Cybercriminals no longer have an advantage over security professionals, according to Bret Arsenault, CISO at Microsoft, who attributes the shift in power dynamics to the rise of cloud services and platforms. Speaking to the media, Arsenault discussed Microsoft's approach to protecting itself and its customers against an ever-evolving arsenal of threats, especially in light of the rise of remote work. According to Arsenault, the ability to effectively protect customers and staff comes down to the ability to feed security systems the largest amount and widest range of information, which would not have been possible before the augmentation. the power of cloud services and artificial intelligence. “One of the most significant changes in the security landscape is the migration to cloud services, which brings us incredible opportunities and telemetry,” he explained. “Modeling a massive set of signals gives us better detection facilities. Bad actors don't have this kind of access, so security teams aren't as disadvantaged as before. "
Microsoft Security
Today, Microsoft receives telemetry data from an enviable variety of different sources, including messaging services, documents, browsing activity, identity data, and more. The company also updates more than a billion Windows PCs per month as part of its regular update program, which also generates a lot of data that can be funneled toward security efforts. This range of signal sources, according to Arsenault, is the company's main ammunition against the efforts of cybercriminals. “In the past, we relied on the signal from the network, but now a diversity of signals is needed for sufficient protection,” he said. “All this scale gives you a great opportunity to get statistically significant results. But scale diversity is more important than scale: network signal, endpoint signal, identity signal, application signal, etc. " "The added value of these various signals gives us an unprecedented ability to protect . "Arsenault also touted the importance of a zero-trust mentality, particularly in a post-coronavirus context where a significant proportion of employees remain remote. A zero-trust model dictates that any entity attempting to access the corporate network must first be verified, unlike traditional network scenarios, where anyone on company premises could have access to company assets.” The security control plane was once the network, but today we believe that the control plane has moved to identity. This is the most significant change in the customer transition to the cloud," Arsenault said. "Being at the forefront of an enterprise shouldn't affect the security footprint. In the global environment In today's world, with many people working remotely, identity is a much more scalable way of providing a secure work environment than a network." For Microsoft, therefore, a strong cybersecurity stance in today's landscape boils down to three key elements:- Strong identity management, ensuring that a person is who they say they are
- Telemetry analytics to help increase security policies
- Monitor device health to correct endpoint security armor flaws