Microsoft

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Microsoft Malware Protection Center - Mon, 04/22/2024 - 12:00pm

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions. Microsoft has observed Forest Blizzard using GooseEgg as part of post-compromise activities against targets including Ukrainian, Western European, and North American government, non-governmental, education, and transportation sector organizations. While a simple launcher application, GooseEgg is capable of spawning other applications specified at the command line with elevated permissions, allowing threat actors to support any follow-on objectives such as remote code execution, installing a backdoor, and moving laterally through compromised networks.

Forest Blizzard often uses publicly available exploits in addition to CVE-2022-38028, such as CVE-2023-23397. Linked to the Russian General Staff Main Intelligence Directorate (GRU) by the United States and United Kingdom governments, Forest Blizzard primarily focuses on strategic intelligence targets and differs from other GRU-affiliated and sponsored groups, which Microsoft has tied to destructive attacks, such as Seashell Blizzard (IRIDIUM) and Cadet Blizzard (DEV-0586). Although Russian threat actors are known to have exploited a set of similar vulnerabilities known as PrintNightmare (CVE-2021-34527 and CVE-2021-1675), the use of GooseEgg in Forest Blizzard operations is a unique discovery that had not been previously reported by security providers. Microsoft is committed to providing visibility into observed malicious activity and sharing insights on threat actors to help organizations protect themselves. Organizations and users are to apply the CVE-2022-38028 security update to mitigate this threat, while Microsoft Defender Antivirus detects the specific Forest Blizzard capability as HackTool:Win64/GooseEgg.

This blog provides technical information on GooseEgg, a unique Forest Blizzard capability. In addition to patching, this blog details several steps users can take to defend themselves against attempts to exploit Print Spooler vulnerabilities. We also provide additional recommendations, detections, and indicators of compromise. As with any observed nation-state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the necessary information to secure their accounts.

Who is Forest Blizzard?

Forest Blizzard primarily targets government, energy, transportation, and non-governmental organizations in the United States, Europe, and the Middle East. Microsoft has also observed Forest Blizzard targeting media, information technology, sports organizations, and educational institutions worldwide. Since at least 2010, the threat actor’s primary mission has been to collect intelligence in support of Russian government foreign policy initiatives. The United States and United Kingdom governments have linked Forest Blizzard to Unit 26165 of the Russian Federation’s military intelligence agency, the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). Other security researchers have used GRU Unit 26165, APT28, Sednit, Sofacy, and Fancy Bear to refer to groups with similar or related activities.

GooseEgg

Microsoft Threat Intelligence assesses Forest Blizzard’s objective in deploying GooseEgg is to gain elevated access to target systems and steal credentials and information. While this actor’s TTPs and infrastructure specific to the use of this tool can change at any time, the following sections provide additional details on Forest Blizzard tactics, techniques, and procedures (TTPs) in past compromises.

Launch, persistence, and privilege escalation

Microsoft has observed that, after obtaining access to a target device, Forest Blizzard uses GooseEgg to elevate privileges within the environment. GooseEgg is typically deployed with a batch script, which we have observed using the name execute.bat and doit.bat. This batch script writes the file servtask.bat, which contains commands for saving off/compressing registry hives. The batch script invokes the paired GooseEgg executable and sets up persistence as a scheduled task designed to run servtask.bat.

Figure 1. Batch file

The GooseEgg binary—which has included but is not limited to the file names justice.exe and DefragmentSrv.exe—takes one of four commands, each with different run paths. While the binary appears to launch a trivial given command, in fact the binary does this in a unique and sophisticated manner, likely to help conceal the activity.

The first command issues a custom return code 0x6009F49F and exits; which could be indicative of a version number. The next two commands trigger the exploit and launch either a provided dynamic-link library (DLL) or executable with elevated permissions. The fourth and final command tests the exploit and checks that it has succeeded using the whoami command.

Microsoft has observed that the name of an embedded malicious DLL file typically includes the phrase “wayzgoose”; for example, wayzgoose23.dll. This DLL, as well as other components of the malware, are deployed to one of the following installation subdirectories, which is created under C:\ProgramData. A subdirectory name is selected from the list below:

Microsoft
Adobe
Comms
Intel
Kaspersky Lab
Bitdefender
ESET
NVIDIA
UbiSoft
Steam

A specially crafted subdirectory with randomly generated numbers and the format string \v%u.%02u.%04u is also created and serves as the install directory. For example, a directory that looks like C:\ProgramData\Adobe\v2.116.4405 may be created. The binary then copies the following driver stores to this directory:

C:\Windows\System32\DriverStore\FileRepository\pnms003.inf_*
C:\Windows\System32\DriverStore\FileRepository\pnms009.inf_*

Figure 2. GooseEgg binary adding driver stores to an actor-controlled directory

Next, registry keys are created, effectively generating a custom protocol handler and registering a new CLSID to serve as the COM server for this “rogue” protocol. The exploit replaces the C: drive symbolic link in the object manager to point to the newly created directory. When the PrintSpooler attempts to load C:\Windows\System32\DriverStore\FileRepository\pnms009.inf_amd64_a7412a554c9bc1fd\MPDW-Constraints.js, it instead is redirected to the actor-controlled directory containing the copied driver packages.

Figure 3. Registry key creation Figure 4. C: drive symbolic link hijack

The “MPDW-constraints.js” stored within the actor-controlled directory has the following patch applied to the convertDevModeToPrintTicket function:

function convertDevModeToPrintTicket(devModeProperties, scriptContext, printTicket) {try{ printTicket.XmlNode.load('rogue9471://go'); } catch (e) {}

The above patch to the convertDevModeToPrintTicket function invokes the “rogue” search protocol handler’s CLSID during the call to RpcEndDocPrinter. This results in the auxiliary DLL wayzgoose.dll launching in the context of the PrintSpooler service with SYSTEM permissions. wayzgoose.dll is a basic launcher application capable of spawning other applications specified at the command line with SYSTEM-level permissions, enabling threat actors to perform other malicious activities such as installing a backdoor, moving laterally through compromised networks, and remotely executing code.

Recommendations

Microsoft recommends the following mitigations defend against attacks that use GooseEgg.

Reduce the Print Spooler vulnerability

Microsoft released a security update for the Print Spooler vulnerability exploited by GooseEgg on October 11, 2022 and updates for PrintNightmare vulnerabilities on June 8, 2021 and July 1, 2021. Customers who have not implemented these fixes yet are urged to do so as soon as possible for their organization’s security. In addition, since the Print Spooler service isn’t required for domain controller operations, Microsoft recommends disabling the service on domain controllers. Otherwise, users can install available Windows security updates for Print Spooler vulnerabilities on Windows domain controllers before member servers and workstations. To help identify domain controllers that have the Print Spooler service enabled, Microsoft Defender for Identity has a built-in security assessment that tracks the availability of Print Spooler services on domain controllers.

Be proactively defensive

For customers, follow the credential hardening recommendations in our on-premises credential theft overview to defend against common credential theft techniques like LSASS access.
Run Endpoint Detection and Response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.   
Configure investigation and remediation in full automated mode to let Microsoft Defender for Endpoint take immediate action on alerts to resolve breaches, significantly reducing alert volume.
Turn on cloud-delivered protection in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants.

Microsoft Defender XDR customers can turn on the following attack surface reduction rule to prevent common attack techniques used for GooseEgg. Microsoft Defender XDR detects the GooseEgg tool and raises an alert upon detection of attempts to exploit Print Spooler vulnerabilities regardless of whether the device has been patched.

Block credential stealing from the Windows local security authority subsystem (lsass.exe)

Detecting, hunting, and responding to GooseEgg Microsoft Defender XDR detections

Microsoft Defender Antivirus

Microsoft Defender Antivirus detects threat components as the following malware:

HackTool:Win64/GooseEgg

Microsoft Defender for Endpoint

The following alerts might also indicate threat activity related to this threat. Note, however, that these alerts can be also triggered by unrelated threat activity.

Possible exploitation of CVE-2021-34527
Possible source of PrintNightmare exploitation
Possible target of PrintNightmare exploitation attempt
Potential elevation of privilege using print filter pipeline service
Suspicious behavior by spoolsv.exe
Forest Blizzard Actor activity detected

Microsoft Defender for Identity

The following alerts might also indicate threat activity related to this threat. Note, however, that these alerts can be also triggered by unrelated threat activity.

Suspected Windows Print Spooler service exploitation attempt (CVE-2021-34527 exploitation)

Threat intelligence reports

Microsoft customers can use the following reports in Microsoft products to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender Threat Intelligence

Hunting queries

Microsoft Sentinel

Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace. More details on the Content Hub can be found here: https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy.

Hunt for filenames, file extensions in ProgramData folder and file hash

let filenames = dynamic(["execute.bat","doit.bat","servtask.bat"]); DeviceFileEvents | where TimeGenerated > ago(60d) // change the duration according to your requirement | where ActionType == "FileCreated" | where FolderPath == "C:\\ProgramData\\" | where FileName in~ (filenames) or FileName endswith ".save" or FileName endswith ".zip" or ( FileName startswith "wayzgoose" and FileName endswith ".dll") or SHA256 == "7d51e5cc51c43da5deae5fbc2dce9b85c0656c465bb25ab6bd063a503c1806a9" // hash value of execute.bat/doit.bat/servtask.bat | project TimeGenerated, DeviceId, DeviceName, ActionType, FolderPath, FileName, InitiatingProcessAccountName,InitiatingProcessAccountUpn

Hunt for processes creating scheduled task creation

DeviceProcessEvents | where TimeGenerated > ago(60d) // change the duration according to your requirement | where InitiatingProcessSHA256 == "6b311c0a977d21e772ac4e99762234da852bbf84293386fbe78622a96c0b052f" or SHA256 == "6b311c0a977d21e772ac4e99762234da852bbf84293386fbe78622a96c0b052f" //hash value of justice.exe | where InitiatingProcessSHA256 == "c60ead92cd376b689d1b4450f2578b36ea0bf64f3963cfa5546279fa4424c2a5" or SHA256 == "c60ead92cd376b689d1b4450f2578b36ea0bf64f3963cfa5546279fa4424c2a5" //hash value of DefragmentSrv.exe or ProcessCommandLine contains "schtasks /Create /RU SYSTEM /TN \\Microsoft\\Windows\\WinSrv /TR C:\\ProgramData\\servtask.bat /SC MINUTE" or ProcessCommandLine contains "schtasks /Create /RU SYSTEM /TN \\Microsoft\\Windows\\WinSrv /TR C:\\ProgramData\\execute.bat /SC MINUTE" or ProcessCommandLine contains "schtasks /Create /RU SYSTEM /TN \\Microsoft\\Windows\\WinSrv /TR C:\\ProgramData\\doit.bat /SC MINUTE" or ProcessCommandLine contains "schtasks /DELETE /F /TN \\Microsoft\\Windows\\WinSrv" or InitiatingProcessCommandLine contains "schtasks /Create /RU SYSTEM /TN \\Microsoft\\Windows\\WinSrv /TR C:\\ProgramData\\servtask.bat /SC MINUTE" or InitiatingProcessCommandLine contains "schtasks /Create /RU SYSTEM /TN \\Microsoft\\Windows\\WinSrv /TR C:\\ProgramData\\execute.bat /SC MINUTE" or InitiatingProcessCommandLine contains "schtasks /Create /RU SYSTEM /TN \\Microsoft\\Windows\\WinSrv /TR C:\\ProgramData\\doit.bat /SC MINUTE" or InitiatingProcessCommandLine contains "schtasks /DELETE /F /TN \\Microsoft\\Windows\\WinSrv" | project TimeGenerated, AccountName,AccountUpn,ActionType, DeviceId, DeviceName,FolderPath, FileName

Hunt for JavaScript constrained file

DeviceFileEvents | where TimeGenerated > ago(60d) // change the duration according to your requirement | where ActionType == "FileCreated" | where FolderPath startswith "C:\\Windows\\System32\\DriverStore\\FileRepository\\" | where FileName endswith ".js" or FileName == "MPDW-constraints.js"

Hunt for creation of registry key / value events

DeviceRegistryEvents | where TimeGenerated > ago(60d) // change the duration according to your requirement | where ActionType == "RegistryValueSet" | where RegistryKey contains "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{026CC6D7-34B2-33D5-B551-CA31EB6CE345}\\Server" | where RegistryValueName has "(Default)" | where RegistryValueData has "wayzgoose.dll" or RegistryValueData contains ".dll"

Hunt for custom protocol handler

DeviceRegistryEvents | where TimeGenerated > ago(60d) // change the duration according to your requirement | where ActionType == "RegistryValueSet" | where RegistryKey contains "HKEY_CURRENT_USER\\Software\\Classes\\PROTOCOLS\\Handler\\rogue" | where RegistryValueName has "CLSID" | where RegistryValueData contains "{026CC6D7-34B2-33D5-B551-CA31EB6CE345}" Indicators of compromise

Batch script artifacts:

execute.bat
doit.bat
servtask.bat
7d51e5cc51c43da5deae5fbc2dce9b85c0656c465bb25ab6bd063a503c1806a9

GooseEgg artifacts:

justice.pdb
wayzgoose.pdb

IndicatorTypeDescriptionc60ead92cd376b689d1b4450f2578b36ea0bf64f3963cfa5546279fa4424c2a5SHA-256Hash of GooseEgg binary DefragmentSrv.exe6b311c0a977d21e772ac4e99762234da852bbf84293386fbe78622a96c0b052fSHA-256Hash of GooseEgg binary justice.exe41a9784f8787ed86f1e5d20f9895059dac7a030d8d6e426b9ddcaf547c3393aaSHA-256Hash of wayzgoose[%n].dll – where %n is a random number References

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn at https://www.linkedin.com/showcase/microsoft-threat-intelligence, and on X (formerly Twitter) at https://twitter.com/MsftSecIntel.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast: https://thecyberwire.com/podcasts/microsoft-threat-intelligence.

The post Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials appeared first on Microsoft Security Blog.

Categories: Microsoft

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

Microsoft Malware Protection Center - Wed, 04/17/2024 - 12:00pm

Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.

OpenMetadata is an open-source platform designed to manage metadata across various data sources. It serves as a central repository for metadata lineage, allowing users to discover, understand, and govern their data. On March 15, 2024, several vulnerabilities in OpenMetadata platform were published. These vulnerabilities (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254), affecting versions prior to 1.3.1, could be exploited by attackers to bypass authentication and achieve remote code execution. Since the beginning of April, we have observed exploitation of this vulnerability in Kubernetes environments.

Microsoft highly recommends customers to check clusters that run OpenMetadata workload and make sure that the image is up to date (version 1.3.1 or later). In this blog, we share our analysis of the attack, provide guidance for identifying vulnerable clusters and using Microsoft security solutions like Microsoft Defender for Cloud to detect malicious activity, and share indicators of compromise that defenders can use for hunting and investigation.

Attack flow

For initial access, the attackers likely identify and target Kubernetes workloads of OpenMetadata exposed to the internet. Once they identify a vulnerable version of the application, the attackers exploit the mentioned vulnerabilities to gain code execution on the container running the vulnerable OpenMetadata image.

After establishing a foothold, the attackers attempt to validate their successful intrusion and assess their level of control over the compromised system. This reconnaissance step often involves contacting a publicly available service. In this specific attack, the attackers send ping requests to domains that end with oast[.]me and oast[.]pro, which are associated with Interactsh, an open-source tool for detecting out-of-band interactions.

OAST domains are publicly resolvable yet unique, allowing attackers to determine network connectivity from the compromised system to attacker infrastructure without generating suspicious outbound traffic that might trigger security alerts. This technique is particularly useful for attackers to confirm successful exploitation and validate their connectivity with the victim, before establishing a command-and-control (C2) channel and deploying malicious payloads.

After gaining initial access, the attackers run a series of reconnaissance commands to gather information about the victim environment. The attackers query information on the network and hardware configuration, OS version, active users, etc.

As part of the reconnaissance phase, the attackers read the environment variables of the workload. In the case of OpenMetadata, those variables might contain connection strings and credentials for various services used for OpenMetadata operation, which could lead to lateral movement to additional resources.

Once the attackers confirm their access and validate connectivity, they proceed to download the payload, a cryptomining-related malware, from a remote server. We observed the attackers using a remote server located in China. The attacker’s server hosts additional cryptomining-related malware that are stored, for both Linux and Windows OS.

Figure 1. Additional cryptomining-related malware in the attacker’s server

The downloaded file’s permissions are then elevated to grant execution privileges. The attacker also added a personal note to the victims:

Figure 2. Note from attacker

Next, the attackers run the downloaded cryptomining-related malware, and then remove the initial payloads from the workload. Lastly, for hands-on-keyboard activity, the attackers initiate a reverse shell connection to their remote server using Netcat tool, allowing them to remotely access the container and gain better control over the system. Additionally, for persistence, the attackers use cronjobs for task scheduling, enabling the execution of the malicious code at predetermined intervals.

How to check if your cluster is vulnerable

Administrators who run OpenMetadata workload in their cluster need to make sure that the image is up to date. If OpenMetadata should be exposed to the internet, make sure you use strong authentication and avoid using the default credentials.

To get a list of all the images running in the cluster:

kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{.spec.containers[*].image}{"\n"}{end}' | grep 'openmetadata'

If there is a pod with a vulnerable image, make sure to update the image version for the latest version.

How Microsoft Defender for Cloud capabilities can help

This attack serves as a valuable reminder of why it’s crucial to stay compliant and run fully patched workloads in containerized environments. It also highlights the importance of a comprehensive security solution, as it can help detect malicious activity in the cluster when a new vulnerability is used in the attack. In this specific case, the attackers’ actions triggered Microsoft Defender for Containers alerts, identifying the malicious activity in the container. In the example below, Microsoft Defender for Containers alerted on an attempt to initiate a reverse shell from a container in a Kubernetes cluster, as happened in this attack:

Figure 3. Microsoft Defender for Containers alert for detection of potential reverse shell

To prevent such attacks, Microsoft Defender for Containers provides agentless vulnerability assessment for Azure, AWS, and GCP, allowing you to identify vulnerable images in the environment, before the attack occurs. Microsoft Defender Cloud Security Posture Management (CSPM) can help to prioritize the security issues according to their risk. For example, Microsoft Defender CSPM highlights vulnerable workloads exposed to the internet, allowing organizations to quickly remediate crucial threats.

Organizations can also monitor Kubernetes clusters using Microsoft Sentinel via Azure Kubernetes Service (AKS) solution for Sentinel, which enables detailed audit trail for user and system actions to identify malicious activity.

Indicators of compromise (IoCs) TypeIoCExecutable SHA-2567c6f0bae1e588821bd5d66cd98f52b7005e054279748c2c851647097fa2ae2dfExecutable SHA-25619a63bd5d18f955c0de550f072534aa7a6a6cc6b78a24fea4cc6ce23011ea01dExecutable SHA-25631cd1651752eae014c7ceaaf107f0bf8323b682ff5b24c683a683fdac7525badIP8[.]222[.]144[.]60IP61[.]160[.]194[.]160IP8[.]130[.]115[.]208

Hagai Ran Kestenberg, Security Researcher
Yossi Weizman, Senior Security Research Manager

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

The post Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters appeared first on Microsoft Security Blog.

Categories: Microsoft

New Microsoft guidance for the DoD Zero Trust Strategy

Microsoft Malware Protection Center - Tue, 04/16/2024 - 12:00pm

The Department of Defense (DoD) Zero Trust Strategy1 and accompanying execution roadmap2 sets a path for achieving enterprise-wide target-level Zero Trust by 2027. The roadmap lays out vendor-agnostic Zero Trust activities that DoD Components and Defense Industrial Base (DIB) partners should complete to achieve Zero Trust capabilities and outcomes.

Microsoft commends the DoD for approaching Zero Trust as a mindset, not a capability or device that may be bought.1 Zero Trust can’t be achieved by a single technology, but through tight integration between solutions across product categories. Deciphering how security products achieve Zero Trust based on marketing materials alone is a daunting task. IT leaders need to select the right tools. Security architects need to design integrated solutions. Implementers need to deploy, configure, and integrate tools to achieve the outcomes in each Zero Trust activity.

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy. To learn more, see Configure Microsoft cloud services for the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust. We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust Strategy

The DoD released its formal Zero Trust Strategy in October 2022.1 The strategy is a security framework and mindset that set a path for achieving Zero Trust. The strategy outlines strategic goals for adopting culture, defending DoD Information Systems, accelerating technology implementation, and enabling Zero Trust.

The DoD Zero Trust Strategy includes seven pillars that represent protection areas for Zero Trust:

User
Device
Applications and workloads
Data
Network
Automation and orchestration
Visibility and analytics

In January 2023, the DoD published a capabilities-based execution roadmap for implementing Zero Trust.2 The roadmap details 45 Zero Trust capabilities spanning the seven pillars. The execution roadmap details the Zero Trust activities DoD Components should perform to achieve each Zero Trust capability. There are 152 Zero Trust activities in total, divided into Target Level Zero Trust and Advanced Level Zero Trust phases with deadlines of 2027 and 2032, respectively.

The Zero Trust activity-level guidance we’re announcing in this blog continues Microsoft’s commitment to supporting DoD’s Zero Trust strategy.3 It serves as a reference for how DoD Components should implement Zero Trust activities using Microsoft cloud services. Microsoft product teams and security architects supporting DoD worked in close partnership to provide succinct, actionable guidance side-by-side with the DoD Zero Trust activity text and organized by product with linked references.

We scoped the guidance to features available today (including public preview) for Microsoft 365 DoD and Microsoft Azure Government customers. As the security landscape changes, Microsoft will continue innovating to meet the needs of federal and DoD customers.4 We’re excited to bring entirely new Zero Trust technologies like Microsoft Copilot for Security and Security Service Edge to United States Government clouds in the future.5

Look out for announcements in the Microsoft Security Blog and check Microsoft’s DoD Zero Trust documentation to see the latest guidance.

Microsoft’s Zero Trust platform

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.6 The Microsoft Zero Trust platform is a modern security architecture that emphasizes proactive, integrated, and automated security measures. Microsoft 365 E5 combines best-in-class productivity apps with advanced security capabilities that span all seven pillars of the DoD Zero Trust Strategy.

“Single products/suites can be adopted to address multiple capabilities. Integrated vendor suites of products rather than individual components will assist in reducing cost and risk to the government.”

—Department of Defense Zero Trust Reference Architecture Version 2.07

Zero Trust Rapid Modernization Plan

Microsoft 365 is a comprehensive and extensible Zero Trust platform.8 It’s a hybrid cloud, multicloud, and multiplatform solution. Pre-integrated extended detection and response (XDR) services coupled with modern cloud-based device management, and a cloud-based identity and access management service, provide a direct and rapid modernization path for the DoD and DIB organizations.

Read on to learn about Microsoft cloud services that support the DoD Zero Trust Strategy.

Figure 1. Microsoft Zero Trust Architecture.

Microsoft Entra ID is an integrated multicloud identity and access management solution and identity provider. Microsoft Entra ID is tightly integrated with Microsoft 365 and Microsoft Defender XDR services to provide a comprehensive suite Zero Trust capabilities including strict identity verification, enforcing least privilege, and adaptive risk-based access control.

Microsoft Entra ID is built for cloud-scale, handling billions of authentications every day. It uses industry standard protocols and is designed for both Microsoft and non-Microsoft apps. Establishing Microsoft Entra ID as your organization’s Zero Trust identity provider lets you configure, enforce, and monitor adaptive Zero Trust access policies in a single location. Conditional Access is the Zero Trust authorization engine for Microsoft Entra ID. It enables dynamic, adaptive, fine-grained, risk-based, access policies for any workload.

Microsoft Entra ID is essential to the user pillar and has a role in all other pillars of the DoD Zero Trust Strategy.

Microsoft Intune is a multiplatform endpoint and application management suite for Windows, MacOS, Linux, iOS, iPadOS, and Android devices. Microsoft Intune configuration policies manage devices and applications. Microsoft Defender for Endpoint helps organizations prevent, detect, investigate, and respond to advanced threats on devices. Microsoft Intune and Defender for Endpoint work together to enforce security policies, assess device health, vulnerability exposure, risk level, and configuration compliance status. Conditional Access policies requiring a compliant device help achieve comply-to-connect outcomes in the DoD Zero Trust Strategy.

Microsoft Intune and Microsoft Defender for Endpoint help achieve capabilities in the device pillar.

GitHub is a cloud-based platform where you can store, share, and work together with others to write code. GitHub Advanced Security includes features that help organizations improve and maintain code by providing code scanning, secret scanning, security checks, and dependency review throughout the deployment pipeline. Microsoft Entra Workload ID helps organizations use continuous integration and continuous delivery (CI/CD) with GitHub Actions.

GitHub and Azure DevOps are essential to the applications and workloads pillar.

Microsoft Purview is a range of solutions for unified data security, data governance, and risk and compliance management. Microsoft Purview Information Protection lets you define and label sensitive information types. Auto-labeling within Microsoft 365 clients ensure data is appropriately labeled and protected. Microsoft Purview Data Loss Prevention integrates with Microsoft 365 services and apps, and Microsoft Defender XDR components to detect and prevent data loss.

Microsoft Purview features align to the data pillar activities.

Azure networking services include a range of software-defined network resources that can be used to provide networking capabilities for connectivity, application protection, application delivery, and network monitoring. Azure networking resources like Microsoft Azure Firewall Premium, Azure DDoS Protection, Microsoft Azure Application Gateway, Azure API Management, Azure Virtual Network, and Network Security Groups, all work together to provide routing, segmentation, and visibility into your network.

Azure networking services and network segmentation architectures are essential to the network pillar.

Automate threat response with playbooks in Microsoft Sentinel

Learn more

Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response actions. It correlates millions of signals across endpoints, identities, email, and applications to automatically disrupt attacks. Microsoft Defender XDR’s automated investigation and response and Microsoft Sentinel playbooks are used to complete security orchestration, automation, and response (SOAR) activities.

Microsoft Defender XDR plays a key role in automation and orchestration and visibility and analytics pillars.

Microsoft Sentinel is a cloud-based security information and event management (SIEM) you deploy in Azure. Microsoft Sentinel operates at cloud scale to accelerate security response and save time by automating common tasks and streamlining investigations with incident insights. Built-in data connectors make it easy to ingest security logs from Microsoft 365, Microsoft Defender XDR, Microsoft Entra ID, Azure, non-Microsoft clouds, and on-premises infrastructure.

Microsoft Sentinel is essential to automation and orchestration and visibility and analytics pillars along with any activities requiring SIEM integration.

Real-world pilots and implementations

The DoD is embracing Zero Trust as a continuous modernization effort. Microsoft has partnered with DoD Components for several years, onboarding Microsoft 365 services, integrating apps with Microsoft Entra, migrating Azure workloads, managing devices with Microsoft Intune, and building security operations around Microsoft Defender XDR and Microsoft Sentinel.

One such example is the United States Navy’s innovative Flank Speed program. The Navy’s large-scale deployment follows Zero Trust capabilities put forth in the DoD’s strategy. These capabilities include comply-to-connect, continuous authorization, least-privilege access, and data-centric security controls.9 To date, Flank Speed has onboarded more than 560,000 users and evaluated the effectiveness of its robust cybersecurity tools through Purple Team assessments.10

Another example is Army 365, the United States Army’s Microsoft 365 environment.11 Army 365 has onboarded more than 1.4 million users and migrated petabytes of data.12 The secure collaboration environment incorporates Zero Trust principles in a secure collaboration environment with identity and device protections and includes support for bring your own device (BYOD) through Azure Virtual Desktop.13

DoD Zero Trust Strategy and Roadmap

Learn how to configure Microsoft cloud services for the DoD Zero Trust Strategy.

Learn more Learn more

Embrace proactive security with Zero Trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1DoD Zero Trust strategy, DoD CIO Zero Trust Portfolio Management Office. October 2022.

2Zero Trust Capability Execution Roadmap, DoD CIO Zero Trust Portfolio Management Office. January 2023.

3Microsoft supports the DoD’s Zero Trust strategy, Steve Faehl. November 22, 2022.

45 ways to secure identity and access for 2024, Joy Chik. January 10, 2024.

5Microsoft Entra Expands into Security Service Edge with Two New Offerings, Sinead O’Donovan. July 11, 2023.

6Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report, Joy Chik. September 19, 2023.

7Department of Defense (DoD) Zero Trust Reference Architecture Version 2.0, Defense Information Systems Agency (DISA), National Security Agency (NSA) Zero Trust Engineering Team. July 2022.

8How Microsoft is partnering with vendors to provide Zero Trust solutions, Vasu Jakkal. October 21, 2021.

9Flank Speed Has Paved the Way for Navy to Become ‘Leaders in Zero Trust Implementation,’ Says Acting CIO Jane Rathbun, Charles Lyons-Burt, GovCon Wire. June 2023.

10Flank Speed makes significant strides in DOD Zero Trust Activity alignment, Darren Turner, PEO Digital. December 2023.

11Army launches upgraded collaboration platform; cybersecurity at the forefront, Alexandra Snyder. June 17, 2021.

12Cohesive teams drive NETCOM’s continuous improvement, Army 365 migration, Enrique Tamez Vasquez, NETCOM Public Affairs Office. March 2023.

13BYOD brings personal devices to the Army network, Army Office of the Deputy Chief of Staff, G-6. February 2024.

The post New Microsoft guidance for the DoD Zero Trust Strategy appeared first on Microsoft Security Blog.

Categories: Microsoft

Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024

Microsoft Malware Protection Center - Mon, 04/15/2024 - 12:00pm

We’re thrilled to announce that Forrester has recognized Microsoft as a Leader in the Forrester Wave™: Workforce Identity Platforms, Q1 2024 report. We’re proud of this recognition, which we believe reflects our commitment to delivering advanced solutions that cater to the evolving needs of our customers in the workforce identity space.

Identity professionals have a tough job. Every day, they deal with a digital landscape that’s always changing and with attacks that are always intensifying. To protect workforce identities and devices, they must secure access to data, applications, and resources across various environments—from any location and on any network. Moreover, they’re under constant pressure to secure not only an increasingly mobile and remote workforce, but also organizational resources that are increasingly distributed across multicloud environments.

We spend a lot of time with our customers to understand and address their challenges, and we’re grateful for their partnership. Their needs inspire the features and capabilities in Microsoft Entra, and we’ll keep collaborating with them to enhance our unified platform by strengthening identity security, improving user experiences, and integrating advanced technologies such as generative AI.

Leading the way in the workforce identity

In their earlier report, The Workforce Identity Platforms Landscape, Q4 2023, Forrester defined a workforce identity platform as a security platform that unifies the governance, administration, and enforcement of identity safeguards across human (employees, contractors, partners) and machine (service accounts, devices, bots, containers) identities to protect access to corporate assets and resources such as networks, business systems, applications, and data.

In The Forrester Wave™ report, Forrester recognized Microsoft Entra for its adaptive policy engine, well-integrated identity lifecycle management, and end-to-end approach to identity threat detection. The report also stated that Microsoft Entra supports a breadth of authentication methods (including passwordless options) for accessing all your apps and resources (cloud-based, legacy, and non-Microsoft). We believe the report demonstrates the value that the Microsoft Entra product portfolio brings to our customers, which we are always striving to improve.

Looking to the future

It’s clear that—because AI is reshaping modern threats—AI-powered defenses are crucial. An AI-powered workforce identity platform empowers security and IT professionals to collaborate more effectively, gain deeper insights into security threats, and respond faster to emerging challenges.

We were happy to see Forrester cite Microsoft’s superior workforce identity vision that is underscored by its forward-looking innovation strategy in their evaluation. Looking forward, we’ll keep integrating our industry-leading AI capabilities with Microsoft Entra to help our customers future-proof their defenses and stay resilient against evolving cyberthreats in the workforce identity space.

Microsoft Entra

Safeguard connections between people, apps, resources, and devices with multicloud identity and network access solutions.

Explore products Learn more

To learn more about Microsoft Entra solutions, visit our website. Bookmark the Microsoft Entra blog to keep up with our expert coverage on workforce identity matters.

Forrester Wave™: Workforce Identity Platforms, Q1 2024, Geoff Cairns, Merrit Maxim, Lok Sze Sung, Pater Harrison. March 19, 2023.

The post Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024 appeared first on Microsoft Security Blog.

Categories: Microsoft

How Microsoft discovers and mitigates evolving attacks against AI guardrails

Microsoft Malware Protection Center - Thu, 04/11/2024 - 12:00pm

As we continue to integrate generative AI into our daily lives, it’s important to understand the potential harms that can arise from its use. Our ongoing commitment to advance safe, secure, and trustworthy AI includes transparency about the capabilities and limitations of large language models (LLMs). We prioritize research on societal risks and building secure, safe AI, and focus on developing and deploying AI systems for the public good. You can read more about Microsoft’s approach to securing generative AI with new tools we recently announced as available or coming soon to Microsoft Azure AI Studio for generative AI app developers.

We also made a commitment to identify and mitigate risks and share information on novel, potential threats. For example, earlier this year Microsoft shared the principles shaping Microsoft’s policy and actions blocking the nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track from using our AI tools and APIs.

In this blog post, we will discuss some of the key issues surrounding AI harms and vulnerabilities, and the steps we are taking to address the risk.

The potential for malicious manipulation of LLMs

One of the main concerns with AI is its potential misuse for malicious purposes. To prevent this, AI systems at Microsoft are built with several layers of defenses throughout their architecture. One purpose of these defenses is to limit what the LLM will do, to align with the developers’ human values and goals. But sometimes bad actors attempt to bypass these safeguards with the intent to achieve unauthorized actions, which may result in what is known as a “jailbreak.” The consequences can range from the unapproved but less harmful—like getting the AI interface to talk like a pirate—to the very serious, such as inducing AI to provide detailed instructions on how to achieve illegal activities. As a result, a good deal of effort goes into shoring up these jailbreak defenses to protect AI-integrated applications from these behaviors.

While AI-integrated applications can be attacked like traditional software (with methods like buffer overflows and cross-site scripting), they can also be vulnerable to more specialized attacks that exploit their unique characteristics, including the manipulation or injection of malicious instructions by talking to the AI model through the user prompt. We can break these risks into two groups of attack techniques:

Malicious prompts: When the user input attempts to circumvent safety systems in order to achieve a dangerous goal. Also referred to as user/direct prompt injection attack, or UPIA.
Poisoned content: When a well-intentioned user asks the AI system to process a seemingly harmless document (such as summarizing an email) that contains content created by a malicious third party with the purpose of exploiting a flaw in the AI system. Also known as cross/indirect prompt injection attack, or XPIA.

Today we’ll share two of our team’s advances in this field: the discovery of a powerful technique to neutralize poisoned content, and the discovery of a novel family of malicious prompt attacks, and how to defend against them with multiple layers of mitigations.

Neutralizing poisoned content (Spotlighting)

Prompt injection attacks through poisoned content are a major security risk because an attacker who does this can potentially issue commands to the AI system as if they were the user. For example, a malicious email could contain a payload that, when summarized, would cause the system to search the user’s email (using the user’s credentials) for other emails with sensitive subjects—say, “Password Reset”—and exfiltrate the contents of those emails to the attacker by fetching an image from an attacker-controlled URL. As such capabilities are of obvious interest to a wide range of adversaries, defending against them is a key requirement for the safe and secure operation of any AI service.

Our experts have developed a family of techniques called Spotlighting that reduces the success rate of these attacks from more than 20% to below the threshold of detection, with minimal effect on the AI’s overall performance:

Spotlighting (also known as data marking) to make the external data clearly separable from instructions by the LLM, with different marking methods offering a range of quality and robustness tradeoffs that depend on the model in use.

Mitigating the risk of multiturn threats (Crescendo)

Our researchers discovered a novel generalization of jailbreak attacks, which we call Crescendo. This attack can best be described as a multiturn LLM jailbreak, and we have found that it can achieve a wide range of malicious goals against the most well-known LLMs used today. Crescendo can also bypass many of the existing content safety filters, if not appropriately addressed. Once we discovered this jailbreak technique, we quickly shared our technical findings with other AI vendors so they could determine whether they were affected and take actions they deem appropriate. The vendors we contacted are aware of the potential impact of Crescendo attacks and focused on protecting their respective platforms, according to their own AI implementations and safeguards.

At its core, Crescendo tricks LLMs into generating malicious content by exploiting their own responses. By asking carefully crafted questions or prompts that gradually lead the LLM to a desired outcome, rather than asking for the goal all at once, it is possible to bypass guardrails and filters—this can usually be achieved in fewer than 10 interaction turns. You can read about Crescendo’s results across a variety of LLMs and chat services, and more about how and why it works, in our research paper.

While Crescendo attacks were a surprising discovery, it is important to note that these attacks did not directly pose a threat to the privacy of users otherwise interacting with the Crescendo-targeted AI system, or the security of the AI system, itself. Rather, what Crescendo attacks bypass and defeat is content filtering regulating the LLM, helping to prevent an AI interface from behaving in undesirable ways. We are committed to continuously researching and addressing these, and other types of attacks, to help maintain the secure operation and performance of AI systems for all.

In the case of Crescendo, our teams made software updates to the LLM technology behind Microsoft’s AI offerings, including our Copilot AI assistants, to mitigate the impact of this multiturn AI guardrail bypass. It is important to note that as more researchers inside and outside Microsoft inevitably focus on finding and publicizing AI bypass techniques, Microsoft will continue taking action to update protections in our products, as major contributors to AI security research, bug bounties and collaboration.

To understand how we addressed the issue, let us first review how we mitigate a standard malicious prompt attack (single step, also known as a one-shot jailbreak):

Standard prompt filtering: Detect and reject inputs that contain harmful or malicious intent, which might circumvent the guardrails (causing a jailbreak attack).
System metaprompt: Prompt engineering in the system to clearly explain to the LLM how to behave and provide additional guardrails.

Defending against Crescendo initially faced some practical problems. At first, we could not detect a “jailbreak intent” with standard prompt filtering, as each individual prompt is not, on its own, a threat, and keywords alone are insufficient to detect this type of harm. Only when combined is the threat pattern clear. Also, the LLM itself does not see anything out of the ordinary, since each successive step is well-rooted in what it had generated in a previous step, with just a small additional ask; this eliminates many of the more prominent signals that we could ordinarily use to prevent this kind of attack.

To solve the unique problems of multiturn LLM jailbreaks, we create additional layers of mitigations to the previous ones mentioned above:

Multiturn prompt filter: We have adapted input filters to look at the entire pattern of the prior conversation, not just the immediate interaction. We found that even passing this larger context window to existing malicious intent detectors, without improving the detectors at all, significantly reduced the efficacy of Crescendo.
AI Watchdog: Deploying an AI-driven detection system trained on adversarial examples, like a sniffer dog at the airport searching for contraband items in luggage. As a separate AI system, it avoids being influenced by malicious instructions. Microsoft Azure AI Content Safety is an example of this approach.
Advanced research: We invest in research for more complex mitigations, derived from better understanding of how LLM’s process requests and go astray. These have the potential to protect not only against Crescendo, but against the larger family of social engineering attacks against LLM’s.

How Microsoft helps protect AI systems

AI has the potential to bring many benefits to our lives. But it is important to be aware of new attack vectors and take steps to address them. By working together and sharing vulnerability discoveries, we can continue to improve the safety and security of AI systems. With the right product protections in place, we continue to be cautiously optimistic for the future of generative AI, and embrace the possibilities safely, with confidence. To learn more about developing responsible AI solutions with Azure AI, visit our website.

To empower security professionals and machine learning engineers to proactively find risks in their own generative AI systems, Microsoft has released an open automation framework, PyRIT (Python Risk Identification Toolkit for generative AI). Read more about the release of PyRIT for generative AI Red teaming, and access the PyRIT toolkit on GitHub. If you discover new vulnerabilities in any AI platform, we encourage you to follow responsible disclosure practices for the platform owner. Microsoft’s own procedure is explained here: Microsoft AI Bounty.

The Crescendo Multi-Turn LLM Jailbreak Attack

Read about Crescendo’s results across a variety of LLMs and chat services, and more about how and why it works.

Read the paper

The post How Microsoft discovers and mitigates evolving attacks against AI guardrails appeared first on Microsoft Security Blog.

Categories: Microsoft

Explore Microsoft’s AI innovations at RSA Conference 2024

Microsoft Malware Protection Center - Thu, 04/04/2024 - 12:00pm

The security of your organization directly correlates with your ability to transform and achieve your business objectives. Microsoft can help you make that happen, with our powerful combination of large-scale data and threat intelligence, end-to-end protection, and responsible AI.

Recently at Microsoft Secure, we shared our latest innovations for securing and governing AI and announced the generative AI solution for cyberdefenders: Microsoft Copilot for Security. We’re excited to talk with you about how to bring these innovations to life in your organization at the RSA Conference (RSAC), May 6 to 9, 2024, in San Francisco.

At the conference, we’ll demonstrate how to secure and govern AI and benefit from end-to-end protection with solutions across the Microsoft Security portfolio, including Microsoft Copilot for Security. We’ll show you how we help security teams build their skills faster to protect their organizations.

Join us a day early, on Sunday, May 5, 2024, at Microsoft Pre-Day to kick-off RSA Conference 2024, and hear directly from our Microsoft Security Business leaders, including Vasu Jakkal, Corporate Vice President, Microsoft Security Business, and Charlie Bell, Executive Vice President, Microsoft Security. Plus, view live demos at a variety of Microsoft sessions happening throughout the conference in breakout rooms and at our booth #6044N.

Microsoft Pre-Day: Hear from Microsoft Security product leaders

Start the conference on a high note by joining us for the Microsoft Pre-Day at the Microsoft Security Hub beginning at 4:00 PM PT on Sunday, May 5, 2024. For chief information security officers (CISOs) and cybersecurity professionals, we invite you to dive deeper into the latest AI announcements, learn about new product capabilities, and gain peace of mind of how to secure AI as you introduce the technology into your organization.

Vasu Jakkal and other Microsoft leaders will share our perspectives on topics like AI-powered security, innovations in end-to-end protection, and solutions to secure AI. We’ll also be joined by Microsoft customers who will share how they have been successful in their security evolution.

Pre-Day will continue with a Q&A session with Vasu Jakkal, Charlie Bell, and other leaders. They’ll reflect on the latest developments in cybersecurity, AI, and how the global community of cyber professionals can work together for a more secure future.

The conclusion of Pre-Day will be an evening reception at 6:00 PM PT, where you will have an opportunity to network with other professionals over drinks and appetizers.

Once the RSA Conference begins, you’ll have several opportunities to attend demos and connect one-on-one with Microsoft product experts. Mark your calendar on Tuesday, May 7, 2024, to visit our keynote in the official conference line up from 3:40 PM PT to 4:00 PM PT at Moscone West. Vasu Jakkal will share insights on how AI is evolving, its impact on the threat landscape, and what every organization should do to keep it safe.

While there is a lot of hype around AI, most security professionals are taking a risk-averse approach. This means that employees will find workarounds to use generative AI. Join Brian Fielder, Vice President of Security Engineering at Microsoft, who will talk about Microsoft’s approach to securing and governing AI. You will walk away with practical guidance on governing AI, how to ensure data privacy, and compliance.

Check out one or all of our Microsoft Security sessions included in the RSA Conference agenda. Here are just a few you won’t want to miss:

“Hiding in Plain Sight: Hunting Volt Typhoon Cyber Actors.” Monday, May 6, 2024, 2:20 PM PT to 3:10 PM PT. Explore how the private sector and United States government work together to identify activity of the Volt Typhoon cyberthreat. Get lessons learned from Volt Typhoon’s tactics, techniques, and procedures, and how network defenders can best defend themselves. Kelly Bissell, Deputy CISO and CVP, Security Services, Microsoft; Cynthia Kaiser, Deputy Assistant Director, FBI; Morgan Adamski, Chief NSA Cybersecurity Collaboration Center, DOD; and Andrew Scott, Associate Director for China Operations, CISA; will share insights.
“AI Safety: Where’s the Puck Headed?” Wednesday, May 8, 2024, 9:40 AM PT to 10:30 AM PT. Hear from a panel of experts—Ram Shankar Siva Kumar Data Cowboy, Microsoft; Vijay Bolina, CISO, Head of Cybersecurity Research, Google DeepMind; Rumman Chowdhury, Responsible AI Fellow, Berkman Klein Center, Harvard University; Dan Hendrycks, Founder, Center for AI Safety; and Daniel Rohrer, Vice President of Software Product Security—Architecture and Research, NVIDIA—on what AI safety means, why it rose to prominence, and what this means for the future of AI and cybersecurity.
“From Attribution to Accountability: Upholding International Rules Online.” Wednesday, May 8, 2024, 1:15 PM PT to 2:05 PM PT. Get insights from a panel of litigation experts on how governments and the private sector can improve their public attribution efforts and ensure they are working cooperatively to advance respect for international rules online. The panel will include Amy Hogan-Burney, Associate Counsel and General Manager, Cybersecurity Policy and Protection, Microsoft; Megan Stifel, Chief Strategy Officer, Institute for Security and Technology; Liesyl Franz, Deputy Assistant Secretary for International Cyberspace Security, United States Department of State; Jonathan Horowitz, Legal Advisor, International Committee of the Red Cross; and William Middleton of the Foreign, Cyber Director, Foreign, Commonwealth and Development Office.

You can also stop by our Security Hub, located at The Palace Hotel, at any time to view an additional lineup of sessions well worth exploring, highlighting a few:

“A Year of Microsoft Copilot for Security.” Monday, May 6, 2024,10:30 AM PT to 11:30 AM PT. Join us as we reflect on 12 months of learning from early customers, listen to their real-world experiences, dive into research on how Copilot for Security can elevate productivity with optimized security and catch a sneak peek into the future of generative AI in security.
“Threat intelligence trends and insights breakfast panel.”: Tuesday, May 7, 2024, 8:00 AM PT to 9:00 AM PT. Attend an exclusive briefing featuring experts from the Microsoft Threat Intelligence team, who analyze 78 trillion signals daily to uncover emerging threats. They will share insights and guidance on nation-state actors, cybercrime takedowns, fraud and social engineering, and cyber influence operations.
AI Safety lunch and fireside chat: Tuesday, May 7, 2024, 12:00 PM PT to 1:30 PM PT. Join Sarah Bird, Chief Product Officer of Responsible AI, and Bret Arsenault, Chief Cybersecurity Advisor, where we’ll address CISOs’ top AI concerns, the importance of responsible AI, and Microsoft’s commitment to AI safety. Walk away with practical guidance on implementing AI safely in your organization.
“Zero Trust for AI Security Leaders session.” Tuesday, May 7, 2024, 2:30 PM PT to 3:15 PM PT. Gain a deeper understanding of the five top risks inherent to generative AI and how Zero Trust for AI can help your organization deploy and use AI securely. You will walk away from this session with a Zero Trust for AI framework and a copy of the book signed by the author and presenter Mark Simos.

Visit Microsoft Security Hub at The Palace Hotel

Join us for these sessions and more at the Microsoft Security Hub. Don’t miss out on the opportunity to explore all our sessions and ancillary events, plus you can also engage in a gamified experience dedicated to AI for security and have the chance to win exciting prizes. Additionally, you can schedule meetings with Microsoft experts and delve into the Cyber Threat Intelligence Program’s (CTIP) interactive experience from the Microsoft Digital Crimes Unit (DCU), where you’ll be able to explore the world of the malware sinkhole. The CTIP collects actionable cyberthreat intelligence from its malware disruption operations and uses this data to inform Microsoft products and services. Leveraging unique insights from Microsoft Threat Intelligence, the DCU disrupts cybercriminals’ technical infrastructure through civil legal actions, technical measures, criminal referrals to law enforcement, and public and private partnerships.

Stop by Microsoft Security booth at Moscone North

The Microsoft booth will be located this year in Moscone North, close to the entrance, and will feature demos of Microsoft Security portfolio, theater presentations, gamified experience focused on Security for AI, and interactive DCU experience. Have some refreshments amidst your busy conference day and get your copy of the books about Zero Trust and Threat Intelligence signed by the authors.

Drop by the theater at the the Microsoft booth to hear from our experts on the latest news and demos on AI, threat protection, secure access, data governance, cloud security, privacy, Zero Trust, and more.

Participate in conversations on the future of cybersecurity

While at RSAC, consider participating in other events that will connect you with cybersecurity professionals and spark interesting conversation about the future of cybersecurity and AI.

CSA AI Summit: Monday, May 6, 2024, 12:10 PM PT to 12:30 PM PT. Get a front-row seat to Microsoft Security for AI innovations as part of the summit. Led by Microsoft Senior Product Marketing Manager Tina Ying, our session will focus on Security for AI. The CSA AI Summit, from 8:00 AM to 3:00 PM PT on Level 3 of Moscone Center South, will explore the intersection of AI and cloud and offer best practices on how to make the most of the AI revolution. More than 1,100 cybersecurity leaders and professionals are expected to attend the summit.
Women in Cybersecurity (WiCyS) Meetup: Tuesday, May 7, 2024, 6:30 PM PT to 7:30 PM PT. Learn how WiCyS is introducing more women to cybersecurity—and how you can support these endeavors. The meetup will spotlight the achievements of WiCyS, established in 2012 to increase the number of women in cybersecurity roles by giving them mentorships, networking opportunities, and access to training and resources.

Microsoft Partners: Networking opportunity and Security Excellence Awards celebration

The Microsoft Intelligent Security Association (MISA), comprised of independent software vendors (ISV) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft’s security products, will be back at RSAC 2024. MISA will again have a demo station at Microsoft Booth #6044N in Moscone North Expo among other events, including the fifth annual Microsoft Security Excellence Awards (presented by MISA).

MISA’s RSAC 2024 presence will include:

MISA Demo Station: Stop by Microsoft Booth #6044N Monday, May 6, 2024, to Thursday, May 9, 2024, for demonstrations of Microsoft products.
Theater sessions: Join one or more of our five theater sessions for valuable insights focused on how MISA members work together with Microsoft to protect customers from cyberthreats. Led by MISA members, these sessions will focus on strategies to protect customers from cyber threats. The sessions will feature expertise from partners Bulletproof, ContraForce, Darktrace, Avanade, Kovrr, and glueckkanja AG.
Hub sessions: Join MISA members for a one-hour session on top-of-mind security topics in the Microsoft Security Hub.
Partner awards: MISA members are invited to attend the Microsoft Security Excellence Awards on Monday, May 6, 2024, where winners will be announced in nine security award categories.

Congratulations to the finalists of the 2024 Excellence Awards!

Connect with Microsoft at RSAC

Register today for the Microsoft Security RSAC Pre-Day on May 5, 2024 from 4:00 PM PT to 6:00 PM PT. Explore our sessions, receptions, and other events. Leverage this opportunity to learn and connect. Stop by our booth #6044N to ask questions. Enjoy conversation or simply say hello. Looking forward to seeing you at RSAC!

The post Explore Microsoft’s AI innovations at RSA Conference 2024 appeared first on Microsoft Security Blog.

Categories: Microsoft

Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview

Microsoft Malware Protection Center - Wed, 04/03/2024 - 12:00pm

Today, I am excited to announce the public preview of our unified security operations platform. When we announced a limited preview in November 2023, it was one of the first security operations center platforms that brought together the full capabilities of an industry-leading cloud-native security information and event management (SIEM), comprehensive extended detection and response (XDR), and generative AI built specifically for cybersecurity. This powerful combination of capabilities delivers a truly unified analyst experience in the security operations center (SOC).

And last month at Microsoft Secure, we added unified exposure management capabilities that provide continuous, proactive end-to-end visibility of assets and cyberattack paths. Together, these fully integrated, comprehensive capabilities give security leaders and SOC teams what they need to manage cyberthreats across their organization—from prevention to detection and response.

After gaining insights from the initial customer feedback, we are excited to expand the platform’s availability to public preview. Customers with a single Microsoft Sentinel workspace and at least one Defender XDR workload deployed can start enjoying the benefits of a unified experience, in a production environment, now. Onboarding a Microsoft Sentinel workspace only takes a few minutes, and customers can continue to use their Microsoft Sentinel in Azure. Need another reason to get started today? Microsoft Sentinel customers using Microsoft Copilot for Security can now leverage the embedded experience in the Defender portal, helping them to level up their security practice further.

Unified security operations platform

The new platform brings together the capabilities of XDR and SIEM. Learn how to onboard your Microsoft Sentinel workspace to the Microsoft Defender portal.

Get started today Knock down security silos and drive better security outcomes

SOCs are buried under mountains of alerts, security signals, and initiatives. Analysts are spending too much time sifting through low-level alerts, jumping between portals, and navigating complex workflows to understand what happened, how to resolve it, and how to prevent it from happening again. This leaves little time for analysts to focus on high-value tasks—like remediating multistage incidents fully or even decreasing the likelihood of future attacks by reducing the attack surface. With an ever-growing gap in supply and demand of talent—in fact, there are only enough cybersecurity professionals to meet 82% of the United States demand—something must change.1

At the heart of this challenge is siloed data—SOCs have too much security data stored in too many places and most SOC teams lack the tools to effectively bring it all together, normalize it, apply advanced analytics, enrich with threat intelligence, and act on the insights across the entire digital estate. This is why we built the security operations platform—by bringing together the full capabilities of SIEM, XDR, exposure management, generative AI, and threat intelligence together, security teams will be empowered with unified, comprehensive features that work across use cases, not security tool siloes.

The new analyst experience is built to create a more intuitive workflow for the SOC, with unified views of incidents, exposure, threat intelligence, assets, and security reporting. This is a true single pane of glass for security across your entire digital estate. Beyond delivering a single experience, unifying these features all on one platform delivers more robust capabilities across the entire cyberattack lifecycle.

“Security teams need a single pane of glass to manage today’s IT environments. Long gone are the days when teams could operate in silos and protect their environments. With today’s announcement Microsoft is moving another step forward in helping businesses protect their systems, customers and reputations,” said Chris Kissel, IDC Research Vice President, Security and Trust. “Microsoft combining the full capabilities of an industry-leading cloud-native SIEM and XDR with the first generative AI built specifically for cybersecurity is a game changer for the industry.”

Capabilities across Microsoft Sentinel and Microsoft Defender XDR products are now extending, making both Microsoft Sentinel and Defender XDR more valuable. XDR customers can now enjoy more flexibility in their reporting, their ability to deploy automations, and greater insight across data sources. With the new ability to run custom security orchestration, automation, and response (SOAR) playbooks on an incident provided by Microsoft Sentinel, Defender XDR customers can reduce repetitive processes and further optimize the SOC. They can also now hunt across their XDR and SIEM data in one place. Further, XDR detection and incident creation will now open to data from SIEM. SIEM customers can now get more out of the box value, improving their ability to focus on the tasks at hand and gain more proactive protection against threats, freeing them to spend more time on novel threats and the unique needs of their environment.

Prevent breaches with end-to-end visibility of your attack surface

During the past 10 years, the enterprise attack surfaces have expanded exponentially with the adoption of cloud services, bring-your-own device, increasingly complex supply chains, Internet of Things (IoT), and more. Approximately 98% of attacks can be prevented with basic cybersecurity hygiene, highlighting the importance of hardening all systems.2 Security silos make it more difficult and time-consuming to uncover, prioritize, and eliminate exposures.

Fortunately, the Microsoft Security Exposure Management solution, built right into the new unified platform experience, consolidates silos into a contextual and risk-based view. Within the unified platform, security teams gain comprehensive visibility across a myriad of exposures, including software vulnerabilities, control misconfigurations, overprivileged access, and evolving threats leading to sensitive data exposure. Organizations can leverage a single source of truth with unified exposure insights to proactively manage their asset risk across the entire digital estate. In addition, attack path modeling helps security professionals of all skill levels predict the potential steps adversaries may take to infiltrate your critical assets and reach your sensitive data.

Shut down in-progress attacks with automatic attack disruption

In today’s threat landscape, where multistage attacks are the new normal, automation is no longer optional, but a necessity. We’ve seen entire ransomware campaigns that only needed two hours to complete, with attackers moving laterally in as little as five minutes after initial compromise—the median time for attackers to access sensitive data is only 72 minutes.3 This capability is essential to counter the rapid, persistent attack methods like an AKIRA ransomware attack. Even the best security teams need to take breaks and with mere seconds separating thousands versus millions of dollars spent on an attack, the speed of response becomes critical.

This platform harnesses the power of XDR and AI to disrupt advanced attacks like ransomware, business email compromise, and adversary-in-the-middle attacks at machine speed with automatic attack disruption, a game-changing technology for the SOC that remains exclusive to Microsoft Security. Attack disruption is a powerful, out-of-the-box capability that automatically stops the progression and limits the impact of the most sophisticated attacks in near real-time. By stopping the attack progression, precious time is given back to the SOC to triage and resolve the incident.

Attack disruption works by taking a wide breadth of signals across endpoints and IoT, hybrid identities, email and collaboration tools, software as a service (SaaS) apps, data, and cloud workloads and applying AI-driven, researcher-backed analytics to detect and disrupt in-progress attacks with 99% confidence.3 With more than 78 trillion signals fueling our AI and machine learning models, we can rapidly detect and disrupt prominent attacks like ransomware in only three minutes, saving thousands of devices from encryption and recovery costs. Using our unique ability to recognize the intention of the attacker, meaning accurately predict their next move, Microsoft Defender XDR takes an automated response such as disabling a user account or isolating a device from connecting to any other resource in the network.

Built on the attack disruption technology in our Defender XDR solution, our unified platform now extends this dynamic protection to new solutions through Microsoft Sentinel—starting with SAP. When an SAP account attack is detected, our platform will automatically respond to cut off access in SAP. This means unprecedented protection for a platform that houses incredibly sensitive data, making it a prime target for attackers.

Investigate and respond faster

Multiple dashboards and siloed hunting experiences can really slow down the meantime to acknowledge and respond. The effectiveness of the SOC is measured by these critical metrics. Microsoft delivers a single incident queue, equipped with robust out-of-the-box rules, that saves time, reduces alert noise, and improves alert correlation, ultimately delivering a full view of an attack. During our private preview, customers saw up to an 80% reduction in incidents, with improved correlation of alerts to incidents across Microsoft Sentinel data sources, accelerating triage and response.4 Further, unified hunting helps customers to reduce investigation time by eliminating the need to know where data is stored or to run multiple queries on different tables.

We’re not stopping at automatic attack disruption and unified incident queues—we’re on a mission to uplevel analysts of all experience levels. Microsoft Copilot for Security helps security analysts accelerate their triage with comprehensive incident summaries that map to the MITRE framework, reverse-engineer malware, translate complex code to native language insights, and even complete multistage attack remediation actions with a single click.

Copilot for Security is embedded in the analyst experience, providing analysts with an intuitive, intelligent assistant than can guide response and even create incident reports automatically—saving analysts significant time. Early adopters are seeing their analysts move an average of 22% faster and accelerate time to resolution.5 Copilot for Security is more than a chatbot—it’s a true intelligent assistant built right into their workflow, helping them use their tools better, level up their skills, and get recommendations relevant to their work at hand.

If you’d like to join the public preview, view the prerequisites and how to connect your Microsoft Sentinel workplace.

Learn more

Learn more about Microsoft SIEM and XDR solutions.

1Cybersecurity Supply and Demand Heat Map, CyberSeek. 2024.

2Microsoft Digital Defense Report, Microsoft. 2023.

3Microsoft Digital Defense Report, Microsoft. 2022.

4Microsoft Internal Research.

5Microsoft Copilot for Security randomized controlled trial (RCT) with experienced security analysts conducted by Microsoft Office of the Chief Economist, January 2024.

The post Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview appeared first on Microsoft Security Blog.

Categories: Microsoft

Microsoft Priva announces new solutions to help modernize your privacy program

Microsoft Malware Protection Center - Tue, 04/02/2024 - 9:00am

We know managing privacy is harder than ever. The increasing complexity of regulatory requirements and constantly changing regulations make day-to-day privacy management a challenge. Manual, inefficient processes and inflexible tools can make it difficult for organizations to know where data is located and how it’s being used. The Microsoft Priva product portfolio helps organizations meet these challenges and their existing and emerging regulatory obligations.

This week, we are thrilled to announce the expansion of the Microsoft Priva family of products. Microsoft Priva was introduced in 2021 to help organizations navigate the complex world of privacy operations. The expansion of Microsoft Priva brings automated capabilities to help organizations meet adapting privacy requirements related to personal data.

Microsoft Priva

Protect personal data, automate risk mitigation, and manage subject rights requests at scale.

Explore product family

“Understanding and managing privacy is crucial for our clients. Exponential flows of sensitive data and emerging technologies such as generative AI have amplified the need for a strong privacy solution; we are confident in Microsoft’s vision to take on this challenge with Microsoft Priva. The richness of data and activities in Microsoft 365 and Priva’s ability to monitor and action on related workflows allows for a proactive approach to privacy. This capability aligns with our commitment to privacy and data protection, reinforcing our partnership with Microsoft to serve our global clients with solutions that address their privacy management needs.”

—Jon Kessler, Vice President, Information Governance, Epiq Legal Solutions What will the Priva family address?

In today’s digital landscape, people’s awareness of data privacy has surged to unprecedented levels. Individuals are increasingly aware of the intricate web of data points that define their online existence and how their data is collected and used. This has prompted a collective call for the safeguarding of personal information from unwarranted intrusions and establishing ways for people to take control of their personal data. The public has become more discerning about the need for stringent measures to protect their sensitive data and keep it private. The heightened awareness surrounding individual data privacy rights is not merely a fleeting trend—it’s a fundamental shift in the way society perceives and values the sanctity of personal information.

In response to this evolving landscape, the need to build and maintain customer trust has never been more pronounced. Privacy solutions have emerged to empower organizations to establish transparent and ethical data practices. Building customer trust is about a commitment to empowering individuals to have control over their own data.

Robust privacy solutions are essential for regulatory adherence and in cultivating a culture of transparency, accountability, and respect for user privacy. By embracing more robust privacy solutions, organizations not only fortify their defenses, but they also embark on a journey to forge enduring relationships with their customers—relationships based on mutual trust and data integrity. Beyond regulatory compliance, organizations should use transparent data practices to gain deeper insights into customer preferences, behaviors, and trends. This managed data can become a strategic asset—enabling more informed decision-making, delivering targeted marketing to customers who’ve consent to receive it, and developing personalized services. Prioritizing privacy is not just a legal necessity but a pathway to extracting meaningful and sustainable value from the wealth of data at an organization’s disposal.

Microsoft Priva is here to help your organization meet privacy and compliance requirements

Organizations must mitigate risk for privacy non-compliance and be ready for new and emerging regulations. They need an end-to-end solution that helps them oversee and establish privacy protocols across their entire organization. Microsoft Priva solutions support privacy operations across entire data estates—paving quick and cost-effective paths to meet privacy regulations and avoid the risks of non-compliance. With the Microsoft Priva family, organizations can automate the management, definition, and tracking of privacy procedures at scale to ensure personal data stays private, secure, and compliant with regulations. Let’s take a quick look at each member of the family.

Microsoft Priva Privacy Assessments

Build the foundation of your privacy posture with Microsoft Priva Privacy Assessments—a solution that automates the discovery, documentation, and evaluation of personal data use across your entire data estate. Automate privacy assessments and build a complete compliance record for the responsible use of personal data. Embed your custom privacy risk framework into each assessment to programmatically identify the factors contributing to privacy risk. Lower organizational risk and build trust with your data subjects. Priva Privacy Assessments help at any stage of the privacy journey, enabling you to fully utilize your company’s data while ensuring its proper use.

Key features

Automate the creation of privacy assessments: Discover and document personal data usage across your data estate through easily created custom assessments.
Monitor personal data usage: Automate monitoring for changes in data processing activities that require privacy compliance actions.
Evaluate privacy risks: Design a personalized privacy risk framework and use automated risk analysis based on the data usage information obtained from a privacy assessment.

Microsoft Priva Privacy Risk Management

Microsoft Priva Privacy Risk Management is here to empower you to simplify the identification of unstructured personal data usage. Priva Privacy Risk Management enables you to automate risk mitigation through easily definable policies that conform to your specific needs. It can also help you build a privacy-resilient workplace by identifying personal data and critical privacy risks around it, automating risk mitigation to prevent privacy incidents, and empowering employees to make smart data handling decisions.

Key features

Identify personal data and critical privacy risks: Gain visibility into your personal data and associated privacy risks arising from overexposure, hoarding, and transfers with automated data discovery, user mapping intelligence, and correlated signals.
Automate risk mitigation and prevent privacy incidents: Effectively mitigate privacy risks and prevent privacy incidents with automated policies and recommended user actions.
Empower employees to make smart data handling decisions: Foster a proactive privacy culture by increasing awareness of and accountability towards privacy risks without hindering employee productivity.

Microsoft Priva Tracker Scanning

With data privacy regulation laws surrounding tracking technologies continuously evolving—and fines for non-compliance exponentially increasing—organizations need a platform that enables them to avoid risk and standardize tracking compliance at scale. Microsoft Priva Tracker Scanning empowers organizations to automate the discovery and categorization of tracking technologies—including cookies, pixels, and beacons—across all their websites. With Priva Tracker Scanning, organizations can remediate risks for tracker non-compliance, effectively monitor website compliance, and easily address compliance issues. Priva Tracker Scanning enables your organization to embolden your privacy posture for maximum control and visibility.

Key features

Register and scan web domains: Automate scans for various forms of trackers—empowering you to quickly identify and categorize all tracking technologies on your websites.
Evaluate and manage web trackers: Use flexible scan configurations to easily identify missing compliance elements across your websites.
Streamline compliance reporting: Scan for areas of non-compliance and monitor compliance issues throughout the lifecycle of websites.

Microsoft Priva Consent Management

Gain better value from your user-consented data and meet today’s most challenging data privacy regulations with an approach to streamlining consent management and consented data usage. Built by harnessing Microsoft’s extensive experience and expertise in privacy operations, Microsoft Priva Consent Management provides a solution for bolstering your organization’s personal data consent management and publishing capabilities in a simplified and streamlined manner.

Key features

Create customizable and regulatory-compliant consent models: Quickly author dynamic consent models using prebuilt templates for easy deployment.
Streamline the deployment of consent models: Use a centralized process to publish consent models at scale to multiple regions.
Organization specific layouts: Create on-brand layouts for consent models that conform to changing business needs.

Microsoft Priva Subject Rights Requests

With personal data often distributed across multiple environments, organizations need a solution that enables them to fulfill and manage subject rights requests across their entire data estate for maximum visibility. Crafted from Microsoft’s extensive experience and expertise in data privacy operations, Microsoft Priva Subject Rights Requests is a next-generation privacy solution that enables organizations to automate the fulfillment of subject rights requests across their on-premises, hybrid, and multicloud environments. With Priva Subject Rights Request, organizations can manage the access, deletion, and export of subject rights requests across their entire data landscape. to help build trust with customers.

Key features

Efficiently manage subject rights requests: Streamline the fulfillment of subject rights request tasks using configurable settings within your workflows, providing end-to-end oversight of subject rights request operations.
Discover personal data across various data types and locations: Discover and manage subject rights requests across multicloud data estates, including Microsoft Azure, Microsoft 365, and third-party data sources like Amazon Web Services, Google Cloud Platform, and more.
Create low-code data agents to automate task fulfillment: Create low-code agents to automatically find and fulfill personal data requests using Microsoft Power Automate.

Learn more about new Priva capabilities at the IAPP Global Privacy Summit

From April 2 to 5, 2024, the world’s largest forum for exploring privacy and data protection law, regulation, policy, management, and operations takes place in Washington, D.C. The International Association of Privacy Professionals (IAPP) Summit is a key event for information privacy professionals to learn about innovative solutions and expand your privacy and data protection network. Microsoft will have a strong presence with a spotlight feature, breakout sessions, and networking events. Check the agenda for times and locations for these events and more:

Spotlight stage: Microsoft Priva Privacy—Paul Brightmore, Head of Product for Microsoft Privacy, and Terrell Cox, Vice President (VP) of Privacy Engineering at Microsoft, will be featured on the spotlight stage sharing about Microsoft Priva privacy solutions.

Breakout session: Managing Privacy at Scale—Explore how large organizations keep pace with today’s privacy obligations, share strategies and tools available to manage privacy at scale, and share updates on the latest privacy governance tools. Get insight into the emerging role of AI in managing privacy.

Mainstage session: Regulator’s Agenda—Shifting Priorities and Practices—Julie Brill, Chief Privacy Officer, Corporate VP, Global Privacy, Safety and Regulatory Affairs at Microsoft, moderates this discussion where you’ll learn the top priorities of privacy authorities, understand how AI governance factors into the Data Protection Authorities’ 2024 plans, and review lessons learned from recent privacy enforcement actions.

VIP reception—Microsoft is hosting this event to bring privacy experts together on April 3, 2024. This event promises an engaging showcase of Priva demonstrations, enriching conversations, and valuable insights within the field of privacy.

CDT Spring Fling—Microsoft is the lead sponsor of this reception organized in partnership with the Center for Democracy in Technology. The event includes a panel discussion on AI as a catalyst for ushering in the next era of data governance. Julie Brill, Chief Privacy Officer, Corporate VP, Global Privacy, Safety and Regulatory Affairs at Microsoft, will be speaking on this panel.

LGBTQ+ Allies After Party—Registration and tickets are required in advance for this Wednesday, April 3, 2024, afterparty at Pitchers. We hope to see you there.

Optimize your privacy operations today, and streamline compliance adherence

Thanks for taking the time to get to know the members of the Microsoft Priva suite of products. We’re so excited to continue to be your trusted partner in helping you meet your privacy and compliance regulations. Please check in on the Priva family from time to time to stay informed about our products.

Interested in learning more now? Head over to the Microsoft Priva homepage. To get a deeper dive into our product capabilities, read our Tech Community post or watch our video.

The post Microsoft Priva announces new solutions to help modernize your privacy program appeared first on Microsoft Security Blog.

Categories: Microsoft

Biographical Information Summary - This is Just a Summary Joe Pearce
Flounder's Keylime Pie is the Best in the World, At Least I Think So... Joe Pearce
Links Joe Pearce
Harley Ride Joe Pearce
Cobra with New Cover Joe Pearce
Mustang Cobra After Ceramic Coating Joe Pearce
Carter County Cruise In Joe Pearce
2003 Ford Mustang SVT Cobra Convertible NAPA Auto Car Show Top 10 Joe Pearce
Ponies in the Smokies - Mustang Trophy Joe Pearce
First Tennesee Regional Group Mustang Club January Meeting Joe Pearce

Microsoft

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

New Microsoft guidance for the DoD Zero Trust Strategy

Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024

How Microsoft discovers and mitigates evolving attacks against AI guardrails

Explore Microsoft’s AI innovations at RSA Conference 2024

Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview

Microsoft Priva announces new solutions to help modernize your privacy program

Welcome to Joe Pearce's Home Page.

Web page offered by Joe Pearce © 2004 - 2024 - All rights reserved.

Thanks to the ETSU Computer and Information Sciences Department.

Thanks to the NSTCC Computer and Information Sciences and Computer Engineering Technologies Department.

This is my Favicon.

You are here

Microsoft

Welcome to Joe Pearce's Home Page.

Web page offered by Joe Pearce © 2004 - 2024 - All rights reserved.

Thanks to the ETSU Computer and Information Sciences Department.

Thanks to the NSTCC Computer and Information Sciences and Computer Engineering Technologies Department.

This is my Favicon.