Skip to main content

Trusted Cyber Physical Systems looks to protect your critical infrastructure from modern threats in the world of IoT

This solution seeks to provide end-to-end security that is resilient to today’s cyber-attacks so our industrial customers can operate their critical infrastructures with confidence and with no negative impact to their intellectual property and customer experience.

As the Internet of Things gains momentum with millions of devices connected to one another, it has become more challenging to secure these devices and services given their increasing complexity. Over the last few months, we have already witnessed attacks to critical infrastructure around the world from Triton infiltrating the control and safety systems of an oil and gas plant to NotPetya shutting down production at a pharmaceutical factory. We can no longer ‘simply’ connect our devices without building in end-to-end security because the financial toll is not the only risk but the risk to human lives and property is too great.



The Triton attack on the control and safety systems of an industrial plant brought to the forefront system vulnerabilities in critical infrastructure even when they are designed with failsafe controls. Attackers used sophisticated malware to remotely control a safety control workstation. Some controllers accidently triggered failsafe mode as the attackers tried to reprogram them. This attack brought to light two challenges prevalent in today’s connected world – a need to prevent malware from taking control of key operations and a hackers’ ability to leverage third-party operators such as admins of cloud hosting services, or OS, and driver vendors to introduce malware.



Microsoft’s Trusted Cyber-Physical Systems (TCPS) efforts address these challenges to secure critical infrastructure by creating a security pattern to process critical data throughout distributed systems. Data in execution must be protected by Trusted Execution Environments (TEEs) such as Intel SGX, ARM TrustZone, and SecureElements. Components must not only use secure protocols, and protect keys and data at rest, they must also perform all critical operations in a TEE that is protected from public cloud hosters and OS vendors. Our overarching security principle for TCPS is that the solution owner/operator must not lose control over their critical systems.


Here is how Trusted Cyber-Physical Systems is realized with the following four properties:

  • Separation of critical execution: Help protect critical infrastructure from malware threats by separating non-critical from critical operations and concentrating on using hardware isolation to protect control of physical systems.
  • Inspectability of execution process: Ensure that any code that handles critical operations must be auditable by operators through source code review.
  • Attestability of processing environment: During operation, each component must be able to verify that data is received and sent only from trustworthy sources. A component also needs to attest to its trustworthiness to other components.
  • Minimizing the number of entities that need to be trusted: Reducing the number of trusted entities significantly reduces the attack surface for critical infrastructure. In the ideal TCPS solution, the operator will maintain the only root of trust for critical code execution.

Why work with Microsoft on securing your Critical Infrastructure?

  1. We at Microsoft have taken a holistic approach with TCPS based on years of security, cloud, and embedded experience.
  2. With TCPS, you can be assured that code inspection by customers and third parties will be on Microsoft-provided trusted applications and services.
  3. Azure confidential computing brings trusted execution to the cloud
  4. The Windows IoT Device Update Center can be used to deliver patches via the Windows Update global CDN
  5. Windows 10 IoT Core support for NXP i.MX 6 and i.MX 7 enables TCPS to the wire with trusted I/O
  6. Leaders in cross-platform industry standards efforts (ex: OPC, IIC, TCG, IETF)
Microsoft and our partners are seeking to unlock trusted execution in the cloud, on devices controlling infrastructure and on edge devices. The power of TCPS brings trusted execution to the wires and pins that control critical infrastructure, enabling end-to-end critical infrastructure solutions.










New survey explores the changing landscape of teamwork


Today, we’re seeing a new culture of work take shape before our eyes. For many companies, the amount of time employees spend engaged in collaborative work—in meetings, on phone calls, or answering emails—has increased roughly 50 percent and takes up 80 percent or more of their time.1 We are on twice as many teams as we were five years ago.2 New generations that have grown up with technology are entering the workforce, bringing new expectations and norms. Remote and freelance work are on the rise, and some experts even predict that by 2027 a majority of the U.S. workforce will be freelance.3


One of the central pursuits of any organization, especially in this environment, is how to assemble a high-performing team and set them up for success. It’s more than simply bringing people together to focus on a project—it’s bringing coherence around ideas, goals, actions, and values. Just as every individual is different, so is every team and every project. That’s what makes teamwork and 
collaboration such an art.


Companies are thinking a lot about what these changes mean for their teams and the technology that empowers them. According to the McKinsey Global Institute, 72 percent of companies are adopting social tools, with the goal of achieving their full potential innovation and efficiency through highly collaborative teams.4


In this new culture of work, Microsoft’s mission is to give teams the tools they need to thrive. So earlier this year, we set out to more deeply understand the forces shaping teamwork today. We wanted to learn how forces like gender and generation shape collaboration preferences and habits, or if things like your remote office location make a larger impact. We surveyed more than 14,000 people from seven countries in various stages of their career—from those who have been in the workforce a while, to those who are preparing to enter it.



  New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security

Our mission is to empower every person and every organization on the planet to achieve more. A trusted and secure computing environment is a critical component of our approach. When we introduced Windows Defender Advanced Threat Protection (ATP) more than two years ago, our target was to leverage the power of the cloud, built-in Windows security capabilities and artificial intelligence (AI) to enable our customers’ to stay one step ahead of the cyber-challenges.

Automatic investigation and remediation of threats

Now you can go from alert to remediation in minutes—at scale! Automated investigation and response dramatically reduces the volume of alerts that security analysts need to handle. It uses artificial intelligence to investigate alerts, exercise in minutes sophisticated playbooks mimicking the best human analysts’ decisions and forensic processes, determine if a threat is active, its origin and then decide the appropriate steps to automatically remediate it. When Windows Defender ATP identifies that the incident includes multiple machines, it automatically expands the investigation across the entire scope of breach and performs the required actions on those in parallel. Threat investigation and remediation decisions can be taken automatically by Windows Defender ATP based on extensive historical data collected, stored and analyzed in our cloud (“time travel”).


With the new security automation capabilities, Windows Defender ATP can now prevent and find breaches; it can fix them. These actions can be set to run automatically for simple, clear-cut cases, or can be reviewed prior to execution. Either way, time and effort are saved by SecOps, enabling those talented professionals to focus on more complex and strategic problems. In addition, the organization’s security team moves faster, thereby better executing on their critical mission.

Microsoft 365 conditional access based on device-risk

If a threat gets detected, the next logical step would be to block access to your sensitive business data from the device while the threat is still active. This is now possible! We worked with our colleagues from the Microsoft Intune and Azure Active Directory (AAD) team, to enrich one of our most popular security scenarios of Microsoft 365 conditional access.

Available in the next update, the dynamic machine risk level can be used to define corporate access policies and prevent risk to corporate data.


As an example, if a bad threat lands on your endpoints, even using the most advanced file less attacks, Windows Defender ATP can detect it and automatically protect your precious corporate information through conditional access. In parallel, Windows Defender ATP will start an automated investigation to quickly remediate the threat. Once the threat is remediated, based on the preference set (automatic or reviewed), the risk level is set back to “no risk” – and access is granted again.

With Windows Defender ATP, you can now control access based on the risk level of the device itself, helping to ensure devices are always trusted.

Advanced hunting

When it comes to more complex issues, security analysts seek rich optics and the right tools to quickly hunt and investigate. We developed a new, powerful query-based search that we call Advanced Hunting designed to unleash the hunter in you.


With Advanced Hunting, you can proactively hunt and investigate across your organization’s data. From new process creation, file modification, machine login, network communication, registry update, remediation actions and many other event types – are entities you can now easily query, correlate and intersect. Advanced hunting is an integral part of our investigation experience, so your hunting results, such as machines and files, can leverage the rich set of features we already provide in Windows Security Center (correlate with worldwide information, VT data, trigger block or containment actions etc.)


To help you get started, we added a set of sample queries within the tool, and we also have a project on GitHub which contains additional sample queries.

Here’s a sample query that hunts for persistence or privilege escalation done by attaching a debugger process to Windows accessibility processes.

Signal sharing across the Intelligent Security Graph

Our services also learn from each other. Through the Microsoft Intelligent Security Graph (ISG) we share detections to automatically update our protection and detection mechanism across Microsoft 365 and orchestrate remediation. For example, if a threat gets detected by any of the Windows Defender ATP components, that threat will instantly be blocked if it is encountered through an email that is protected by Office 365 ATP – and the other way around.


When it comes to investigating threats, other Microsoft ATP services might have information important to understanding the full picture. We are excited to share that we are expanding how Windows, Office, and now Azure Advanced Threat Protection (ATP) work together. We are providing wider Advanced Threat Protection coverage across identities (Azure ATP), apps and data (Office 365 ATP) and devices (Windows Defender ATP). This means relevant information is displayed right at your fingertips and seamless navigation between the consoles without losing context.


Attackers are using new techniques like “fileless” attacks to compromise and deliver ransomware and other types of malware. To address these types of threats we significantly improved our existing exploit protection and behavior monitoring techniques which are already consistently earning top scores on independent tests to protect from these scenarios. Cloud protection has also been updated to inspect and block a broader range of content types (e.g.: java scripts, macros, and documents) regardless of whether it was downloaded from the web, USB stick, etc.



We’ve added new capabilities to prevent unauthorized lateral movement and new techniques to address aggressive ransomware attacks that attempt to render devices unbootable through boot sector tampering (e.g.: NotPetya).


Faster performance and reaction times to fast-moving outbreaks have also been added. The Intelligent Security Graph can now be used to instantly update devices with the latest dynamic intelligence as soon as a new outbreak is detected.  We’ve also added new accelerated memory scanning capability which takes advantage of Intel’s Threat Detection Technology (TDT). This capability leverages Intel’s integrated graphics processor to live-scan memory for advanced threats offering improved performance, user experience, and better battery life.

Microsoft Secure Score

We all know that fixing a problem before it happens, is the best way to keep you safe. Windows Secure Score does this by helping you run reports on your devices’ security posture and providing actionable recommendations, ensuring your entire organization is fortified against the next attack. But we know that the security state of devices is not everything, that’s why we display your Secure Score across Windows and Office in a single view with the Microsoft Secure Score.

Preparing for a new era in privacy regulation with the Microsoft Cloud


Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations. Microsoft adheres to a set of privacy principles and offers EU Model Clauses to all customers. We believe that the General Data Protection Regulation (GDPR) is an important step forward for clarifying and enabling individual privacy rights.


As the GDPR enforcement date nears, your organization may soon need to demonstrate that it has taken appropriate steps to protect your customers’ personal data in response to regulatory audits and information requests.

Implementing appropriate security controls is a key step to demonstrating accountability. Equally important is putting the right processes in place—such as responding to a Data Subject Request (DSR) and providing a breach notification—to help you be GDPR compliant and gain the trust of your customers.


Today, we are announcing several new resources and capabilities to help you respond to GDPR obligations with the Microsoft Cloud. These updates include:
  • Public preview of new privacy resources across the Microsoft Cloud.
  • New capabilities to help with DSRs across Microsoft Cloud services for GDPR.
  • New audit-ready, privileged access management capabilities in Office 365.
  • Enabling a single Office 365 tenant to span across multiple Office 365 datacenter geographies.

Enhance your ability to meet GDPR obligations with the Service Trust Portal

To support GDPR, today we are announcing the public preview of new GDPR-related tools and resources—including DSRs and data breach notifications for Office 365, Dynamics 365, Azure, Windows, Intune, and Professional Services on the Service Trust Portal.


The GDPR resources include documentation on data breach notifications, which describes when and how Microsoft will notify you and others about personal data breaches, what information Microsoft will provide, and the tools you can use to help ensure the right people in your organization are notified.


We have centralized all our DSR resources into a single page, which provides tools you can leverage in the Office 365 Security & Compliance Center and the Azure Admin Center—along with documents to guide you through the process of locating, exporting, and erasing data from a Microsoft Cloud service.


Responding to DSRs across Microsoft Cloud services

To support DSRs across Microsoft Cloud services, we are implementing several new capabilities—including a Data Privacy tab in Office 365, an Azure DSR portal, and new DSR search capabilities in Dynamics 365.
  • Office 365 Data Privacy tab—To help you effectively and efficiently manage your Office 365 related DSRs, we added the Data Privacy tab (in preview) to the Office 365 Security & Compliance Center. Under the Data Privacy tab, you will find a section dedicated to GDPR, which includes documentation and resources to help you on your GDPR journey, as well as a tab dedicated to the execution of a DSR.


The new DSR experience is designed to provide you with the tools to create a case for a data subject request, search and refine relevant data across Office 365 locations—such as Exchange, SharePoint, OneDrive, Groups, and now Microsoft Teams—and export the data.


One DSR scenario an organization may encounter is when a departing employee requests that their data is provided to them. To help with this scenario and others like it, the Event-based retention feature of Advanced Data Governance is now generally available for Office 365 E5 customers.

Learn more about the Data Privacy tab in Office 365 and Event-based retention in Advanced Data Governance on the Tech Community blog.


To see how the DSR experience in Office 365 works, watch the Mechanics video:

  • Azure DSR portal—We plan to release the ability to process Azure DSRs before the May 25, 2018 GDPR compliance deadline. Azure tenant admins will have a simple, powerful tool to quickly process the DSR for GDPR. Using the Azure DSR portal, tenant admins can identify information associated with a user and then correct, amend, delete, or export the user’s data. Admins can also identify information associated with a data subject and will be able to execute DSRs against system-generated logs (data Microsoft generates to provide a given service).

  • Dynamics 365 DSR search capabilities—To help customers respond to DSRs in Dynamics 365, we are providing two new search capabilities: Relevance Search and the Person Search Report. Relevance Search gives you a fast and simple way to find what you are looking for and is powered by Azure Search. The Person Search report offers a pre-packaged set of extendible entities, which Microsoft authored, to identify personal data that is used to define a person and the roles they might be assigned to.

Handling data breaches under the new GDPR regulations

For GDPR, organizations must meet stricter requirements in the event of a data breach. This includes notifying both regulators and those impacted by a breach—generally within 72 hours of becoming aware of a data breach. Microsoft 365 has a robust set of capabilities that can help protect, detect, and respond to data breaches. For example, Office 365 Advanced Threat Protection (ATP) protects an organization’s Office 365 ecosystem by helping prevent malicious emails or business critical files from compromising a user account. Windows Defender ATP focuses on protecting against malicious web-based files or device malware from corrupting a user account.


In the event Microsoft identifies a personal data breach as defined by the GDPR, we will notify your tenant administrator. Additionally, we recommend that you also designate a privacy contact alias in Azure Active Directory who will also be notified in addition to notification of admins.


   Collecting, processing, and reviewing user consent with Azure Active Directory
With GDPR, companies now need a way to process consent from a user as well as have audit-ready reporting. With Azure Active Directory terms of use, organizations now have an easy way to collect, process, and review user consent. You can require a user to view and consent to your organization’s terms of use before they’re able access to an application. ​The terms can be any document relevant to your organization’s business or legal policies.

Leverage audit-ready controls for privileged admin access

While organizations look to minimize the risk of data breaches from threats to privileged accounts, they are also finding that they need to respond to regulators and provide a documented trail of privileged access, which outlines the scenario of how a customer’s data is accessed. To help organizations protect their data and respond to these compliance obligations, today we are introducing new privileged access management capabilities in Microsoft 365—which provide audit-ready access controls that are time-bound and can limit the scope of data access.


With privileged access management in Office 365, you can better protect your data by tracking or enforcing an approval workflow scoped to your high-risk tasks within Office 365. For example, broad admin privileges enable admins to execute tasks that can provide unfettered access to organizational data, such as a journal rule, which can send emails to an external mailbox and exfiltrate sensitive data undetected. Privileged access management in Office 365 enables you to apply policies that require approval before anyone can execute these high-risk tasks. Requests for access can be automatically or manually approved, and all this activity is logged and auditable. Watch this video to learn more:

We are excited about rolling out the public preview of privileged access management in Office 365. To get started, visit the Office Previews page (enter the code PAM044), and then read the detailed Tech Community blog.



 Addressing global data residency requirements

Increasingly, governments, third-party regulators, and corporate compliance requirements are enacting data residency guidelines to address privacy issues. These guidelines restrict the free flow of information across borders and require that an organization’s data is stored within defined geographies. While GDPR does not mandate data residency, many customers tell us they need the flexibility to store their data in chosen geographies to meet regional, industry-specific, or organizational data residency requirements.


Multi-Geo Capabilities enables a single Office 365 tenant to span across multiple Office 365 datacenter geographies and gives customers the ability to store their Office 365 data-at-rest, on a per-employee basis, in their chosen geographies. Multi-Geo has been launched for Exchange Online and OneDrive for Business. Read “Get Global data location controls with Multi-Geo Capabilities in Office 365” to learn more.



Labels:

Comments

Post a Comment

Popular posts from this blog

Best Ways to Clear Clipboard History in Windows 11

 In this article, I will cover different methods to clear Clipboard history in Windows 11. The Windows 11 clipboard is a special place in the computer’s memory that stores everything you copy. When you copy content on your Windows 11 PC, it’s automatically copied to your clipboard for you to paste. Windows 11 Clipboard is a very useful feature but most Windows 11 PC users are unaware of Clipboard functionality. You can paste multiple items from your clipboard history. In addition, you can also pin the items you tend to use all the time and sync your clipboard history to the cloud. On Windows 11 PC, you can launch the clipboard using the Windows+V shortcut key. The Clipboard data shows the history of items that you have copied on a Windows 11 PC. http://www.nometoqueslashelveticas.com/2010/04/la-aspirina-se-anuncia-con-graffitis.html?m=0 https://www.iloveitallwithmonikawright.com/2010/12/get-ready.html You can pin an item if it’s important and used frequently, and you can even delet...
Post a Comment
Read more

New research highlights massive opportunity to empower Firstline Workers with technology

As companies around the world digitally transform their business models, operations, and corporate cultures, many have rolled out cloud and mobile technologies that have also transformed the employee experience. For information workers, technology has created a more networked and open flow of information, made collaboration easier, and provided more flexibility in where, when, and how they work. http://manevialem.com/thread-198611.html https://www.ironvolk.com/Forum/showthread.php?tid=73849 But there’s another large and important segment of the workforce that has been underserved by technology to date. These are the more than two billion Firstline Workers worldwide, who work in roles that make them the first point of contact between a company and its customers or products. Firstline Workers comprise the majority of the global workforce and play a critical role in the global economy. https://nedds24.pl/showthread.php?tid=1765 https://forums.empressflyff.com/showthread.php?tid=74443 http...
Post a Comment
Read more

What is Digital Marketing?

Digital marketing is an easy way to promote your brands and products online. It mainly targets a specific audience and reaches other digital channels. It is primarily targeting via digital avenues and help business owners target particular customers. By using some digital technologies, it is mainly focusing on targeted customers. It uses PPC and display ads, email marketing, content development, and so on. It attracts other mediums and engages target consumers. For medium businesses, it plays an important role in achieving growth. How digital marketing services work? Apart from others, many business owners use digital marketing as a boon. So, digital marketing services in Pune are giving the right campaigns to grow better. It must know its elements and reach marketing goals. It considers each digital marketing tactics and explains your requirements. Based on user requirements, digital campaigns do a better role in maximizing the benefits. Difference between digital marketing a...
1 comment
Read more