Posted on Wednesday January 23, 2019 | MSRC alerts
Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state of cybersecurity challenges today, we see the same types of attacks, but the sophistication and scope of each attack continues to grow and evolve. Add to these the threats of nation-state actors seeking to disrupt operations, conduct intelligence gathering, or generally undermine trust.
You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats.
Like many companies, Microsoft takes technical dependencies upon a shared infrastructure, multiple teams, and inter-dependent services. Because of these dependencies, teams must work together to effectively detect and defeat the tactics of sophisticated attackers and cybersecurity threats. With shared guidance and perspective, we can leverage existing people and process to respond to the previously “unseen” and the “unknown” issues that suddenly fall into scope. There are also situations where a group of people can share deep subject matter expertise, or cross-organizational talents and contacts, or some combination of qualities without having to resource them in each team.
Within the Microsoft Cyber Defense Operation Center (CDOC), we focus on these dependencies with teams that coordinate threat intelligence, security monitoring and incident response by exploiting both the common, and unique capabilities of each specialization. It is here that we leverage our global workforce of more than 3,500 security professionals across our product development teams, information security groups, and legal teams to protect our cloud infrastructure and services, products and devices, and internal resources. The engineering teams behind our commercial security solutions, like Azure Security Center (ASC), also take advantage of the Cyber Defense Operation Center (CDOC) community to test hypotheses and pre-flight solutions in a real-world environment. This model is based on a closed-loop system of intelligence, defense, and control that streamlines our security capabilities for more than 200 cloud services, over 100 datacenters, millions of devices, and over a billion customers around the globe.
It is also critical that Microsoft meet and exceed customer expectations of an enterprise-focused cloud provider. Customers expect an integrated security operations center with a mission to enhance the capability, cooperation and information sharing in cyber defense by virtue of education, research and development, lessons learned and consultation. By sharing the state of our security capabilities, as well as proposed improvement investments, we can replace vulnerability with capability by building innovative security solutions intended to outpace cyber adversaries. While security has always been a priority for Microsoft, we recognize that the digital world requires continuous advances in our commitment in how we protect, detect, and respond to cybersecurity threats. These three commitments define our approach to cyber defense and serve as a useful framework for our discussion of Microsoft’s cyber defense strategies and capabilities.
Microsoft’s protect tactics include:
Having a rich set of controls and a defense-in-depth strategy helps ensure that should any one area fail, there are compensating controls in other areas to help maintain the security and privacy of our customers, cloud services, and our own infrastructure environment.
Microsoft operates under an Assume Breach posture. This simply means that despite the confidence we have in the defensive protections in place, we assume adversaries can and will find a way to penetrate security perimeters. It is then critical to detect an adversary rapidly and evict them from the network.
Microsoft’s detect tactics include:
When we detect something abnormal in our systems, it triggers our response teams to engage.
Microsoft’s respond tactics include:
There is a lot of data and tips in this strategy brief that I hope you will find useful. You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect and respond to cybersecurity threats. And I encourage you to visit the Microsoft Security Response Center’s website to learn more about how we build security into Microsoft’s products and services to help you protect your endpoints, move faster to detect threats, and respond to security breaches.
Microsoft’s Cyber Defense Operations Center:
Kristina Laidler, Sr. Director SOC and IR, Digital Security & Risk Engineering
Monica Drake, Principal Security Program Manager, Microsoft Security Response Center
The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For more than twenty years, we have been engaged with security researchers working to protect customers and the global online community. For more information, please visit our website at www.microsoft.com/msrc and follow our Twitter page at @msftsecresponse.