Attackers know that humans are typically the weakest link in any company’s security protocols and the rise of phishing attacks bears witness to that. Some larger companies have long run simulated phishing exercises that test their employee’s responses. Here at Oath, we all regularly get notices about speeding in the company parking lot, for example. Most small and medium businesses don’t have the resources to do this, but Microsoft is now making this easier with the launch of a new phishing attack simulator that allows IT to easily create a fake phishing email to see if employees fall for them. If they do, it’s probably time for some extra security training.
Andrew Conway, Microsoft’s general manager for Microsoft 365 Security, told me that about 80 to 90 percent of the data breaches that his team sees go the phishing route. While Microsoft and others are taking steps to detect these attacks before they ever hit a user’s inbox, algorithms can’t catch all of them — and then it’s up to the user to know what to do.
Many of the other new security features the company is launching today rely on the Microsoft Intelligent Security Graph, the company’s main tools for tracking and mitigation attacks across platforms and services. Conway described it as the “central nervous system for our security solutions.” Using AI and other tools, Microsoft uses the data it gets from analyzing web pages, emails and malware threats on Windows 10 and the cloud to warn users of existing and new threats. “This is something that maybe, in the past, if I were a large customer, I could afford to run my own security center,” said Conway. “What we see is that we are trying to make this capability more broadly available.”
One of the new feature that’s based on the Security Graph is an extension of the existing Office 365 Conditional Access service. Conditional Access, in its existing form, ensures that only users who have been authenticated and use an authenticated and compliant device get access to Office 365 service. With this update, Microsoft will combine this information with data from the Windows Defender Advanced Threat Protection (ATP) security scanner to ensure that you can only access a given SaaS service if your device is healthy. This feature is now in preview and will become generally available with the launch of the next Windows 10 update. When that update will go live is anyone’s guess.
In that next version of Windows 10, Defender ATP also will get the capability to automatically apply remediation, a new feature that relies at least partly on the technology Microsoft acquired when it bought the Israeli security firm Hexadite.
For IT admins, Microsoft is also launching a new tool that gives them a better overview of their overall security posture: the Microsoft Secure Score. This is an expansion of the existing Office 365 Secure Score tool and gives admins a single measure for evaluating their risk profile across Office 365 service and their users’ devices.