Cybersecurity is Vital for Digital India: Microsoft

Vineet Durani, Director – Windows & Surface Business at Microsoft, in an exclusive interview with BW CIOWorld, speaks about the Cybersecurity landscape in India and how Microsoft is playing a role in securing the cyber space.

When it comes to security, there are companies that specialise in this space that get an instant recall over Microsoft when we speak about Cybersecurity. What has changed? How can enterprises partner with Microsoft for Cybersecurity?

Thousands of companies around the world are innovating, competing, and partnering to defeat adversaries and to secure the computing ecosystem. No single company can do it all and it requires a collaborative approach. Microsoft stands for trust when it comes to securing consumers and businesses. Microsoft makes it as convenient as possible for customers to acquire and deploy technologies that integrate, communicate and complement each other, offering a best-of-suite benefit to help secure users, devices, apps, data, and infrastructure.

We help guide enterprises through their critical digital transformation—from helping them understand their current security posture to developing cybersecurity strategies that support their business goals, and implementing comprehensive solutions through a three-pronged systematic approach to deal with cybercrime incidents:

•We Protect:  We look at how to appropriately secure identity, data, applications, devices, and infrastructure—whether it be cloud or on-prem.  This requires an approach to security that considers all your end-points, from sensors to the datacenter.

•We Detect:  In the past, we relied on malware signatures to recognize threats.  Now, we apply intelligent, behavioral-based approaches to threat detection that can rapidly recognize entirely new threats.  We enable customers to use those insights and immediately act on them.

•We Respond:  Many of us have invested in protecting against threats, but we’ve learned that our ability to make threats go away entirely is limited.  What we can control is our readiness and response in the face of ongoing threats.  Doing this well means assuming breach at any point and continuously operating with this readiness mentality.

What sets you apart from others when it comes to cybersecurity?

We have a holistic approach to security with three key important differentiators: our platform, our intelligence and our partner network

•Platform: we secure our own technology as well as third parties, whether through identity, device, apps & data or infrastructure across Microsoft, Windows, Microsoft Azure and Office365. No other cloud provider offers the breadth of trust features that Microsoft does across cloud platforms. Our commitment to cloud is reflected in our heavy investment on 100 data centers in 19 regions in over 40 countries, including India.

•Intelligence, Microsoft has an intelligent security graph which takes information from across all our services and products, and brings them together to be able to be proactive around security. This allows us to monitor for user authentications and updated devices, and check for spam and malware. Through this intelligent security graph, Microsoft is creating the most comprehensive and agile mechanism in the industry to share threat intelligence, apply analytics, and improve detection across its products and services portfolio asap.

•Partners, Microsoft understands this is a broad ecosystem in which we need to work with everyone. We partner with peers, work with industry alliances and the government

At Microsoft, security is a core focus and we invest more than a billion dollars in a year in security research, innovation and development. We are also the first company in the industry to win a certification ISO/IEC 27018 that validates the highest levels of data security and privacy.

At what level does Microsoft collaborate with Cert-in?

Across the world, Microsoft’s Cyber security team works with government, industry, academia, and policy experts to identify and analyze strategic cybersecurity issues on the horizon, forecasting technology and policy shifts and driving change in the way Microsoft deals with cyber threats.

Microsoft is presently engaging with CERT-India to enable building capacity in the area by conducting security workshops with subject matter experts.  We are also supporting MEITY actively in its CyberSurakshit Bharat program.

We believe Cybersecurity is vital for Digital India. Our CyberSecurity Engagement Centre in New Delhi, part of a global network of eight such centres, was set up a year ago. It brings together Microsoft capabilities to foster deeper cybersecurity collaborations with public and private sector organizations and build a trusted and secure computing environment, a critical enabler for India’s digital transformation. We are also immensely honoured to be part of the government’s Cyber Surakshit Bharat initiative and to and lead the consortium of private technology company’s that will support the ministry in the program.

The CSEC is run in affiliation with Microsoft’s Digital Crimes Unit (DCU), which seeks to build trust by fighting global malware, reducing digital risk and protecting vulnerable populations. The DCU is a team of technical, legal and business experts that does this by combining big data analytics, cutting-edge forensics and novel legal strategies. The team has worked with law enforcement agencies and industry since 2010. It uses civil law to take action against the cybercriminals while law enforcement seizes the physical infrastructure. As a result of DCU’s malware disruption cases, tens of millions of infected devices have been rescued and cleaned, in partnership with global Computer Emergency Response Teams (CERTs) and Internet Service Providers (ISPs) around the world.

How can we bring down the Cybersecurity dwell time of breach detections from External threat intelligence?

While prevention by strong ‘Protection’ procedure is always the best defense, being able to detect and  respond to incidents and recover is key to business continuity in case a breach does occur. Solid protection and rapid response capability are tied together by detection and intelligence, and the Enterprise Threat Detection (ETD) service enables detection in depth with global intelligence.

Our team of dedicated cybersecurity analysts aided by machine analytics merges deep knowledge of Windows and cyber threats with specific understanding of customer environments, becoming a virtual cybersecurity team for the enterprise. The ETD analyst team is tightly integrated with all cybersecurity teams in Microsoft, including ECG Global Incident Response and Recovery, the Microsoft Malware Protection Center and the Microsoft Cyber Defense Operations Center. This brings the enterprise unparalleled access to Microsoft’s entire cyber security organization, enabling detection, analysis, and actionable intelligence to detect the latest APT and other attacks.

In addition to the analyst team, the ETD service leverages machine analytics which uses built-in Windows features to enable powerful detection that adversaries find very difficult to avoid. These unique detection capabilities are just part of the ETD story, however, customers also benefit from global ecosystem visibility from the largest malware telemetry system in the world, as well as recommended actions specific to each customer environment from Microsoft threat analysts.

The service includes immediate alerts in the case of detection of threats. Our ETD analyst will even contact the customer to further discuss the identified threat details and response steps, including the Microsoft Global Incident Response and Recovery team if required.


How does Microsoft help their customers with post breach detection capabilities assuming the prevention systems [aka early detection systems] failed?

Effective contingency plans, processes, and tools are key to swift security response. We have security support engineers and onsite incident response teams to investigate suspicious events, detect malicious attacks, and respond to security breaches. Premier Support contracts include incident response, with enhanced support packages offering response times as short as 15 minutes.

We also have advanced automated investigation and post breach detection response capabilities as part of our Windows Defender ATP(WADTP). WDATP is the first end-to-end solution that allows customers to go from alert to remediation within minutes, at scale. Additionally, it also increases efficiency and fills the security gap by having machines lift the burden of reviewing every incident.

How effective is multi-factor authentication in reducing the Identity theft? 

The two-step verification is a method of authentication that requires more than one verification method and adds a critical second layer of security to user sign-ins and transactions. The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the trusted device.

Azure Multi-Factor Authentication (MFA) is Microsoft's two-step verification solution. Azure MFA helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication via a range of verification methods, including phone call, text message, or mobile app verification.

How does Microsoft simplify the need to catalog & classify all Enterprise data and prevent the loss of data?

To comply with business standards and industry regulations, organizations need to protect sensitive information and prevent its inadvertent disclosure. With a data loss prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.

With proper implementation of DLP policies organizations can:

•Identify sensitive information across many locations, such as Exchange Online, SharePoint Online, and OneDrive for Business

•Prevent the accidental sharing of sensitive information

•Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016

•Help users learn how to stay compliant without interrupting their workflow

How should business leaders maintain a balance between Information protection and organizational productivity?

To remain competitive in today’s market, organizations cannot compromise on either data security or productivity. Business leaders must implement the right combination of solutions and policies throughout their organization to ensure undisrupted work flow for employees while maintaining ironclad security measures.  The easiest way to do this is to partner with a technology solutions provider that can provide security measures from the datacenter to the device. They must consolidate from a plethora of specialized functions and tools to just a few. Employ offerings which provide functionality to ensure specialized security teams have the flexibility and freedom to manage the unique needs of specific areas such as identity, devices, apps or infrastructure.

Whether assets are deployed in the cloud, on-premises, or across a hybrid environment, an organization’s security has 4 core components to be managed and secured – Identity, Devices or end points, Apps and data and Infrastructure. And across these 4 core components, an effective security management solution should provide 3 key tenets:

•Full visibility that helps you understand the security state and risks across resources

•Built-in security controls to help you define consistent security policies

•Effective guidance to help elevate your security through actionable intelligence and recommendations


Around The World