The current cybersecurity landscape is growing increasingly more complex than we have ever seen. It's not just rouge solo actors anymore. These cybergangs are sophisticated, determined attackers and their operations are growing daily.
As business leaders, we must not shy away from this, but rather be prepared for the next great disruption, the hybrid work environment, where your business applications are running in the cloud and on our on-premises servers with some workers in the office and others out of the office. This separation continues to put the companies at risk that are not prepared.
In recent ANP Security blog, we discussed how the cloud is more secure than ever before, and how we must look at security in a different light in order to avoid ransomware in this modern workplace. We continue to see proof that the Zero Trust security method is fundamental to getting ahead of the evolving threats in this modern hybrid work world.
What does that mean? In a nutshell, Zero Trust Security means you must always assume breach.
At ANP we listen and work close with our fellow IT security leaders at Microsoft to ensure our clients' organizations are secure and protect at all times.
Here are some of latest Microsoft security updates that we are testing and adopting as they are released. These updates apply across security, compliance, identity, and management.
How to apply Zero Trust Security across your entire Hybrid work environment?
The hybrid work environment, with some users working remotely and others in group office settings, introduces more digital attack surfaces, complexity, and risk as perimeters are now increasingly fluid. Due to the new work reality, a Zero Trust strategy will be top of mind for many organizations because its principles—verify explicitly, grant least privileged access, and assume breach—help maintain security amid the IT complexity that comes with hybrid work.
One of the most important first steps in a Zero Trust journey is to establish strong authentication. Microsoft’s CISO would say, “Hackers don’t break in. They log in.” Regardless of length or complexity, passwords alone won’t protect your account in most attacks. Monitoring logins for suspicious activity and limiting or blocking access until additional proof of identity is presented drastically reduces the chances of a breach. Modern multifactor authentication (MFA) doesn’t have to be complicated for the user. Microsoft recently announced password-less authentication and Temporary Access Pass in Azure Active Directory (Azure AD), Microsoft’s cloud identity solution, to help customers strengthen their access controls and simplify the user experience.
Verifying explicitly requires the ability to make real-time access decisions based on all available information for any user trying to access any resource.
For ANP, Azure AD Conditional Access is this real-time access policy engine, which looks at all the data and signals related to the user gaining access, that give admins more granular access controls while making it easier to control a growing list of policies. The GPS-location-based named locations and filters for devices enable a new set of scenarios, such as restricting access from specific countries or regions based on GPS location and securing the use of devices from laptops to privileged access workstations.
ANP also believes that for comprehensive protection through Zero Trust, we need to have end-to-end integration across device management and identity. ANP deploys filters for devices in Microsoft Endpoint Manager. These unique integrated capabilities between Microsoft Endpoint Manager (which brings together Configuration Manager and Intune) and Azure AD Conditional Access create even more granular access controls. With device filters, administrators can target policies and applications to users on specific devices. For example, you can assign a filter so that a policy restriction is only applied to laptop devices, and different access policies for workstations that are always located in your offices.
Healthy devices and unified device management across platforms continue to be anchors of Zero trust, and to help protect data from potential leakage on mobile devices; ANP is deploying new conditional launch settings with App Protection Policies in Microsoft Endpoint Manager. These controls can block access or wipe data based on conditions such as maximum OS version, jailbroken or rooted devices, or require Android devices to pass SafetyNet attestation. This ensures your employee cell phones will not be an attack vector into your company data assets.
In addition, ANP is making it easier for you to manage your devices, regardless of the operating system. First, ANP can configure Android Enterprise-enrolled devices with Azure AD shared device mode in Microsoft Endpoint Manager. This new capability provides a simplified and more secure experience on devices shared across multiple users. With single sign-in, single sign-out, and data clearing across applications, shared device mode increases privacy between users and reduces the number of steps a frontline worker needs to take to access their work apps.
BitLocker continues to be an important zero trust feature, which helps you to protect data at rest. BitLocker now has several enhancements, such as comprehensive modern management with Microsoft Endpoint Manager, role-based access controls for BitLocker recovery passwords, recovery password search, and recovery password auditing.
Least Privileged Access
As businesses enter the new hybrid work environment, think about how to proactively protect your organizations from the influx of new or “bring your own” (BYO) connected devices—or even new apps that have helped people to work in new ways. This means “home” PCs are now touching your company LAN and data. This new normal has exposed the most challenging cybersecurity landscape we’ve ever encountered, and the least privileged access ensures that only what must be shared is shared.
To help, Microsoft recently added the ability to discover and secure unmanaged endpoints and network devices to Microsoft Defender for Endpoint. Once network devices are discovered, ANP security engineers will receive the latest security recommendations and vulnerabilities on them. Discovered endpoints (such as workstations, servers, and mobile devices) can be onboarded to Microsoft Defender for Endpoints, allowing all its deep protection capabilities.
The early detection of vulnerabilities and misconfiguration is critical to an organization’s overall security posture, and to prevent those weaknesses from being exploited. With our commitment to supporting multi-platform, we have ensure to implement the threat and vulnerability management capabilities in Microsoft Defender for Endpoint -- which is more flexible than ever and now supports Linux OS, giving organizations the ability to view and discovered vulnerabilities, assess the latest security recommendations, and issue remediation tasks for your Linux devices. Likewise, the threat and vulnerability management now covers all major platforms, including Windows and macOS.
Comprehensive security that is delivered via multiple software platforms such as Intune and End Point Manager requires simplification front and center, for the “assume breach” approach. With that in mind, Microsoft is consolidating security portals for Microsoft 365 Defender, which unifies and simplifies XDR capabilities for endpoints, email, and collaboration. Microsoft is also simplifying Azure Sentinel portals which is a simplified means to deploy syslog connectors, playbooks, and workloads, all together as one package.
So what does all of this mean? To simplify, ANP’s security team communications now has built-in integration with Microsoft Teams and Azure Sentinel, so we can create a Teams call or chat message directly from an Azure Sentinel incident to take fast and immediate actions. When a new threat is reported by anyone using sentinel it is now in our repository so it be flagged and removed before it ever causes any harm. And it can be done in a moments notice even if it occurs off hours, we're ready.
With threats continuing to get more sophisticated, it is important to have the latest Artificial Intelligence (AI) and machine learning capabilities at hand to separate important incidents from noise.
As a managed services provider looking over hundreds of client's security we can attest how useful it is when a client as Sentinel on their tenant. During this quarter, 90 percent of incidents produced by Azure Sentinel’s AI were reported as useful by ANP’s security engineers, which is dramatically higher than industry standards and enables you to focus on what’s important. Previous SIEM based applications used by ANP were noisy and had more false positives than true security alerts.
With over 90 percent of threats surfacing through email, it’s critical that organizations can configure security tools in a way that works for their environment. Over time, Microsoft tenancy settings can age, new attack scenarios develop, and new security controls are available, necessitating regular review, upkeep, modifications, and even removal of old configurations.
ANP has been focused on identifying and understanding configuration gaps in various environments with new features like preset security policies, Configuration Analyzer, and override alerts in Microsoft Defender for Office 365. Our Secure Cloud Advantage provides a proactive managed service where ANP engineers keep all your Microsoft Tenancy settings up to date with the most current best-practice settings.
Getting Started with Zero Trust
In a risk landscape as complex as today’s, your adoption of a Zero Trust approach won’t happen overnight. It required constant care and feeding and security expertise at every step of the way. ANP is committed to helping you on this Zero trust journey. To chart out your own path or assess your progress, enable your remote workforce by embracing Zero Trust security and engaging with ANP as your expert Zero Trust managed service provider.
Learn more about ANP Zero Trust Security