The hottest Microsoft releases killer mobile infor

2022-09-21
  • Detail

Microsoft released the killer mobile information security platform

ctiforum on September 8 (Li Wenjie): with the byod (bring your own device) trend brought by the popularity of cloud services and mobile devices, simple passive defense can no longer meet the overall information security protection needs of enterprises. In order to help enterprises transform passive defense into active detection and early warning, Taiwan Microsoft today (March) released advanced threat Analytics (ATA), which helps enterprises resist the enemy in advance through four steps: analysis, self-learning, detection and early warning. At the same time, combined with the three protection mechanisms of enterprise mobility Suite (EMS), it establishes a comprehensive information security for the mobile generation

as mobile devices generally bring "convenience", enterprise secrets are easy to leak due to internal and external worries, resulting in irreparable and painful losses.

in a world of mobile priority and cloud supremacy, the byod trend of employees carrying devices to the workplace and the popularity of mobile networks allow employees to access enterprise data from different locations and devices to maintain productivity, and the introduction of mobility may bring hidden worries about data leakage to enterprises at the same time; In addition, the frequency of hacker experiments cannot be high, and the frequency and severity of network attacks and threats have become more complex and difficult to prevent. In addition, Taiwan has changed from being "hacked" to a springboard for hacker attacks in recent years. According to statistics, among many network attacks, the identity authentication in the enterprise directory service is the most common attack target, and 76% of the invaded networks are caused by the user's identity being stolen by hackers; It is worth noting that when the enterprise environment is attacked by hackers or people with intentions, it takes an average of more than 200 days for IT personnel to find the system vulnerabilities that have been invaded, while domestic enterprises have been for nearly a year. During this time, it may have caused irreparable losses of confidential leakage of enterprises; According to statistics, the average loss of enterprises due to asset security problems is close to 3.5 million US dollars (equivalent to 113 million new Taiwan dollars). In recent years, identity authentication attacks often occur, including hackers' network borrowing attacks, stealing user authentication to enhance permissions, and cases in which legitimate tools (rather than malicious code) are used as attack means are also more frequent

the four defense mechanisms of Microsoft Enterprise Mobility Management Scheme (EMS) comprehensively protect information security across mobile device platforms

in response to the trend of enterprise and mobile management, Microsoft is continuously committed to strengthening the layout of enterprise asset security blueprint, helping enterprises to deploy Active Directory Domain Services (AD DS) and the cloud internally, and identify and integrate infrastructure technology environment with common identity; To this end, Microsoft has developed the "enterprise mobility management solution" EMS (enterprise mobility suite), which includes four major protection management, including hybrid identity management (azure ad premium), mobile device management (Microsoft intune), information protection (azure rights management), and advanced threat analysis technology (Advanced threat Analytics), to establish and improve the defense mechanism, The four protection strategies are as follows:

hybrid identity management (azure ad premium): help enterprises through cloud management to deploy the identity, basic deployment and access management of directory users, so that employees can have applicable cloud self-service password settings, which is in line with the current mainstream social thinking of environmental protection, while machine learning oriented information security reports can display login exceptions and other threats

mobile device management (Microsoft intune): enterprises can manage and inventory all computers and various cross platform mobile devices from the cloud. Employees can work with their favorite devices while ensuring the security of company data

azure rights management: integrate information protection into company applications through easy-to-use software development kit (SDK) in a hybrid mode of cloud or including existing on premise infrastructure to protect company information and assets

Microsoft Advanced threat Analytics: use built-in intelligence to identify suspicious user and device activities, use deep packet detection technology and information provided by other data sources to establish an organizational information security chart, and detect advanced attacks in a near real-time manner

"for it or enterprises, the consideration is not only the system integration and deployment between cross platforms, but also the mechanism of mobile security protection and security threat warning. EMS' diversified solutions, combined with market trends and technical strength, are a comprehensive information security solution for enterprises to enter the world of mobile and cloud priority." Ye Yijun, deputy general manager of Microsoft cloud and enterprise platform business department in Taiwan, specially stressed: "the challenges of mobile information security brought by the popularity of mobile networks and devices change rapidly. Only passive protection is still insufficient. Advanced threat analysis technology (ATA) in EMS solutions." The enterprise information security system can be upgraded from passive protection to enhanced protection of active analysis, prediction and early warning, so as to strengthen the four protection mechanisms of EMS, and then protect the information security of enterprises in response to the mobile generation. "

through Microsoft machine learning, enhance ATA's judgment and detection ability by 10 times, accelerate the time of information security threat notification

in response to the new era of big data, Microsoft machine learning (ML) has become an important driver that can learn and detect in the enterprise information security protection mechanism; The machine learning application is mainly combined with the advanced threat analysis technology (ATA) of the four protection mechanisms of EMS. With the shortest 21 days of active learning, it records the user behavior, using devices and resource access tracks, and based on this, it detects whether there are any abnormal conditions, predicts the occurrence of possible information security threats, and proactively notifies early warning, so that ATA can uncover potential asset security attacks that previously took an average of more than 200 days to be discovered, Shorten the time to detect abnormal behaviors of users, and significantly reduce the losses caused by the asset security crisis

since Microsoft launched the prototype of machine learning service in 1994, it has continued to develop in the field of machine learning. By combining Microsoft azure cloud computing and big data real-time analysis, it continues to accept data learning, correctly judge and screen content, and even find practical data from it and further predict. So far, it has been widely used in various industries, and "enterprise information security protection" is one of the important applications, It has become an important part of strengthening Microsoft's advanced threat analysis technology (ATA)

four steps of Microsoft Advanced threat analysis (ATA) early warning help enterprises deploy quickly, and protect identity authentication services through active, rigorous and sophisticated calculus.

Microsoft Advanced threat analysis (ATA) is an information security solution for Microsoft's new generation internal deployment platform, which will automatically analyze, learn and identify normal and abnormal entity (users, devices and resources) behaviors, In order to protect the enterprise from advanced targeted attacks. Through the four steps of defending the enemy, through machine learning and active behavior analysis, we can predict, prevent and actively inform managers of unusual behaviors and possible hazards, which can bring four benefits to enterprises, including immediate threat detection, rapid behavior analysis and dynamic adjustment, reducing consumption caused by false alarm of early warning, and effectively focusing on the attack schedule. The four steps of defending the enemy of advanced threat analysis technology (ATA) are detailed as follows:

[step 1: analysis]

after installation, as long as a preset, non intrusive port image is used, all traffic related to ad can be mirrored to ATA, while avoiding the detection of attackers. ATA will use deep packet detection technology to analyze all ad traffic. It can integrate other sources and collect relevant events from security information and event management (Siem)

[step 2: automatic learning]

ATA automatically learns and analyzes the behavior of users, devices and resources through azure machine learning, and then uses its own self-learning technology to establish an organizational information security chart. Organizational information security diagrams map to user, device, and resource correlations and physical interactions of activities

[step 3: detection]

after establishing the organization's information security chart, ATA will start to find any abnormal phenomena in the entity's behavior and identify suspicious activities. However, these abnormal activities should be summarized and confirmed by the asset security management personnel

[step 4: send warning]

ATA will report abnormal and suspicious activities. In order to further improve the accuracy of early warning to save it time and resource consumption, ATA will compare entity behavior with its own behavior before sending warning, and compare the behavior of other entities in the interactive path, significantly reducing the number of misjudgments, so that it can more focus on dealing with actual threats

in addition, ATA can learn by itself after analyzing and recording the behaviors of users, devices, resources and other entities through machine learning to cope with the rapidly evolving network attacks; Ye Yijun further called for network attack defense not to be ignored, especially for enterprise customers who will cause serious irreparable losses if company secrets are inadvertently leaked or illegally used, such as government agencies, the financial industry or the technology and information industry, they should pay more attention to the management of enterprise information security, and jointly strengthen the enterprise protection mechanism by introducing customized ems+ata all-round solutions tailored for enterprises, We have also launched proactive analysis, prediction and early warning support and protection at 220V, creating double the benefits of enterprise information security protection for enterprises

Copyright © 2011 JIN SHI