Microsoft Begins Making Progress On Nadella’s Broad Security Vision

Last fall, Mr. Nadella came to Washington and in a comprehensive speech the Microsoft CEO laid out Microsoft’s broad vision for security in the enterprise. Today, the company made a series of announcements in a lengthy blog post from Microsoft Chief Information Security Officer Bret Arsenault that starts to bring that vision into clearer focus.

It’s probably not a coincidence that the company is making these announcements ahead of the big RSA security conference next week in San Francisco.

Nadella’s speech covered Microsoft’s overall philosophy around security and trust. He discussed the implications of failing to build that trust in an increasingly digital world and he offered some specifics about how Microsoft would attack the growing cyber security problem.

As I wrote at the time describing his speech:

Speaking at the Microsoft Government Cloud Forum, he articulated the company security strategy. Key to this was not only finding ways to secure the key elements of the Microsoft ecosystem — Windows, Azure and Office 365 — but finding ways to secure the infrastructure, the personal mobile devices and the services a company uses, regardless of whether they were Microsoft’s or another vendors.

With today’s announcements, it appears that company is making headway toward advancing some of the elements in Nadella’s speech. This involves a number of new tools and technologies aimed at making customers using Microsoft products and services safer and more secure.

Taking Advantage Of The Security Graph

Nadella introduced the security graph concept during last fall’s speech. This creates a big picture view of an individual or company’s broader security profile in the same way a social graph gives you a big picture view of a person or company’s social activity.

That involves finding a way to process and understand the myriad of signals coming into an enterprise on a daily basis, while taking advantage of the security data Microsoft has been collecting over the years. Finally it requires having tools to work this data to recognize when there is an anomaly that could indicate a security problem.

To that end, the company announced three new products to help better process all of that data. For starters, it’s introducing Azure Active Directory Identity Protection, a tool that helps companies identify compromised credentials based on data Microsoft has accumulated on its 14 billion logons. Building on this information, Microsoft claims it can help individual companies identify when a credential has been undermined. This product goes into preview next week.

In addition, Microsoft is introducing the Azure Security Center Advanced Threat detection, which builds on years of collecting crash data to help find compromised machines (which Microsofts says are sometimes linked to crashes). The idea is to protect virtual machines running on Azure and checking against crash data to assess possible threats related to those crashes.

Finally, the company is introducing a new threat visualization tool that picks up when a server is communicating with a malicious IP address and lets companies visually track the attacker on their system.

Bringing Visibility To The Cloud

The other big step for Microsoft is incorporating technology from the Adallom acquisition last Fall, which gives security and visibility into SaaS applications, whether Microsoft Office 365 or another vendor like Salesforce, Box or ServiceNow. The company has renamed the Adallom technology Microsoft Cloud App Security.

Using that same technology, Microsoft is beefing up Office 365 security to let IT admins see suspicious activity on Office 365, see any other cloud services employees may be using and allowing them to grant or revoke permission to any third party services connecting to Office 365.

The company also announced several partnerships. In his speech last November, Nadella talked about how no one vendor can do this alone and the partner ecosystem is about extending the capabilities to cover as much ground as possible.

“We live in a heterogeneous world. Most customers have bought technology from all sorts of different vendors. No one company can protect them from all of these attacks. We need a rich partner ecosystem where vendors defend different types of data,” Tim Rains, directory of security communications at Microsoft told TechCrunch.

To that end Microsoft announced a few partnerships today too including Check Point, Cisco, Fortinet and Imperva.

The products they are announcing today are in various stages of development with some in preview stage and some generally available or becoming generally available in the next couple of months.

These tools and others announced today provide a starting point for the Microsoft security framework Nadella outlined in his November, 2015 speech. Think of today’s announcements as a step forward on a long journey.

As Microsoft and all vendors selling security services surely know, security is not something that’s ever solved. It requires vendors to evolve continually in an ever-shifting security landscape, but these tools are designed to help Microsoft’s customers fight the good fight.