Shuffling the Security Stack

Not long after the Microsoft Inspire virtual event in July, the team at ITC Secure signed up to Microsoft Ignite, dropping in on sessions held last week.

Microsoft Ignite is an annual flagship conference for developers, technical decision makers and IT implementers. Last year it was held at ExCeL London, which I attended to find out more about Azure Sentinel and its developments. Due to the current pandemic this year, ExCeL London has been redesigned as a hospital and the conference was made completely virtual.

MS Ignite covers all things within the Microsoft stack, from Teams to A.I. and Data Analytics, but I am going to focus specifically on the Security element because there are some really big announcements to let you know about.

For those who know about Microsoft security products will know that there has been a product for not only everything, but they have also had several names. For example, Microsoft Defender and Microsoft Defender ATP. Advanced Threat Protection (ATP) followed so many product names it was confusing, and in order to do a complete investigation you needed to log into more than one product.

Probably the biggest Microsoft announcement in security is the consolidation of the naming conventions and increase in functionality of Microsoft 365 Defender. Microsoft Defender ATP, Microsoft Cloud App Security and Azure ATP are now covered under this new name. See below:

Next up, Microsoft announced a unified SIEM and XDR to modernise security operations. Extended Detection and Response (XDR) is designed to deliver intelligent, automated and integrated security across domains to help defenders, such as SOC analysts, connect seemingly disparate alerts and get ahead of the attackers.

XDR combines Microsoft 365 Defender with Azure Defender. Azure Defender used to be known as Azure Security Center.

Additional updates include Microsoft 365 Lighthouse, which ITC are working closely with Microsoft on to understand the benefits available to our customers. Lighthouse provides the permissions for a service provider to manage a customer’s tenant.

As a reflection of Microsoft’s development sprint in the security space, they had some exciting updates within Azure Sentinel. User and entity behaviour analytics and threat intelligence capabilities have been released. These updates allow customers to pinpoint threats across their estate. They provide insight into detecting unknown threats and anomalous behaviour of compromised users and insider threats. The evolution of Azure security allows users to maintain security whilst working remotely and fending off evolving threats.

Additionally, ITC are contributing to developments to the Azure architecture supporting Sentinel to address cross-regional resiliency.

Microsoft Ignite was an insightful event and it’s clear to see the innovation and efforts that go into making these virtual conferences engaging. As Microsoft pointed out, two years-worth of digital transformation were observed in the first two months of the COVID-19 pandemic. Who knows what next year has in store – will we revert to in-person events or will digital experiences become the new normal?

Rebranding of Threat Protection Products:

  • MTP > Microsoft 365 Defender
  • MDATP > Microsoft Defender for Endpoint
  • OATP > Microsoft Defender for Office 365
  • AATP > Microsoft Defender for Identity

Azure Security Center solutions are rebranded:

  • Azure Defender for Servers
  • Azure Defender for IoT
  • Azure Defender for SQL

Microsoft unified SIEM and XDR = Microsoft 365 Defender + Azure Defender + Azure Sentinel