Microsoft Unveils Services to Simplify Threat Hunting, XDRNew Microsoft Services Help Clients Hunt Threats and Extend XDR Beyond the Endpoint
Microsoft plans to roll out new managed services that give organizations the expertise needed to proactively hunt for threats and extend XDR beyond the endpoint.
The Redmond, Washington-based software firm unveiled Monday the Microsoft Security Experts service category, which features new managed services as well as existing services around incident response and modernization. Microsoft Security Experts will eventually feature services across identity, privacy, compliance and management, though the first bundle of service offerings focuses solely on security.
"Technology alone is not enough to defend against cybercrime," says Vasu Jakkal, corporate vice president of Microsoft Security, Compliance, Identity & Privacy. "Many organizations have begun to recognize the critical role of human services to help manage their security posture. These services offer ready access to much-needed talent and provide the ability to augment existing teams with critical expertise as needed."
Microsoft's three new managed services are intended to help organizations gain access to a team of security experts without the challenge associated with hiring and training the personnel themselves (see: Using End-to-End Security in the Cloud).
Microsoft Defender Experts for Hunting
This service was created for customers who already have a robust security operations center but want Microsoft to help them proactively hunt for threats, according to Rob Lefferts, corporate vice president for Microsoft 365 Security. Experts for Hunting goes beyond endpoints and expands the scope to include Office 365, cloud applications and identity, providing attack notifications and access to experts with the click of a button.
Experts for Hunting is the evolution of a managed threat hunting service Microsoft launched two years ago that was focused solely on Defender for Endpoint, Lefferts says. Now the company can hunt for threats across all of Microsoft 365 Defender, which makes it possible to find more threats due to better contextual information on what the attacker is doing. This service will be generally available in summer.
"Microsoft Defender Experts for Hunting delivers an industry-first, cross-domain proactive hunting service for Microsoft 365 Defender," Lefferts says during a virtual press briefing. "We also protect across platforms including Mac, Linux, iOS and Android and, of course, Windows."
Microsoft Defender Experts for XDR
This managed detection and response service extends beyond traditional endpoint-only capabilities to encompass all of Microsoft 365 Defender, Lefferts says, incorporating Office 365, identity, data and cloud applications. Experts for XDR combines machine automation and human expertise to proactively hunt for threats and reactively respond to incidents alongside a customer's existing security team.
"Attack kill chains are no longer limited to endpoints," Lefferts says. "They extend beyond the endpoint to identity, cloud apps and email."
A useful XDR service must intelligently correlate alerts from cloud apps, email, endpoints and identity platforms to determine what rises to the level of an incident, Lefferts says. Once something has been classified as an incident, he says, the security team is aware that a larger-scale attack is taking place. Microsoft Defender Experts for XDR will go into private preview this fall, according to Lefferts.
"This more comprehensive and complete view is not a 'nice to have' in today's security landscape," he says. "It's an imperative."
Microsoft Security Services for Enterprise
Lefferts says this service is intended for Microsoft's largest enterprise customers and combines proactive threat hunting and managed XDR with dedicated Microsoft security experts who can help large enterprises manage onboarding, daily interaction, incident response and the modernization of infrastructure, according to Lefferts, and the service is available to customers today.
Security Services for Enterprise uses Microsoft's whole security stack to protect all cloud environments and all platforms and is delivered on a statement of work basis, according to Lefferts. As part of this, Microsoft assigns enterprises a dedicated security expert or brings in third-party experts or partners to help large organizations improve their security posture, says Kelly Bissell, corporate vice president of Microsoft Security.
"What we've seen here is the need for more automated threat hunting detection and response services that we tailor specifically to your business," Bissell says during a virtual press briefing. "This allows you to evolve as the threats evolve."
Microsoft Security Services for Modernization
Lefferts says customers need help modernizing their security posture to embrace a zero trust model. Microsoft Security Services for Modernization provides a menu of advisory services designed for clients who want to leverage Microsoft best practices and embrace modern security frameworks, Lefferts says. This service has been rebranded with the Microsoft Security Experts launch.
Microsoft's modernization experts provide an extensive set of consulting services that meet customers where they are on their security journey to help them implement appropriate defenses, Bissell says. The long-term comprehensive road map helps organizations build a layered zero trust approach to defending across identity, endpoint, applications, networking, infrastructure and ultimately data, Bissell says.
"Attacks are getting more targeted and more sophisticated," she says. "At the same time, we know from our LinkedIn research that a third of all security jobs in the U.S. are vacant, leaving organizations even more exposed."
Microsoft Security Services for Incident Response
This service was created to support customers before, during and after a breach, with experts helping customers remove bad actors from their environments, build resilience for future attacks, and improve defenses after a breach, Lefferts says. The team works with both internal Microsoft product groups and partners to respond to incidents and help customers secure their most sensitive critical environments.
If an organization discovers bad actors in its environment, Bissell says, Microsoft will bring in recovery experts to quickly remove them and get the company back to safe operations. The same team can test a company's defenses before a problem arises and deploy solutions following a breach to prevent similar attacks in the future. This service has been rebranded with the Microsoft Security Experts launch.
"Our incident response team can help you with a detailed investigation of an event," Bissell says. "We can help you prevent an attack, recover from an attack and transform as the threats change."