Microsoft Security highlights from RSA Conference 2023

The RSA Conference (RSAC) gave us an incredible opportunity to meet with security professionals from around the world, learn about exciting advances in the world of cybersecurity, and share our own security innovations. Defenders everywhere serve an important mission of protecting our world, and RSAC is a special time to connect with the defender community and support each other in our collective mission.

I had the honor of representing Microsoft at our RSA keynote, “Defending at Machine Speed: Technology’s New Frontier.” AI is having a profound impact in our world, and I believe security is going to be one of AI’s most important use cases. During this session, I shared how AI is causing a paradigm shift, augmenting the essential power of human intuition and expertise and reshaping the future of cybersecurity. For details, watch the full keynote here (video courtesy of RSA Conference).

RSAC is the largest and most important cybersecurity conference in the industry—we value every opportunity to learn directly from our customers, partners, and community, and share how Microsoft Security is empowering our customers to protect everything.

Let’s walk through some of the most memorable moments from RSAC.

Pre-Day with Microsoft

Microsoft Security opened RSAC with the Pre-Day event and reception on Sunday, April 23. Pre-Day was an expansion of our presence at RSAC and amplification of the announcements we made at Microsoft Secure. The presentations helped attendees gain a deeper understanding of what an AI-powered future means for cybersecurity. They also shared comprehensive strategies to help organizations protect everything, highlighted the latest announcements in Threat Intelligence, which is critical to defending against an evolving threat landscape, and gave customers a chance to interact with Microsoft Security business and engineering leaders, as well as network with their peers during an evening reception. I was very pleased to share the stage with Charlie Bell, Executive Vice President, Microsoft Security; Bret Arsenault, CVP, Microsoft Security and Chief Information Security Officer; Kelly Bissell, CVP, Microsoft Security; Andy Elder, CVP, Microsoft Security Solution Area; Jeremy Dallman, Principal Research Director, Microsoft Threat Intelligence; Holly Stewart, Principal Research Director, Microsoft Threat Intelligence; and engineering leaders.

Major product announcements

Microsoft Security Copilot, Microsoft’s new generative AI solution, garnered plenty of buzz during the conference. First announced at Microsoft Secure, Security Copilot combines the latest Open AI large language model with Microsoft’s unique security specific model powered by 65 trillion signals, human intelligence, and cyberskills to help defenders move at the speed and scale of AI. It was wonderful to see the interest from our customers and partners for Security Copilot.

Now in private preview, this groundbreaking technology serves as a true copilot to defenders. It augments a security analyst’s work, continually learning from users and letting them provide feedback and inform future interactions. The AI capabilities you gain include ongoing access to the most advanced OpenAI models, integration with Microsoft’s end-to-end security portfolio, and visibility and evergreen threat intelligence powered by your organization’s security products and the 65 trillion threat signals received by Microsoft every day. Importantly, Security Copilot is built with privacy at its heart. This means your data remains your data, and it is not used to train or enrich foundation AI models. Further, Security Copilot runs on our security and privacy-compliant Azure Cloud hyperscale infrastructure, enabling organizations to truly defend at machine speed.

In other threat intelligence news, Microsoft Defender Threat Intelligence is now available to licensed customers directly within Microsoft 365 Defender. It’s already integrated with Microsoft Sentinel and now has an application programming interface (API) to help enrich incidents, automate incident response, and work with a broad ecosystem of security tools. With this advancement, you get one of the world’s best threat intelligence, integrated with the tools you use every day.

Specific capabilities available as part of a Microsoft Sentinel solutions package—generally available beginning in July—are:

Microsoft Defender Threat Intelligence enrichment playbooks: Defender Threat Intelligence integrates with all security information and event management (SIEMS) via an API, but playbooks in the Microsoft Sentinel Content hub are available to enrich incidents with reputation data to add context and triage them automatically.

Microsoft Defender Threat Intelligence data connector: Microsoft threat researchers add indicators of compromise (IOCs) from finished intelligence to the threat intelligence (TI) blade to add massive value to Microsoft Sentinel users by adding critical context and enhancing detections and investigations.

Microsoft Defender Threat Intelligence analytics rules: This built-in rule takes URLs, domains, and internet protocols (IPs) from a customer environment via log data and checks them against known bad IOCs from Defender Threat Intelligence, creating incidents when there’s a match.

At RSAC, we also had several other major product announcements.

Security researchers and customers are confronted with an overwhelming amount of threat intelligence data—and we want to help by giving them better clarity. Our new threat actor naming taxonomy will offer a more organized, articulate, and easy way to reference adversary groups so that organizations can better prioritize threats and protect against attacks. Microsoft Security also is rolling out a new icon system to make it even easier to identify and remember threat actors. Each icon represents a unique family name and will accompany the threat actor names as a visual aid. 

To demonstrate these changes, we showcased the Microsoft Threat Intelligence Interactive Experience at our booth and Microsoft Security Hub.

Microsoft Defender for API is a new offering focused on threat protection for APIs—built for organizations that provide cross-organizational visibility of the Azure API Management inventory, data classification, and coverage to detect exploits of API risks. Classify and understand the API security posture based on cloud security insights and sensitive data exposure. Harden API configuration and prioritize API risk remediation by monitoring for security best practices in a full lifecycle approach, across infrastructure as code templates and runtime environments. Detect and respond to active runtime threats within minutes—using machine learning powered anomalous and suspicious API usage detections. 

Microsoft Defender External Attack Surface Management (MDEASM)—Data Connector provides automated export of attack surface details, updates, and findings to Kusto or Microsoft Sentinel Log Analytics, giving customers the ability to analyze, report, and correlate attack surface information against other data sources and use additional tooling such as Power BI to customize analysis to their organization’s needs. 

Now in general availability as part of the Microsoft Intune Suite and as a standalone add-on, Microsoft Intune Endpoint Privilege Management is a feature that enables admins to set policies that allow standard users to perform tasks normally reserved for an administrator. The feature supports automatic and user-confirmed workflows for elevation as well as insights and reporting. 

RSA Conference highlights

Highlights of our sessions included:

Hands-on Tutorial to Red Teaming AI Systems with Open Source Tools: Microsoft’s Raja Sekhar Rao Dheekonda and Charlotte Siska shared how to use open source tools to red team AI models. These tools can be adapted to multiple environments, models, and data types.

Geopolitical Resilience: Why Operational Resilience Is No Longer Enough: Microsoft’s Ann Johnson and Team8’s Nadav Zafrir spoke about how merging business, social, and political crises necessitates a new approach to resilience. More than operational recovery, organizations have new dimensions of risk to consider, including deglobalization, data sovereignty, sanctions, and forced market exits.

Microsoft Security Hub sessions and activities

Living up to its name, the Microsoft Security Hub was a hubbub of activity throughout RSA Conference. Held at the Ecosystem Coworking Space, the private and semi-private meeting rooms provided fantastic opportunity for us to meet with customers and partners, and there were multiple learning opportunities and networking events.

Microsoft sessions and experiences

During our session “AI: Shaping Security Today and Into the Future”, Microsoft’s Scott Woodgate discussed how AI is an integral part of Microsoft’s security strategy, helping drive security operations center efficiency with Microsoft Sentinel and Microsoft 365 Defender and now taking it to the next level with Microsoft Security Copilot.
The Microsoft Threat Intelligence Interactive Experience wowed attendees throughout the conference. The experience invited hundreds of people to explore our unparalleled, 360-degree view of the threat landscape. The 3D-touchscreen globe was unlike anything found at the conference. Customers explored the new threat actor taxonomy with stunning visuals, an interactive quiz to test their cybersecurity knowledge, and attack chain case studies to explore the tactics, techniques, and procedures (TTPs) of threat actors. The experience wowed customers, “This is something only Microsoft would do, this is amazing,” and was moving to others, “This just means a lot being able to see the stuff I work with every day visualized like this.”
Another popular event was our Threat Intelligence Happy Hour, hosted by Microsoft Security Experts, on April 25. This networking event allowed customers and partners to connect with the many, varied experts from Microsoft Security to talk shop, score swag, and learn more about the new threat actor taxonomy in a casual setting that included drinks aligned to the new weather-themed taxonomy.  
We kicked off the first day of RSAC with the Diversity Executive Women’s Lunch, where I joined Aarti Borkar, Ann Johnson, Tanya Janca, and Lynn Dohm to discuss what industry, academia, government, and not-for-profits can do together as a community to nurture more women into successful careers in cybersecurity. With an audience of security leaders, not-for-profit representatives, community college students, and educators, this session welcomed an inspiring reflection on the importance of diversity for building a strong workforce, provided calls to action to make real difference, and enabled a great networking moment.

Celebrating women in cybersecurity with presenters (pictured from left to right): Ann Johnson, CVP, Microsoft Security, Lynn Dohm, Executive Director, Women in Cybersecurity, Vasu Jakkal, Tanya Janca, Founder and Chief Executive Officer, We Hack Purple, and Aarti Borkar, Vice President, Customer Success, Microsoft Security.

RSA Conference ancillary events

Microsoft Security Excellence Awards (MISA) members gathered on April 24 at The Fairmont Hotel to honor award winners in 11 security categories at the Microsoft Security Excellence Awards. The fourth annual awards give us an opportunity to recognize outstanding contributions of partners in our MISA organization. MISA is a coalition of Microsoft leaders and subject matter experts, independent software vendors, and managed security service providers working together to defend organizations around the world from increasing threats. Watch the awards yourself to see all the excitement!

Two nights later, Microsoft sponsored the 13th Annual Executive Dinner, hosted by Forgepoint Capital and PwC. The event’s theme was “Working Together in the New Era of Transparency and Resilience.” Guests enjoyed dinner, cocktails, and conversation about cybersecurity.

Join us for Microsoft Build

We relish any opportunity to connect with customers and partners and hear your stories of how you’re innovating with technology. Thankfully, we don’t have long to wait. Join us in Seattle for Microsoft Build, including pre-day workshops on May 22 and keynotes, Expert Meet-ups, sessions, demos, and skill labs May 23 to 25. If you can’t attend in-person, consider attending virtually May 23 to 24. Register today to reserve your spot.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Security highlights from RSA Conference 2023 appeared first on Microsoft Security Blog.

Article Link:

1 post – 1 participant

Read full topic

About The Author