Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Accountability. Show all posts

Microsoft to Enforce Executive Accountability for Cybersecurity

 

Microsoft is undergoing organizational adjustments to enhance cybersecurity measures throughout its products and services, focusing on holding senior leadership directly responsible. Charlie Bell, Microsoft's executive vice president of security, outlined these changes in a recent blog post aimed at reassuring customers and the US government of the company's dedication to bolstering cybersecurity amidst evolving threats.

One key aspect of this initiative involves tying a portion of the compensation for the company's Senior Leadership Team to the progress made in fulfilling security plans and milestones. Additionally, Microsoft is implementing significant changes to elevate security governance, including organizational restructuring, enhanced oversight, controls, and reporting mechanisms.

These measures encompass appointing a deputy Chief Information Security Officer (CISO) to each product team, ensuring direct reporting of the company's threat intelligence team to the enterprise CISO, and fostering collaboration among engineering teams across Microsoft Azure, Windows, Microsoft 365, and security groups to prioritize security.

Bell's announcement follows a recent assessment by the US Department of Homeland Security's Cyber Safety Review Board (CSRB), highlighting the need for strategic and cultural improvements in Microsoft's cybersecurity practices. The CSRB identified areas where Microsoft could have prevented a notable cyber incident involving a breach of its Exchange Online environment by the Chinese cyber-espionage group Storm-0558, which compromised user emails from various organizations, including government agencies.

Microsoft previously launched the Secure Future Initiative (SFI) to address emerging threats, incorporating measures such as automation, artificial intelligence (AI), and enhanced threat modelling throughout the development lifecycle of its products. The initiative also aims to integrate more secure default settings across Microsoft's product portfolio and strengthen identity protection while enhancing cloud vulnerability response and mitigation times.

Bell's update provided further details on Microsoft's approach, emphasizing six key pillars: protecting identities and secrets, safeguarding cloud tenants and production systems, securing networks, fortifying engineering systems, monitoring and detecting threats, and expediting response and remediation efforts.

To achieve these goals, Microsoft plans to implement various measures, such as automatic rotation of signing and platform keys, continuous enforcement of least privileged access, and network isolation and segmentation. Efforts will also focus on inventory management of software assets and implementing zero-trust access to source code and infrastructure.

While the full impact of these changes may take time to materialize, Microsoft remains a prominent target for cyberattacks. Despite ongoing challenges, industry experts like Tom Corn, chief product officer at Ontinue, acknowledge the ambitious scope of Microsoft's Secure Future Initiative and its potential to streamline operationalization for broader benefit.

The Power of Security Data lakes: How CISOs can drive accountability


How CISOs can use security data lakes to drive accountability

In today’s digital age, data is the new oil. It is the lifeblood of businesses and organizations, and its protection is paramount. Cybersecurity threats are rising, and CISOs are under immense pressure to ensure their organization’s security posture is robust. Security data lakes are emerging as a powerful tool that can help CISOs and other security leaders drive accountability.

What are security data lakes?

Security data lakes are an architecture that lets security leaders consolidate security data regardless of quantity and variety, making it possible to drive real accountability across their organization. Security data lakes help achieve this in two ways:

Separate storage from computing, which makes it cost-effective to store security data at scale and for longer periods.

Make security data part of a company’s general-purpose analytics platform, which allows for additional context and delivering insights via standard reporting tools.

How can CISOs use security data lakes to drive accountability?

CISOs employing security data lakes should think about accountability, a powerful way to improve their overall security posture. Here are three examples of how security data lakes help CISOs and other security leaders drive accountability:

Evaluate vendors with cold, hard data

Most companies select and evaluate security vendors based on simple criteria, like whether they support certain data sources and applications. A lack of information keeps decision-makers from evaluating vendors on more meaningful factors like threat detection performance or vulnerability prioritization accuracy. 

Security data lakes let teams identify gaps between the insights vendors provide and what an organization actually experiences. Analyzing data from a ticketing system, for instance, lets the team see how many threats detected by a vendor were false positives or how many vulnerability findings are irrelevant. 

A security product may work great in one company’s environment but less well at another firm. If the team can measure performance across the metrics that matter to the company, it can work with the vendor to help them improve — or determine that the company needs a better tool.

Illuminate flawed processes

If remediation teams don’t address vulnerabilities quickly enough on a consistent basis, access to historical data helps uncover those problems and identify processes that may need updating to help them work more effectively.

Identify the root cause of incidents

Security data lakes can hold teams more accountable by consolidating security data regardless of quantity and variety, making it possible to drive real accountability across an organization. 

By analyzing historical incident response data, teams can identify patterns in attack vectors or vulnerabilities that led to incidents. This information can be used to improve incident response processes or identify areas where additional training is needed.