Microsoft is scaling its security apps for the multicloud

This Wednesday, Microsoft delivered several visibility and control features for software, workloads, devices, and digital identities accessing or operating on hybrid IT infrastructure. In particular, the publisher added support for Google Cloud Platform (GCP) to Microsoft Defender for Cloud, updated the permissions management platform acquired with CloudKnox in July 2021, improved the analysis and archiving functions of data from its security information and event management (SIEM) system Sentinel, and added new identity management, compliance, and payment capabilities to Azure and Azure Active Directory (AAD). According to Microsoft, updates to these security applications should help security managers better secure multicloud environments.

All of these features will be available to customers in a centralized management view, the vendor said. “Companies around the world are facing sophisticated ransomware and nation-state attacks even as they adopt increasingly stringent compliance requirements,” Vasu Jakkal said in a blog post. , corporate vice president for security, compliance and identity at Microsoft. “These new features and offerings are intended to secure the foundation for hybrid working and digital transformation,” he added. “In a recent Flexera report on enterprise cloud usage, 92% of companies surveyed said they had a multicloud strategy, but only 42% said they used multicloud management tools “, said Vasu Jakkal again. “For enterprises to fully embrace these multicloud strategies, it is essential that their security solutions reduce complexity,” he added.

Microsoft Defender for Cloud extended to GCP

Defender for Cloud, Microsoft’s threat protection and security management tool, will now be able to work in Google Cloud Platform (GCP) environments, allowing security managers to configure GCP environments in accordance with key security standards advocated by benchmarks such as those of the Center for Internet Security (CIS), and protect workloads running on GCP by identifying weak points. With this support for GCP, Microsoft claims to be the first cloud provider to offer native multicloud protection for the three major cloud platforms of Microsoft Azure, Amazon Web Services (AWS), and GCP. “Microsoft continues to deliver strong cybersecurity solutions at a time when global cyber risk has never been higher,” said Gary McAlum, principal analyst for research and advisory firm TAG Cyber. “MS Defender’s support for Google Cloud gives another segment of the cloud market more options and drops the ‘GCP not supported’ excuse,” the analyst added.

CloudKnox on the way to zero-trust security

Microsoft has also released CloudKnox Permissions Management as a public preview. The CIEM (Cloud Infrastructure Entitlement Management) solution for managing cloud infrastructure access rights should help customers manage identities and authorizations in multicloud environments and contribute to their zero trust posture. Zero-trust is based on the idea that anything inside or outside a corporate perimeter should be automatically trusted, and anything that attempts to connect to corporate systems. company must be verified before granting access. CloudKnox provides visibility into identities, users, and workloads running on cloud platforms, and detects and remediates suspicious activity. It constantly monitors access to less privileged accounts using machine learning algorithms.

Big data analysis features in Sentinel

For SIEM customers running software in cloud environments, Microsoft announced new features for Sentinel, including a logging feature that allows the application to sift through large volumes of data to identify high-risk events and low visibility. Search capabilities should allow security analysts to search through large volumes of security data from logs, scans, and archives to identify threats. This functionality is complemented by a data archiving function which should allow data to be retained beyond the current capacity of two to seven years.

Streamline identity control, compliance and payments

This series of security announcements also includes identity, compliance, and payments updates for several applications, including:

– Azure Active Directory’s core capabilities, centered around user identity protection, have been extended to include workload identity management. Workload Identity Protection, combined with the Conditional Access announced by the company last year, should enable efficient management of workload identities in cloud-native applications;

– Microsoft Endpoint Manager has three new features that allow you to configure custom device-level compliance policies and monitor macOS devices for non-compliance; enforce conditional launch requirements via Active Directory on Android 11 devices; and perform biometric authentications to verify identities on devices running Android 11;

– Microsoft also launched in public preview a new payment protection service called Azure Payment HSM (Hardware Security Module), to secure payments processed in the cloud. Offered in Infrastructure-as-a-service (IaaS), the HSM offer allows customers to connect the device directly to their virtual network in order to offer better protection of cryptographic keys and customer PIN codes.

“Enhancements to Active Directory, access management, data analytics, compliance policy enforcement and secure payment processing make up an important set of capabilities,” said McAlum. “These offerings demonstrate Microsoft’s significant commitment and drive to deliver comprehensive, cloud-powered defenses to drive business innovation and digital transformation.”