partners to enable easier data collection. A new connector for Azure Security Center for IoT lets admins onboard data workloads from the Internet of Things into Azure Sentinel from deployments managed in the IoT Hub. Its also releasing new developer documents, guides, samples, validation criteria, and updated GitHub Wiki.
To show how Azure Sentinel can pull security insights from across the enterprise, Microsoft is letting new and current Azure Sentinel users import Amazon Web Services CloudTrail logs at no additional cost from Feb. 24 through June 30, 2020.
Related Content:
Zero-Factor Authentication: Owning Our Data
Microsoft Patches Exploited Internet Explorer Flaw
RSAC Sets Finalists for Innovation Sandbox
7 Free Tools for Better Visibility Into Your Network
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
10 Tough Questions CEOs Are Asking CISOs.


Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Announces General Availability of Threat Protection, Insider Risk Management