Microsoft researchers, partners and security experts showcase the latest collaborations in defence strategies for cybersecurity
The cyberthreat landscape is evolving rapidly. According to a recent Kaspersky Lab report, more than 150 million malware attacks occurred in Q1 2019 in the Middle East, Turkey and Africa alone, representing an average of 1.6 million attacks per day, and an alarming 108% year over year increase from Q1 2018.
But, by being laser-focused on the latest research and innovations created to address today’s threats, we can shape the future of cybersecurity.
According to Ann Johnson, CVP of the Microsoft Cybersecurity Solutions Group, a modern security approach requires a combination of industry partnerships, intelligence sharing and collaborations. “We have to think about security as a team sport,” she says as Microsoft attended Black Hat USA, one of the biggest infosec events in the world. “That’s why at Microsoft, we work with our partners and the security research community to identify and mitigate potential issues before our customers are ever impacted.”
Part of creating a strong security community is making sure the whole team has the latest play book. When Microsoft’s Security Response Centre successfully executed a court order to disrupt and transfer control six internet domains created by the Strontium attack group, they knew it was imperative to share their innovative approach to help strengthen the community’s knowledge. As Eric Doerr, General Manager of Microsoft’s Security Response Centre says, “We knew that cyberattacks were becoming increasingly sophisticated, and this affirmed our belief that cyber defenders should share attack experiences and techniques. By sharing these stories from our response teams, we are empowering defenders everywhere to help protect their networks better.”
This need for a collaborative approach to security is also the reason Microsoft seizes opportunities to share its experiences and help all defenders become more resilient. Events like Black Hat USA, for example, which took place 5 – 8 August, 2019 in Las Vegas, are great opportunities for front-line cyber teams to have ongoing conversations with partners and defenders from across the industry.
During the week of Black Hat, Microsoft gave defenders a snapshot of the work going on every day on the front-lines of Microsoft security – from its innovations in malware detections to best practices to help ensure if a cyber incident happens, defenders are well equipped to recover quickly.
Safety in the cloud
Knowing that the future of computing would be powered by the cloud, Microsoft invested in keeping its Azure cloud secure by launching the Azure bug bounty programme in 2015. Now, to encourage even more researchers to join the hunt, Microsoft is doubling the top reward for discovering Azure vulnerabilities to $40,000.
And, to make it easier for researchers to confidently and aggressively test Azure, Microsoft is inviting a select group of talented individuals to emulate criminal hackers in a customer-safe cloud environment called the Azure Security Lab. This new test environment enables security researchers to test attacks against cloud scenarios without risk to Azure customers. Participants can not only research vulnerabilities in Azure, they can attempt to exploit them in a contained space.
“The Azure Security Lab will also have new scenario-based challenges with additional bounty awards of up to $300,000. Throughout the year, more than $2 million of scenario bounty rewards will be offered to Azure Security Lab participants,” said Kymberlee Price, Principal Security PM Manager at Microsoft’s Security Response Centre.
Microsoft is committed to ensuring our cloud is secure from modern threats. In fact, Azure was built with security in mind from the beginning, and we continuously work to help customers secure their Azure cloud environment with products such as Azure Sentinel and Azure Security Centre. And if a situation arises, our Cloud Defense Operation Centre (CDOC) and security teams work around the clock to identify, analyse and respond to threats in real time.
At Microsoft, we work hard to earn our customers’ trust in the cloud, but we don’t do it alone. Partnerships are core to our security strategy, and one of our key partners is the global community of security researchers. By identifying and reporting vulnerabilities to Microsoft through coordinated vulnerability disclosure, security researchers have repeatedly demonstrated that working together helps protect customers. In appreciation of their efforts and the opportunity to mitigate issues before they are publicly known and used for harm, we’ve issued $4.4 million dollars in bounty rewards over the past 12 months.
We appreciate our security partners across the industry and believe the new programmes announced at Black Hat, as well as the security updates published recently, will help further protect the Azure ecosystem.