If you ever doubted Microsoft in the security space... the read on

Microsoft 's Key Security Announcements at RSA 2019

Microsoft this week has announced a truck load of service wide enhancements, new services and new alliances at the RSA Conference 2019 which took place in San Francisco. Here's a summary of the highlights...

1. Microsoft Azure Sentinel

The high volume of alerts received by security operations (SecOps) teams can often be overwhelming (especially for organisations that don't have a dedicated SecOps team). This, together with an general global shortage of IT security professionals can mean that legitimate threats across our ever expanding, non-perimeter based environment get overlooked or missed.

Microsoft Azure Sentinel, which is currently "reimagines" the security and events management (SIEM) tool by leveraging artificial intelligence (AI) to make it easier to collect security data across the organisation from devices, to users, to apps, physical network infrastructure, servers and across any cloud platform. As a result, instead of spending time setting up, maintaining, and scaling infrastructure, SecOps staff can focus on identifying real threats quickly and efficiently.

2. Security Partner Alliances Expansion

With so many vendors and service providers claiming to be the best in their game and have the biggest attack SOC service, combined with the cybersecurity talent shortage that exists, Microsoft is working closely with more and more partners to deliver security tools and services that work well together. Key announcements from RSA this year included:

• More than 50 security partners are now working in alignment with the Microsoft Intelligent Security Association, integrating their solutions with Microsoft products to provide customers better visibility, protection, detection, and response.
• Microsoft have announced many new capabilities in Microsoft Graph Security API to enable organisations, partners and third parties to better simplify their integration, speed to market, speed to response, and of course in improving the effectiveness of current and future security investments.
• Azure Active Directory (Azure AD) now integrates with several leading security and segmentation applications and services. Microsoft spent time focusing on their recent Zscaler application integration - the enhanced partnership promises to provide increased security and scalable access for users.

3. Adding Additional Security Controls

Microsoft took to the stage to ensure that SecOps everywhere are aware of the continual investment Microsoft is making in continually strengthening their security capabilities across their products and services. Noticeable enhancements include:

• Threat intelligence-based filtering now built-in to Azure Firewall.
• Azure Security Center now uses machine learning to reduce the attack surface of internet-facing virtual machines and networks, and its application whitelisting controls have now been extended to Linux as well as on-premises servers.
• Microsoft Threat Protection now provides automated investigation and remediation across the centralised Microsoft Security Center.
• Microsoft Cloud App Security and Azure AD conditional access are coming together to provide better alignment and integration to better control access to data and services.
• Native capabilities in the Office 365 Click-To-Run version of Office client applications help authors apply the right classification and sensitivity labels in accordance with the organisation's security and compliance policies.

4. Securing the Internet of Things

Microsoft has been working closely with the Industrial Internet Consortium to produce a new Internet of Things (IoT) Security Maturity Model that provides clear industry best practices for organisations to evaluate their IoT risk and plan remediation. We’ve also added a new deployment method to Azure Sphere to help customers reduce their risk across all their IoT devices.