Our Blog

where we write about the things we love

14

Feb

Managed Security Services Partner (MSSP) Airlift: Three takeaways from Microsoft’s first MSSP event

The inaugural Managed Security Services Partner (MSSP) Airlift in Israel, held at the heart of Microsoft Israel Development Center (ILDC), was a sign of the importance cybersecurity plays as businesses of all sizes in all industries embark on their digital transformation.

The invitation-only 2020 event brought together the best managed security partners from around the world, underscoring the growing impact and breadth of Microsoft’s cybersecurity business with its partner community.

Below are insights on some of the eight use-cases and scenarios discussed during the sessions.

Managed Security Services Partner (MSSP) Airlift: Three takeaways from Microsoft’s first MSSP event

Identity as a control-plane

Evident from partner discussion and feedback, this is a term that is starting to be understood and an “in-progress” activity for a large percentage of organisations. It was extraordinary to learn of staggering numbers.

Microsoft now completes 630 billion monthly authentications, analysing 6.5 trillion threat signals daily and detecting five billion threats on devices every month.

A hot topic that was presented on and discussed in much detail was Azure Lighthouse, an offering that gives service providers a single control plane to view and manage Microsoft Azure across all their customers with higher automation, scale, and enhanced governance. As an early adopter and enabler of Azure Lighthouse, Empired is leveraging the capability internally as well as across various customers to optimise not only Azure platform security but also managed security capabilities.

A roadmap item of interest is the “Single pane of glass for MSPs to simplify multi-tenant M365 management”, a very exciting and well anticipated capability that we will continue to track very closely.

Empired has made investments alongside Microsoft, to help our customers realise the benefits of identity as a control plane. Based on discussions, I’m glad to see this both companies are committed to continuing on this path.

Familiar evolving threats

The threat landscape is a well discussed topic, with Phishing Campaigns, Identity Compromise, and Endpoint Compromise increasing rather than showing signs of reducing made for a hot topic discussion between the partner collective.

The Airlift enabled the various Microsoft Product Groups to present private-preview and “in development” capabilities of cybersecurity solutions.

Azure Sentinel, Microsoft’s cloud-native SIEM (Security information and event management) drew much interest and attention. A few highlights included URL detonation (URL can be automatically scanned for malicious behaviour, bringing added insight that can help accelerate the triage process for SOC analysts), Incident Grouping (leveraging the power of AI and large-scale intelligence to group related incidents), Azure Notebooks (using Jupyter notebooks to hunt for security threats).

Empired is involved in early previews of cybersecurity solutions and continues to partner with Microsoft and select key customers to evaluate and provide feedback during preview features including Azure Sentinel (please contact us if you are interested in participating of this evaluation process). This approach enables customers to maintain their existing cybersecurity platforms while evaluating and getting all the benefits of being at the forefront of cybersecurity capability.

Zero Trust is a mindset

Etan Basseri shared valuable insights about Zero Trust, an idea that has been evolving for a while, all the way back to 2004 at the Jericho Forum. Microsoft has implemented it as a capability through Conditional Access in 2016 and still developing the concept.

Etan is one of the great minds within the Microsoft Identity Engineering Group, whom I have had the honour of having many cybersecurity conversations.

Zero Trust isn’t …​ 1. Literal - You can’t build a practical strategy around absolutes, 2. An Adjective – You aren’t going to “be” Zero Trust​, 3. For Sale (although Empired does sell “Zero Trust solutions” – There’s no such thing as “Zero Trust” tech​, 4. Instant– You can’t boil the ocean​, 5. A revolution – Rather build on what you’ve got​.

Now that have established those ground rules, we can define Zero Trust as “An approach to security which treats every access attempt as if it’s originating from an untrusted network.”

The engineering group shared Microsoft’s Recommended Zero Trust Priorities​ list:

  • Align segmentation strategy and teams by unifying network, identity and app segmentation into a single strategy (as you migrate to Microsoft Azure)​.
  • Build identity-based perimeter to protect modern and legacy enterprise assets​
  • Refine network perimeter using micro-segmentation (if required for residual risk)​

Empired has built Zero Trust solutions based on the key principles of the model - verify explicitly, use least privilege access​ and assume breach. These also form the key components of the Empired Managed Security Services.

Open discussions and conclusion

I was impressed to see Microsoft listen to the partner community and take valuable input both from a product and roadmap priority perspective and change course (or priority) based on feedback. There was a genuine desire for feedback from partners and customers on ways Microsoft could improve the platform.

As I left the Managed Security Services Partner (MSSP) Airlift, I came away with a sense of confidence in Microsoft’s cybersecurity platforms and products and a new determination to build, operate and manage market leading cybersecurity solutions to get the most out of them for our customers.

Posted by: Gavin van Niekerk, Principal Consultant | 14 February 2020

Tags: Security, Managed Security Services Partner, MSSP


Top Rated Posts

Blog archive

Stay up to date with all insights from the Intergen blog