The Fearless CISO: 4 Ways to Secure Everything

By Mark Simos, Lead Cybersecurity Architect, Microsoft

Cyberattacks in 2021 continued to steadily increase in volume and sophistication. Ransomware continued its ruthless path across industries, often putting lives at risk. Ransomware attacks have also become increasingly simple to carry out with toolkits, such as in the case of the Colonial Pipeline attack that disrupted businesses and daily life for many businesses and individuals. The FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021, representing a 62% year-over-year increase.

With most organizations shifting to a hybrid work environment as a result of the pandemic, the attack surface has dramatically expanded beyond corporate boundaries, leaving organizations even more exposed to cyber threats. CISOs and other cybersecurity leaders are facing the dual challenges of enabling digital transformation while adapting to a rapidly expanding threat landscape. This continues to reinforce the need for a comprehensive security approach that aligns to business priorities.

What happens when security leaders have a comprehensive security approach based on Zero Trust principles? They can be fearless, armed with the ability to secure everything without any limits. Let’s take a look at four ways that we have seen organizations manage a comprehensive security approach:

1. Commit to a Zero Trust Strategy

Today’s organizations need a security model that adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located. That is exactly what you get when implementing a Zero Trust approach based on the three guiding principles of: verify explicitly, use least privilege access, and assume breach. Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originated from an uncontrolled network.

Our Zero Trust approach at Microsoft is designed to reduce risk at every opportunity across the digital estate, which includes identities, endpoints, applications, network, infrastructure, and data. This means that every transaction must be validated and proven trustworthy before the transaction can occur. This approach is consistent with industry standards like The Open Group’s recently released Zero Trust Commandments and the NIST’s Zero Trust Architecture.

Zero Trust takes a fresh look across all of your security disciplines, including access control, asset protection, security governance, security operations, and innovation security (e.g. DevSecOps). Architecturally, this brings in automated enforcement of security policy, correlation of signals across systems, and extensive security automation and orchestration to reduce manual labor and toil.

2. Manage Compliance, Risk, and Privacy

Organizations constantly access, process, and store a tremendous amount of data—which is only increasing with business innovation. Additionally, organizations now face an ever-growing landscape of data regulations, creating complexity and compliance risk. Using a tool like Microsoft Compliance Manager helps meet and manage regulatory requirements by translating complicated regulations and standards into simple language, mapping controls, and recommending improvement actions (in the form of step-by-step guidance).

Additionally, many organizations are still using manual processes to discover how much personal data they have stored, often lacking actionable insights to help mitigate security and privacy risks. With a tool such as privacy management for Microsoft 365, organizations can identify critical privacy risks, automate privacy operations, and empower employees to be smart when they are handling sensitive data.

3. Use a Combination of XDR + SIEM Tools

Security Operations (aka SecOps or SOC) sift through ever-growing mountains of data to detect and hunt for today’s attacks.

We have found that SecOps teams work best at this with a combination of deep analytics, broad visibility, and orchestration and automation. Extended detection and response (XDR) tools—such as Microsoft 365 Defender—provide deep insights and high-quality detections that allow SOCs to spend time on actual attacks rather than chasing false alarms (false positives). Security information and event management (SIEM) tools—such as Microsoft Sentinel—are helping security operations get a broad view across the environment and avoid “swivel chair analytics” from having to work across different consoles. Security Orchestration, Automated, and Response (SOAR) tools help lower analyst burnout by automatically investigating and remediating attacks (like AutoIR) and orchestrating repetitive tasks across tools (Sentinel SOAR). The integration of these three types of tools ultimately helps organizations stay ahead of today’s complex and rapidly evolving threat landscape.

4. Using MFA Whenever and Wherever Possible

Multifactor authentication (MFA) is an essential tool to implement to secure access to important resources within an organization. MFA adds a layer of protection to the sign-in process that passwords alone simply cannot offer. While MFA doesn’t stop all attacks, it does an amazing job of taking password attack techniques off the table. Password attacks are typically automated, resulting in a high volume of attacks that often result in attackers getting access to systems. Organizations that use MFA tools—such as Azure AD—are better protected through additional identity verification when accessing accounts or apps.

In a world of remote and hybrid work, taking a comprehensive approach to security with a Zero Trust strategy makes an organization more resilient to the continuous drumbeat of cyber-attacks. Microsoft is committed to enabling this world with end-to-end security solutions, architectural guidance, insights and education,  security program best practices, and more. For more information, please read more about our approach to comprehensive security.