Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

Microsoft beefs up cyber initiative after hard-hitting US report

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted



This is the hidden content, please
beefs up cyber initiative after hard-hitting US report

This is the hidden content, please
is doubling down on its
This is the hidden content, please
(SFI), expanding the programme – which sets out to address the software and vulnerability issues frequently exploited by threat actors – in the wake of the ******* States government Cyber Safety Review Board (CSRB) report
This is the hidden content, please
and the January 2024 Midnight Blizzard (Cozy Bear) *******.

Redmond said that the rapid evolution of the threat landscape underscored the severity of the threats that face both its own operations and those of its customers, and acknowledged that given its central role in the world’s IT ecosystem, it had a “critical responsibility” to earn and maintain trust.

“We are making security our top priority at

This is the hidden content, please
, above all else – over all other features. We’re expanding the scope of SFI, integrating the recent recommendations from the CSRB as well as our learnings from Midnight Blizzard to ensure that our cyber security approach ******** robust and adaptive to the evolving threat landscape,” said Charlie Bell, executive vice president of
This is the hidden content, please
Security.

“We will mobilise the expanded SFI pillars and goals across

This is the hidden content, please
and this will be a dimension in our hiring decisions. In addition, we will instil accountability by basing part of the compensation of the company’s Senior Leadership Team on our progress in meeting our security plans and milestones,” he said.

The SFI,

This is the hidden content, please
by
This is the hidden content, please
vice chair and president Brad Smith in November 2023, centres three core pillars – developing and improving AI-based cyber defences, improving software engineering practice, and advocating for stronger application of international norms in cyber space.

This is the hidden content, please
, Bell explained that this approach would now evolve with the work to be guided by three new principles:

  • Security by design, as a primary consideration in the design and development of any
    This is the hidden content, please
    product or service;
  • Security by default, with protections enabled and enforced by default, requiring no extra effort from users, but equally with no opt-outs for them;
  • Secure operations, with controls and monitoring continuously improving to meet changing threats head on.

Added to this,

This is the hidden content, please
will now align a set of expanded goals and actions to six prioritised pillars, as follows:

  • The protection of identities and secrets using best-in-class, quantum-ready standards;
  • The protection and isolation of all
    This is the hidden content, please
    tenants and production systems;
  • The protection of
    This is the hidden content, please
    production networks, and the isolation of
    This is the hidden content, please
    and customer resources;
  • The protection of engineering systems, encompassing software assets, code security, and governance of the software supply chain;
  • The monitoring and detection of threats, providing comprehensive coverage and automatic detection of threats to
    This is the hidden content, please
    production infrastructure;
  • The acceleration of response and remediation to vulnerabilities, reducing time to mitigate for high-severity bugs and improving public messaging and transparency.

“These goals directly align to our learnings from the Midnight Blizzard incident as well as all four CSRB recommendations to

This is the hidden content, please
and all 12 recommendations to cloud service providers (CSPs), across the areas of security culture, cyber security best practices, auditing logging norms, digital identity standards and guidance, and transparency,” said Bell.

“We are delivering on these goals through a new level of coordination with a new operating model that aligns leaders and teams to the six SFI pillars, in order to drive security holistically and break down traditional silos,” he added.

Internally,

This is the hidden content, please
is also taking steps to improve how its people respond as a collective, implementing new initiatives to help operationalise its learnings from incidents, and instituting a new governance framework overseen by its CISO Igor Tsyganskiy, which introduces a partnership between engineering teams and a newly-created group of deputy CISOs, and will be backed by the full breadth of
This is the hidden content, please
’s existing nation state actor and threat hunting capabilities.

It also plans to do more to instil a security-first culture, and will be starting broadscale weekly and monthly operational meetings to include all levels of management and senior- individual contributors working on detailed ********** and continuous improvement of security.

“Ultimately,

This is the hidden content, please
runs on trust and this trust must be earned and maintained. As a global provider of software, infrastructure, and cloud services, we feel a deep responsibility to do our part to keep the world safe and secure. Our promise is to continually improve and adapt to the evolving needs of cyber security. This is job number one for us,” said Bell.

This is the hidden content, please
has some really ambitious goals in their Secure Future Initiative. Most organisations have neither the will nor the technical ability to achieve these goals, but any organisation that does will be in a prime position to repel most intrusions,” said Jake Williams, a faculty member at cyber research firm
This is the hidden content, please
and a former hacker for the NSA. “
This is the hidden content, please
certainly has the technical ability to implement these, but that’s always been the case. It appears they now have the political will to do so as well.

“There are plenty of details about significant technical security enhancements

This is the hidden content, please
is making. The hardest part of most of these is getting to 100%. Anything less than 100% leaves a residual ******* surface that threat actors will exploit. These efforts follow the old 80/20 rule where most of the effort is expended getting the last holdouts onboarded into the new security regime. The thing that gives me the most confidence that
This is the hidden content, please
will get there is the emphasis that engineer SVPs are holding regular operational meetings with all levels of management and senior ICs. That’s how you reinforce cultural change and make sure that it sticks,” he said.





This is the hidden content, please

#

This is the hidden content, please
#beefs #cyber #initiative #hardhitting #report

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept