Microsoft Unveils Comprehensive Security Updates at Ignite 2024, Including AI-Powered Defenses

Microsoft expands Windows security and announces new proactive defense measures at Ignite 2024 - SiliconANGLE

Microsoft expands Windows security and announces new proactive defense measures at Ignite 2024 Microsoft Corp. announced a series of advancements in its security strategy at its annual Ignite Conference in Chicago today, all aimed at enhancing protection across its ecosystem. The updates focus on expanding the capabilities of Windows security, enhancing defense through the general availability of Microsoft's Security Exposure Management Platform and the launch of a new Zero Day Quest initiative for artificial intelligence and cloud security. Starting with Windows, Microsoft today introduced several new features to boost security in Windows 11, including the Windows Resiliency Initiative. The announcements are focused on enhancing system reliability, learning from past incidents and improving protection from chip to cloud. Key Windows features announced include Quick Machine Recovery, a new remote capability that allows information technology administrators to apply targeted fixes via Windows Update without physical access to the device. The feature is aimed at reducing downtime by enabling quicker recovery from system issues. Admins also gain access to expanded protection through a new feature that reduces security risks by allowing users to perform admin-level tasks securely using Windows Hello for temporary, isolated admin tokens that are destroyed immediately after use. The feature helps prevent unauthorized access to critical system resources. Credential security also gets a look in with updates to Windows Hello, the biometric authentication system in Windows that uses facial recognition, fingerprints or PINs for secure and password-free sign-ins. Hello now has support for passkeys to provide improved protection against credential-based attacks. Microsoft is also focusing on zero trust in Windows, with a shift to Zero Trust DNS to control network traffic and improve hot patching for Windows 11. The shift significantly reduces the need for restarts, which helps organizations maintain a secure environment with minimal disruption. For Windows, Microsoft also said it's adopting safer programming languages, notably shifting functions from C++ to Rust, to rescue vulnerabilities related to unsafe code. Microsoft also today announced the general availability of its Security Exposure Management platform, a platform designed to shift organizations from reactive to proactive threat management. The platform has been designed to help enterprises identify, prioritize and mitigate risks continuously by providing a holistic view of their digital attack surface. Key capabilities of the platform include attack surface management that offers a real-time view of assets that highlight critical areas that are vulnerable to attacks. The idea here is to allow security teams to monitor exposure and understand interdependencies across their entire digital estate. The platform offers attack path analysis that visualizes and prioritizes attack paths, allowing teams to focus on high-risk pathways that could lead to critical asset branches. The feature is said by Microsoft to be particularly useful for hybrid environments, bridging on-premises and cloud systems. Unified exposure insights in the Security Exposure Management platform additionally provide actionable metrics to guide decision-making in terms of where to focus security efforts and to align risk management with business objectives. Prior to today's general availability launch, the Security Exposure Management platform was fine-tuned through customer feedback during its public preview. The final result includes improvements in its attack path analysis and exposure mapping capabilities. The third major security-related announcement made today by Microsoft was the introduction of Zero Day Quest, a new bug bounty initiative aimed at strengthening the security of AI and cloud platforms. The initiative includes up to $4 million in potential awards and builds on Microsoft's history of partnering with the global security community to identify and mitigate vulnerabilities. With additional money on the table, Microsoft is aiming to attract researchers to uncover critical vulnerabilities in its AI and cloud infrastructure. The program has a number of features, starting with research challenges where vulnerability submissions can earn multiplied awards. Successful submissions also have the possibility of securing participants a spot in an exclusive onsite hacking event at Microsoft's Redmond campus. To encourage AI vulnerability research, Microsoft is offering double bounty awards for AI-focused vulnerabilities. Researchers also have the opportunity to collaborate directly with Microsoft's AI engineers and the AI Red Team to enhance their skills and contribute to secure AI development. Researchers will also be encouraged to share their findings publicly once vulnerabilities are mitigated through Microsoft's Coordinated Vulnerability Disclosure approach. Microsoft will support disclosure through blogs, podcasts and videos to promote transparency and knowledge sharing. The Zero Day Quest "is not just about finding vulnerabilities; it's about fostering new and deepening existing partnerships between the Microsoft Security Response Center, product teams and external researchers - raising the security bar for all," Tom Gallagher, vice president of engineering at Microsoft Security Response Center, wrote in a blog post.

Microsoft Launches New Security Updates in Ignite 2024

Satya Nadella and co. are going all in on security focused updates at Microsoft's latest event. At the Microsoft Ignite 2024 event, Microsoft announced several security updates, including the availability of the Security Exposure Management tool, a new $4 million bounty, new security updates, and skills for Copilot. Microsoft announced the availability of its new Security Exposure Management tool. The tool integrates Microsoft Defender products to provide a unified view of the 'enterprise security posture' and helps organisations assess security threats. Microsoft has released supporting technical documentation that dives deep into the tool's features and capabilities. The tool also helps users mark critical assets to prioritise security and provides various controls to manage them. It also offers insights and contexts regarding data security, including events, recommendations, metrics, and initiatives. Microsoft is also said to show the user 'attack paths', which show how an attacker may potentially breach your data. As mentioned, Microsoft's Security Exposure Management tool mainly provides a unified platform, consolidating data from various sources in your organisation. "At Microsoft, we remain steadfast in our commitment to security, which continues to be our top priority," said Microsoft in the release document. "Through our Secure Future Initiative (SFI), we've dedicated the equivalent of 34,000 full-time engineers to the effort, making it the largest cybersecurity engineering project in history," added Microsoft. Microsoft also mentioned that one of the core motivations behind the platform is the user's lack of understanding of the relationship between data 'pathways' and 'entities' across their systems or devices. Microsoft's Security Fellow and Deputy Chief Information Security Office (CISO) John Lambert said, "Defenders think in lists, cyberattackers think in graphs. As long as this is true, attackers win," referring to how bad actors frequently exploit the relationship between data entities and devices. Microsoft also mentioned that customers use Exposure Management in over 70,000 cloud tenants. The Security Exposure Management tool is available in the Microsoft Defender portal. Furthermore, Microsoft also announced a $4 million AI and cloud security bug bounty called "Zero Day Quest." The hacker bounty is directed at researchers who want to investigate crucial security vulnerabilities, specifically in the cloud and AI. "Zero Day Quest will provide new opportunities for the security community to work hand in hand with Microsoft engineers and security researchers - bringing together the best minds in security to share, learn, and build community as we work to keep everyone safe," said Microsoft in the announcement. Microsoft also announced new security skills and updates for Copilot AI. Using Copilot in Purview, admins will now be able to perform accurate risk analyses throughout their data estate. Furthermore, Microsoft also announced the availability of Security Copilot inside Microsoft Entra, which is now available in preview. Source: Microsoft Ignite Event 2024 Microsoft also announced more capabilities for Copilot in Intune, which are available in the preview. The feature expansions include capabilities to investigate app elevation details and identify signs of compromised apps before approving 'Endpoint Privilege Management' requests. Copilot is also set to assist with creating KQL queries for single -- and multi-device analysis. Within Intune, Copilot can also ease update management with Windows Autopatch, which allows it to support all of the essential update tasks. Copilot also offers enhancements for SOC teams (Security Operations Centers), including a new identity summary for faster user threat identification. Moreover, over 15 new third-party plugins, including CrowSec, Netskope, CyberArk, etc., are available within Copilot. Interestingly, Microsoft also mentioned that security teams observed a 30% decrease in the time to resolve issues using Security Copilot and a 17% decrease in breaches.