Microsoft understands that having a conversation about security is complicated. There are many topics of discussion and challenges that people responsible for protecting their organizations from cybersecurity threats face today.
By harnessing the power of Microsoft’s cloud, we offer customers a security solution that cuts through the complexity and siloed point solutions, which empowers security teams and delivers a frictionless built-in experience so people can get their jobs done. We build our technology with these three foundational principles:
Built-in experiences that work across platforms: Your business needs to grow and evolve. Your employees require a seamless work experience. A secure environment allows that to happen. We’re committed to delivering seamless experiences and built-in protection that works across platforms. Our approach to security delivers a simplified experience for end-users, ensuring everyone can get their job done securely regardless of where they work and which tools they use.
AI and automation to secure your future: Tackling a challenge as complex as cyber-crime requires continuous innovation and a whole new playbook. Microsoft’s security arms your team with ever-evolving cloud-scale AI and automation to cut through the noise and eliminate repetitive tasks, so they can focus on what matters with speed and accuracy.
Integrated across people, devices, apps, and data: If we’re going to help you protect your most important assets, our technology needs to work in the real world. Microsoft’s solutions integrate across the ecosystem by connecting identities, devices, apps, and clouds to help you close gaps in coverage, reduce risk, and simplify your portfolio.
These three principles are the standard we set for all the security technology we offer to our customers—a standard we continuously work to raise.
As you can probably imagine, Microsoft has a substantial security operations footprint. Over the years, as we have evolved into a cloud provider, our cybersecurity requirements have dramatically changed. We often get asked by customers to share our experiences modernizing our SOC. We thought it would be helpful during our conversation today to focus on those learnings and how you can apply in your organization.
Our approach boils down to three things:
Tooling: With the overabundance of security solutions in the market, we realized that we need to focus on selecting the right tools for the right job – that enable automation of everything.
Culture: There is not enough credence put into the importance of working to create a strong culture in the security operations team. As many if not most organizations are unstaffed and overwhelmed, getting clear on what your organization stands for, how it supports the organization’s strategies, and how people on the team are supposed to contribute are critical. This will reduce toil and let people focus on the most important things.
Metrics: A famous business thinking (Peter Drucker) once said, “If you can’t measure it, you can’t improve it.” There are a wealth of metrics that you could choose – however, you need to pick the right ones for your organization – not all.
We are focusing our tool architecture to optimize operations with both breadth (unified view) and depth (specialized tooling) capabilities.
This is a bit simpler for us as most of the SOC’s log analytics are already using the Azure Monitor technology that powers Azure Sentinel (technology which was formerly known as Azure Log Analytics and Operations Management Suite (OMS).
In summary, today we’ve just scratched the surface on the learning we experienced as part of our SOC modernization. For us, it meant focusing on selecting the right tools to support our detect and prevent principles, improving our culture to reduce the toil our people face responding to alerts using automation, and finally, measuring the right things for us – which are Mean Time to Acknowledge, and Mean Time to Remediate.