Data Security

Microsoft Delivers Threat Protection Bundle

• By Kurt Mackie
• 09/27/18

At the Microsoft Ignite event this week, Microsoft unveiled Microsoft Threat Protection, a bundle of security solutions for enterprises.

The product doesn't contain any new security solutions, and that's a deliberate strategy taken by Microsoft, according to Adam Hall, director of security product marketing at Microsoft, during a Tuesday Ignite session. The idea behind Microsoft Threat Protection is to provide optimal security with minimal complexity for enterprises.

Hall said that organizations should be operating in a world where you assume a security breach has occurred and assume that you've been attacked. Moreover, anything can serve as an attack vector, from smartphones to laptops to Internet of Things (IoT) sensors. Microsoft's approach is to stay one step ahead by correlating collected security information, namely "6.5 trillion signals per day," which is done using Microsoft Graph information collected from consumers and businesses using Microsoft products. Microsoft additionally uses the expertise of "3,500+ in-house security specialists" to analyze threats, according to the company's announcement.

Microsoft Threat Protection includes multiple security solutions that Microsoft also sells separately, but they are all tied together through the Microsoft 365 Security Center, a single dashboard that provides a graphical overview of alerts, top threats, and the devices and accounts that could be at risk. The dashboard also includes Office 365 Secure Score, a service that shows Azure services being used, along with an overall assessment of an organization's security state. There are also e-mail and phishing protections displayed in the dashboard.

There are five broad categories of security protections addressed by the Microsoft Threat Protection product. The list below, which comes from Microsoft's announcement, illustrates the security services included in the product:

• Identities: Azure Active Directory Information Protection, Azure Advanced Threat Protection, Microsoft Cloud App Security
• Endpoints: Windows Defender Advanced Threat Protection, Windows 10, Microsoft Intune
• User Data: Exchange Online Protection, Office 365 Advanced Threat Protection, Office 365 Threat Intelligence, Windows Defender Advanced Threat Protection, Microsoft Cloud App Security
• Cloud Apps: Exchange Online Protection, Office 365 Advanced Threat Protection, Microsoft Cloud App Security
• Infrastructure: Azure Security Center, SQL Server, Linux

During the Ignite session, speakers also typically mentioned that Attack Simulator is part of the solution. It's a tool that lets IT pros send phishing e-mails to end users to check their susceptibilities to those avenues of attack.

Microsoft's announcement promised that "customers who leverage all the services in Microsoft Threat Protection will enjoy a fully integrated, end-to-end solution, securing their enterprise, across the entire attack surface."

Further information can be found on the Microsoft Secure blog.