Last month, Microsoft revealed security tool that protect not only cloud-based workloads in the company’s Azure IaaS public cloud, but also those on customers’ premises and even in competing clouds, such as those from Amazon Web Services.
To fulfill its ambition of getting a larger portion of corporate IT security budgets that have seen healthy growth as companies react to a slew of major hacking incidents, the tech giant introduced Enterprise Cyber security Group (ECG) as a promising tool to deliver “security solutions, expertise and services that empower organizations to modernize their IT platforms, securely move to the cloud, and keep data safe.”
Microsoft launched Enterprise Cybersecurity Group – its latest security tool
Security efforts that Microsoft’s broad put on this tool is a big deal. At the Government Cloud Forum in Washington, D.C. Microsoft CEO Satya Nadella revealed that Microsoft spends $1 billion annually in research and development to improve security across the company’s three major products: Windows 10, Office 365 and Azure. He made sure that security plays an important and can’t be separated from technology. “It has to be core to the operational systems that you use, where your data resides, where your most critical application usage is.”
Much like many other enterprise IT firms, Microsoft is looking to pair security software with human and cloud-based services (security appliance vendors also bundle hardware).
According to the tech giant, ECG‘s provides a range of services such as security assessment, monitoring, threat-detection, and incident-response services. Along with ECG, a new Cyber Defense Operations Center has already featured dedicated teams 24×7 to respond to security incidents, and is said to provide “direct access” to thousands of professionals within Microsoft for dealing with security threats.
The software giant has also announced that Azure Security Center is in testing process, a Web-based console that works with third-party hardware and software where IT administrators can get an overview of their company’s Azure security then base on analytics to detect and respond to threats. Satya Nadella claimed that such features could also be used for on-premise security, and to protect services running on third-party clouds.
ECG‘s provides a range of services such as security assessment, monitoring, threat-detection
It uses policy-based scans to detect whether security best practices are in place or not. For example, if there’s a server hosting a website that does not have a Web Application Firewall (WAF) attached to it, Azure Security Center can flag that and provide users with an opportunity to download a WAF from a the third-party vendor, like Barracuda, F5, or Trend Micro.
Amazon Web Services, which is Azure’s biggest competitor in the IaaS cloud, is testing a similar security tool named Inspector.
Nadella adds that function of this security tool can be extended to customers’ on-premises environments as well, and even this tool is available to clouds delivered by other providers, such as Amazon Web Services, using Microsoft’s Operations Management Suite. A user could for example, be alerted if a virtual machine it has deployed in Amazon’s cloud is communicating with that same malicious IP address.
“We recognize that it’s not just us building these technologies, but we also need to interoperate in a heterogeneous environment,” Nadella said.
Microsoft exec Bret Arsenault: “Microsoft’s unique insights into the threat landscape, informed by trillions of signals from billions of sources, create an intelligent security graph that we use to inform how we protect all endpoints, better detect attacks and accelerate our response.”
Azure Security Center uses what Microsoft calls its Advanced Threat Analytics to detect unusual behavior in a customer’s environment. For example, it could find out that a user is logging in from an unusual location, has attempted incorrect passwords many times, and has eventually gained access. It can also detect communications between a virtual machine and a malicious IP address that Microsoft has found.