Security is more important now than ever, given the new players, motives, and sophistication of cybercrime. Earlier this year, Cisco Systems issued it’s Annual Cybersecurity Report (read my coverage here), which, amongst other things, found that the threat surface is rapidly expanding with the advent of IoT, large-scale ransomware attacks are on the rise (remember WannaCry?), and cybercriminals are becoming increasingly evasive and sophisticated by embracing encryption. It’s a scary world out there, and it’s getting scarier—enterprises have to protect themselves. Microsoft, more than ever, is investing to be the enterprise’s one-stop shop for security. Microsoft’s RSA 2018 announcements are another stop along the way and I wanted to weigh in on the company’s security-related announcements coming out of the event.
Azure Sphere debuts
The first announcement I’ll hit on here and the biggest is the preview of Microsoft Azure Sphere, a solution for creating extremely secure microcontroller devices (MCUs). For those unfamiliar, MCUs are the tiny chips that function as the “brain” for the many household and industrial connected devices. Given the proliferation of such devices (9 billion MCU-powered devices are purportedly built and deployed each year), they are an increasing target for cybercriminal activity. Azure Sphere’s three components seek to address this.
First, Microsoft announced Azure Sphere certified MCUs, which combines real-time (MCU) and application processors (MPU) with Microsoft security technology and connectivity” into a cross-over class of MCUs. RTL has been shared with companies like MediaTek, NXP, and Qualcomm and they will actually bring them to market. Secondly, Microsoft announced the new Azure Sphere OS, a Linux-based (yes, for real) OS that Microsoft says is “purpose-built” for security and agility, providing many more layers of security than the ones currently powering most MCUs. All of this is rounded out with the new Azure Sphere Security Service, a cloud-service that protects all Azure Sphere devices and brokers trust in communication through certificate-based authentication. Azure Sphere Security Service detects emerging threats in its ecosystem via online failure reporting and renews security via software updates to make sure all devices are up to date on their protections.
This announcement is huge on many fronts. It fills in many pieces of the puzzle for how Microsoft intends to address the IoT space. First off, Microsoft is a software and services company, not a chip company, but Microsoft realizes that what many customers want right now are solutions, not necessarily piece parts. To be clear, some want full DIY but as many don't want that. And to do so, you need hardware, and OS, apps and a cloud service. It will be important that Microsoft have a roadmap for future devices as the market shifts and turns and would expect more powerful designs in the future. No one wants to invest in a dead-end hardware platform. Like a chip company, Microsoft will need to do updates like chip companies do. The Linux OS is a mind-blower as it’s, well, Linux, and not Windows. Pragmatically, this makes sense, but it’s too bad Microsoft couldn’t get IoT Windows small enough. This is the new Microsoft that is making decisions based on what it thinks is the best customer solution whether it's Windows or not. To program that tiny chip, Microsoft will be extending Visual Studio, of course, which should be easier than many of the impossible-to-use MCU programming tools. At the event, Microsoft claimed “no lock-in” and says the system can be used with current Amazon.com AWS, Google GCP, and IBM Cloud implementations, but I’ll need to do some more research on exactly what that means.
Getting the jump on cyber threats
I’ve always faulted the security industry for the lack of comparable security benchmarks and the coded language it uses. Why would the CEO, CFO, or board of any company pay more for security if it’s not measurable or communicated in a consistent way? Microsoft is now seeking to improve this, with the newly announced Microsoft Secure Score. Secure Score was designed to simplify security assessment for organizations, giving them an overall security benchmark score for their readiness to handle threats, and letting them compare their results with other, similar organizations’ scores using machine learning. While of course, I’ll have to see this in action before I completely weigh in, it looks to be just the sort of security benchmark system I’ve been waiting for, at least at the enterprise-level. What I’d really like to see those same scores designated to PCs, tablets, and phones, too. This would enable organizations to better get funding by having a comparable "benchmark" to compare and justify investments. The security industry needs to get this right else they'l be stuck whining and wondering why companies don't invest in security.
The Attack Simulator is a great addition, and it does precisely what it sounds like it does—simulate attacks. As a part of Office 365 Threat Intelligence, this simulator allows security teams to run mock ransomware and phishing campaigns (amongst other potential forms of attacks), to test their organization’s readiness and better tune their security configurations.
ATP expands its coverage to Microsoft 365
Microsoft also announced at RSA 2018 that the latest Windows 10 update (currently in preview) expands Windows Defender Advanced Threat Protection (ATP) coverage across Office 365, Windows 10, and Azure. This is a very big deal, as Microsoft 365 customers can now get full ATP coverage. New automated investigation and remediation capabilities are also coming to ATP with the new Windows 10 update, which Microsoft says will utilize AI and ML to quickly detect and neutralize endpoint threats, at scale. Given the millions and billions of pieces of alerts that come in, AI is the only way to sort through them all.
The last ATP-related announcement was that Microsoft was adding device risk levels (established by ATP) to Conditional Access in preview, a feature which the company says will help prevent the access of sensitive data by compromised devices. This is like a white, gray and blacklisting for devices and with it, certain pieces of data and recommended remediation, whether that be lock-out, MFA, limit access, etc.
Microsoft introduces new security API
Some companies utilize social (Facebook), search (Google), and shopping (Amazon) graphs to mine intelligence from consumer and business use cases. These companies have this for various reasons and we all got a taste of how some companies and countries use the Facebook social Graph. Microsoft now has its Intelligent Security Graph, which pulls security data from its own endpoints (like Windows and Office 365) and also across companies in the newly-formed Microsoft Intelligent Security Association. The association’s founding members include Palo Alto Networks, Anomoli, and PwC, all of whom add even more signals to the security graph.
I’d love for more companies to join the association, including security stalwarts Apple, Cisco Systems and Arm. Microsoft announced at RSA a preview of a new security API, designed for the purpose of connecting Microsoft Intelligent Security Graph-enabled products and other solutions built by the company’s customers and partners. While Microsoft has a massive (yes, massive) security graph of its own, it’s very important to get as many people collaborating as possible.
Wrapping up
All of these announcements are great examples of the work Microsoft is doing to build end-to-end security capabilities and become a true one-stop-shop for the secure enterprise. Microsoft, and for that matter, companies like Cisco Systems and Palo Alto Networks, realize that stringing together complex security systems from multiple vendors is hard to do and enterprises are asking for help.
I’m glad to see we’re finally starting to have an easier way to see the level of comparable cybersecurity standards with Microsoft Secure Score, which I hope will help justify purchases and internal communications. The Attack Simulator looks to be another great tool to help security teams fine-tune their strategies and not have to wait for a real disaster to happen to test their systems. From the expansion of ATP, to the new Security Graph API, to Azure Sphere, it’s clear Microsoft is serious about addressing the emerging threats that come part and parcel with IoT and the proliferation of unsecured endpoints.
Note: Moor Insights & Strategy writers and editors may have contributed to this article.
Disclosure: Moor Insights & Strategy, like all research and analyst firms, provides or has provided paid research, analysis, advising, or consulting to many high-tech companies in the industry, including Advanced Micro Devices, Apstra, ARM Holdings, Bitfusion, Cisco Systems, Dell EMC, Diablo Technologies, Echelon, Ericcson, Frame, Gen Z Consortium, Glue Networks, GlobalFoundries, Google (Nest), HP Inc. Hewlett Packard Enterprise, Huawei Technologies, IBM, Jabil Circuit, Intel, Interdigital, Konica Minolta, Lenovo, Linux Foundation, MACOM (Applied Micro), MapBox, Mavenir, Mesosphere, Microsoft, National Instruments, NOKIA (Alcatel Lucent), Nortek, NVIDIA, ONUG, OpenStack Foundation, Peraso, Portworx, Protequus, Pure Storage, Qualcomm, Rackspace, Rambus, Red Hat, Samsung Technologies, Silver Peak, SONY, Springpath, Sprint, Stratus Technologies, TensTorrent, Tobii Technology, Synaptics, Verizon Communications, Vidyo, Xilinx, Zebra, which may be cited in this article.
