That’s not a bad start of the day, reading such a headline from a Forrester analyst. I am often asked, how far we are going to drive security within Microsoft. Well, I guess here you have an answer from an outsider:
Make No Mistake — Microsoft Is A Security Company Now. Even though the author mainly focuses on Windows Defender, Windows Defender ATP and the Mac integration, it is still a strong statement:
Microsoft has the ability to hire and retain the best talent out there, and this announcement certainly demonstrates that it is making the necessary investments to be a multiplatform security vendor. The endpoint security industry has been put on notice: Microsoft is a security company now, and it’s coming for your business.
But that’s not the only one. There was another Forrester article
Tech Titans Alphabet And Microsoft Are Transforming Cybersecurity pointing in a similar direction. Even if I disagree that what we have seen from Google in the security analytics space at RSA can be compared with Azure Sentinel, both companies definitely have the ability to significantly change the security world. One big challenge we often face is, that security professionals are still very reluctant to bring their information (mainly the logs) to the cloud. I would just give you two quotes from the blog post I just mentioned:
Security analytics platforms such as legacy security information management (SIM) systems struggled to keep pace with the increasing volume and variety of data they process. Unhappy users complained about the inability of their SIMs to scale and the volume of alerts they must investigate.
Enterprises struggling with the cost of data analysis and log storage turned to open source tools such as Elasticsearch, Logstash, and Kibana (ELK) or Hadoop to build their own on-premises data lakes. But then they were unable to glean useful insight from the data they had collected and realized that the expense of building and administering these “free” tools was just as great as the cost of commercial tools.
In one of my previous roles, we built such an environment and I completely agree: Running such a data lake is a very, very, very costly problem.
And how far can you trust vendors like ours to handle your data in a trustworthy way? This is a discussion you definitely need to have but with an open mindset. Have a deeper discussion with the cloud vendor. Have a discussion about your compliance and how to handle that in the cloud. Have a discussion about transparency you need to have to not only trust the cloud vendor but be able to verify that they do what they promise.
I always put the cloud discussion into three buckets:
- Engineering: A discussion about the technology. Easy to have and do.
- Compliance: As I said above – a deeper discussion about transparency.
- Emotions: This is where the trust piece comes in.
To adress the last point in this list, I would just like to quote the Forrester blog:
For security pros that have been around awhile, don’t let your cynicism cloud (pardon our pun . . .) the potential advantages your organization could experience by making use of these tools. Take off the tinfoil hat, and realize that Microsoft is a security company now. What Google and Microsoft have introduced will make the entire industry better, and that’s something to applaud.
*** This is a Security Bloggers Network syndicated blog from Roger Halbheer on Security authored by Roger Halbheer. Read the original post at: https://www.halbheer.ch/security/2019/03/26/make-no-mistake-microsoft-is-a-security-company-now/