In a special interview with Israel Defense, Microsoft Israel’s Senior Solution Sales Manager for Cyber Security discusses the company’s future in the field of security solutions
Most of us know Microsoft thanks to Windows and Word, but it is also one of the world’s largest information security company. Its annual turnover from this array is estimated at about $15 billion, much more than the turnover of many other well-known security giants.
In the past two years, Microsoft has been promoting XDR (extended detection and response), its holistic threat protection concept, which stands on three main pillars: an organization’s network; its cloud infrastructure; and management, analytics and organizational policy.
Microsoft also developed several products under the “Defender” brand, for additional operating systems such as Linux, as well as competing cloud infrastructure, such as those of Amazon and Google.
“Our solution is not based on APIs, but on unique connectors developed from scratch for each type of infrastructure,” explains Itay Aharonov, Microsoft Israel’s Senior Solution Sales Manager for Cyber Security.
“The difference lies in the access depth the management tools hold, and the enforcement that can be achieved using our cloud management tool, Sentinel. Sentinel knows how to enforce policies using the client’s defenders. With our solution, it is possible for enforcement to reach all the way to the kernel, which is impossible if we had employed APIs.”
Aharonov explains that during a real incident, if an organization’s defense system is comprised of many manufacturers, it is necessary to bring in an expert for each and every kind.
Another point Aharonov raised has to do with the organization’s ability to block equipment installed in operational environment. In most cases, an organization would prefer to avoid automatic activities in its defense system, in order to refrain from harming the continuity of its business activity. Sometimes, a single firewall rule can disable an entire production line or service to end consumers.
“And what happens in SOC (security operation center) teams?” says Aharonov. “Such teams usually have few employees in relation to the number of alerts. Also, it isn’t always possible to find professionals, depending on job market trends – and team members then are required to handle thousands of alerts from dozens of equipment types. There is a lack of human resources in this area, this is a global crisis.”
“Sentinel serves to aid SOC teams. It enables the detection that you are undergoing an attack, is able to understand the attack’s path, and helps build a method and train the response team on how to react. It can also be used to immediately block the network.”
It is evident that Microsoft invested a great deal in automation capabilities. In simple terms, the quicker the response to a cyber incident, the smaller the direct and collateral damage. This is in theory. But in order to respond, one must know that an attack is taking place, understand it, and know how to tackle it. Aharonov (and many others) believes that a machine would do a better job than any person, as talented as they may be.
“We want to provide 80% response to an attack via automation, to lock server communication and take additional actions. The remaining 20%, of complex actions such as forensics, should be done by people,” explains Aharonov.
“Our solution knows how to map an organization’s network in its entirety. We can locate every position, every server and even IoT equipment. We provide the client with an up-to-date snapshot of their online assets, and know to point at the risks. In addition, we are working on implementing smart traps automatically in the network, so that the organization will be notified when a foreign agent has gained access.”
Is the client required to purchase the entire three-part solution? Aharonov explains, that while this solution does work better if it is fully Microsoft, it was designed in a modular way, so there is support also for competing clouds and operating systems other than Windows.