Microsoft updates security applications for multicloud environments

In an effort to update its security applications for CSOs that are increasingly responsible for securing multicloud environments, Microsoft is releasing new visibility and control features for software, workloads, devices, and digital identities accessing or running on hybrid computing infrastructure.   

The updates, announced Wednesday, include the extension of Microsoft Defender for Cloud to support the Google Cloud Platform (GCP); a new version of the permissions management platform acquired from CloudKnox  in July 2021; enhanced data analysis and archiving features for Microsoft’s Sentinel SIEM (system information and event management)  application; as well as new identity management, compliance and payment capabilities for Azure and Azure Active Directory (AAD).

All these features will be accessible to customers within a centralized management view, Microsoft says.

“Organizations around the world are forced to confront sophisticated ransomware and nation state attacks even as they’re continually evolving with stricter compliance requirements,” said Vasu Jakkal, corporate vice president for security, compliance, and identity at Microsoft, in a blog post. “These new features and offerings are designed to secure the foundations of hybrid work and digital transformation.”

Ninety-two percent of enterprises surveyed in a recent Flexera report on enterprise cloud usage said they have a multicloud strategy, but only 42% of respondents said they use multicloud management tools.

“For organizations to fully embrace these multicloud strategies, it’s critical that their security solutions reduce complexity,” Jakkal said.

Microsoft Defender for Cloud extended to GCP  

Microsoft’s security management and threat protection tool, Defender for Cloud, has been extended to work on Google Cloud Platform (GCP),  to allow CSOs to configure GCP environments in line with key security standards such as Center for Internet Security (CIS) benchmarks, and protect workloads running on GCP by identifying weak spots. 

With the GCP support, Microsoft claims to be the first cloud provider with native multicloud protection for three leading cloud platforms — Microsoft Azure, Amazon Web Services (AWS), and GCP. 

“Microsoft continues to focus on delivering strong cybersecurity solutions, which comes during a time when the global cyber risk environment has never been greater,” says Gary McAlum, senior analyst at research and advisory firm TAG Cyber. “Extending MS Defender to Google Cloud provides more options for another segment of the cloud market and takes the ‘GCP not supported’ excuse off the table.”

CloudKnox aims to support zero trust security 

Microsoft is also making CloudKnox Permissions Management available for public preview. The CIEM (cloud infrastructure entitlement management) software package is designed to help customers manage identities and permissions in multicloud environments and contribute to their zero trust posture. Zero trust is based on the concept that anything inside or outside an enteprise perimeter should be automatically trusted, and that anything and everything trying to connect to company systems must be verified before granting access.

 CloudKnox is designed to provide visibility into identities, users, and workloads running on cloud platforms, and detects and remediates suspicious activity. It constantly monitors least-privileged account access using machine learning algorithms.   

Sentinel adds high-volume data analysis features

For SIEM customers running software in cloud environments, Microsoft announced new features for Sentinel, including a logging capability that allows the application to sift through large volumes of data to identify high-severity, low-visibility events.

Search capabilities are designed to allow security analysts to search through a high volume of security data from logs, analytics and archives to zero in on threats.  An add-on to this feature is a data archiving capability that is expected to allow data to be retained beyond the current capacity of two to seven years.  

Streamlining control over identity, compliance and payments   

As part of its raft of security announcements, Microsoft revealed identity, compliance and payment updates to several applications:

• Azure Active Directory’s core capabilities, which center around protecting user identity, have been extended to  include handling workload identities. Workload identity protection, coupled with the conditional access announced by the company last year, is designed to allow workload identities to be managed efficiently across cloud native applications.  
• Microsoft Endpoint Manager has three new features that allow for setting up tailored device compliance policies and monitoring non-compliance in macOS devices;  applying conditional launch requirements through Active Ditrectory on Android 11 devices; and runing biometric authentications to verify identities on Android 11 devices.  
• Microsoft has also launched a new payment protection service, Azure Payment HSM (hardware security modue), currently in public preview, to help secure payments processed in the cloud. HSM  is an infrastructure-as-a-service (IaaS) offering that lets customers plug in the device directly into their virtual network to deliver improved protection for cryptographic keys and customer PINs.

“Enhancements spanning active directory, access management, data analytics, policy compliance enforcement, and secure payment processing are a staggering set of important capabilities,” McAlum says. “These offerings demonstrate a significant commitment by Microsoft to build comprehensive, cloud-powered defenses to enable business innovation and digital transformation.”