Microsoft on CISOs: Thriving Community Means Stronger Security

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft on CISOs: Thriving Community Means Stronger Security


Microsoft execs detailed the companys reaction to the CrowdStrike incident and emphasized the value of a collective identity.



BLACK HAT USA – Las Vegas – Wednesday, Aug. 7 –
This week at Black Hat, Ann Johnson, corporate vice president and deputy chief information security officer (CISO) at Microsoft, and Sherrod DeGrippo, Microsofts director of threat intelligence strategy, took to the main stage
for their talk,
From the Office of the CISO: Smarter, Faster, Stronger, Security in the Age of AI. While attendees may have expected a discussion focused on ways that AI can help the effectiveness of cybersecurity tools, one could say that Johnson and DeGrippo decided to go off script.
Does anyone remember a couple of weeks ago, there was like a little glitch? DeGrippo asked the crowd, referring to the recent global CrowdStrike outage and earning a laugh in response.
The 
fault sensory configuration update
 to CrowdStrikes Falcon platform on July 19 triggered Microsoft outages for millions, and blue screens of death as far as the eye could see. As the days passed, the fallout continued to grow, with the
estimated monetary loss
amounting to roughly $5.4 billion, excluding Microsofts own losses.
Johnson went on to give the audience the lowdown from someone who was there and witnessed the effects of the outage firsthand. The evening before the incident, Microsoft found itself dealing with a limited scope package in Azure in one of its US regions. 
At 11:30 that night, it was remediated, was resolved, and I went to bed, Johnson said. I was like OK, were good. At 1 in the morning, maybe 1:15, my phone rang with a customer [who] said Hey, I’m getting this blue screen of death.
Other calls started coming in, and she realized this wasnt connected to the Azure outage. Johnson explained that Microsoft then rallied the troops to face the problem.
The pride I had, not just in Microsoft but those people that were literally working in shifts … these folks were working around the clock, she says. The industry was working around the clock. And even though it was the operations folks that were most impacted, not the cyber folks, the resilience, the community, the things I saw in the industry were so powerful that yet again, it renews my faith that we all can win together.
Johnson’s take on the event is that the response to it from professionals was incredible to witness. However, what is the lesson to be learned?
As DeGrippo detailed, the Microsoft Threat Intelligence Center (MSTIC) is focused on working closely with customers regarding intelligence briefings, and is embedded in its community of independent researchers, fellow vendors, and even colleagues at healthcare organizations and in other verticals.
For instance,
Scattered Spider
, a group responsible for a significant number of ransomware events in the past 18 months, is a persistent group that Microsoft has paid close attention to. Microsofts community, from MSTIC to its Digital Crimes Unit (DCU), DeGrippo says, is eager to combat the group, helping law enforcement efforts. And its not just Microsoft that does this, Johnson insists — its peers in the industry are also working with the public sector to defend people from the threat actor, sharing tactics and defense strategies. 
For everything you see in the news, there are thousands of [malicious] things that haven’t happened because all the people in this room stopped it from happening, Johnson told Black Hat attendees. Take a victory lap and a round of applause. Yeah, there’s bad things that are going to continue to happen. But all you stop the thousands of other things from happening, and that’s what community does.
Part of improving the community going forward is embracing technologies that make defenders lives easier. For instance, as GenAI continues to grow in popularity, threat actors will use it to their advantage. According to Johnson, theyll use it to become more effective and efficient at what they do, making them more difficult to combat. What should defenders do in response? The exact same thing. 
We want to use technology like AI or whatever the latest technology is to make you more effective, so you can take that time off, she said, referencing how new strategies and tools are needed to ensure that cyber defenders have less burnout. Events like the CrowdStrike Falcon update snafu and the resulting Microsoft outage should not require people to sacrifice their health or time with family while working hours on end to combat the issues we’re collectively facing, Johnson said.
She added, AI does have a very meaningful role in the world of the CISO and in the world of cyber defenders, but … we want to talk about the human beings, the community, the defenders.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft on CISOs: Thriving Community Means Stronger Security