In Review: Microsoft's First Cybersecurity Summit
In its inaugural year, the Microsoft Security Summit was held as an optional pre-day add-on to the already massive amount of content that the Ignite conference has to offer.
This summit brought security professionals together with the leading security minds at Microsoft in the first-ever dedicated full day of security content. The sessions offered an exclusive look at how Microsoft does security inside their own network, as well as how they manage the task of securing customers of Azure and Microsoft 365.
Being that this was the first year, I really didn’t have an expectation for what was ahead… and in typical Microsoft fashion, there was a good mixture of wins, but also some areas of improvement for next year.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
The day started off with Microsoft’s CISO Bret Arsenault giving a very engaging keynote on Microsoft’s journey through security. For someone like me who prefers deeply technical content, this session was a rare look behind the scenes without as much of Microsoft’s marketing machine filter. Bret told a story that included some of his (and subsequently, Microsoft’s) pitfalls over the last decade and the lessons learned. Looking around the room, I can attest that delivering this level of transparency was resonating with the audience. By the end of the keynote, there felt like there was a level of camaraderie in the room that had been built by sharing stories from the trenches. I felt that this session was one of the most valuable of the day.
The keynote was followed by the usual “let’s hear stories from some partners/customers” section, and unfortunately, I felt that this was a mixed bag of value. I’ll briefly summarize each section here, along with my opinion of the content delivered:
Betsy Cooper – Director of the Aspen Tech Policy Hub
This segment focused heavily on a hypothetical future in cybersecurity. The content was framed with a baseline of some past attacks, and then extrapolated into a very sports-heavy story about hacking/terrorism and how they may take shape for the 2028 Olympics. While her delivery and stage presence were fantastic, the content came across as a very dystopian prediction of the future. Unfortunately, I felt that having to weigh the believability of this scenario kept the real nuggets of the talk from shining through.
Keren Elazari – Hacker, Security Researcher, TED Talk Speaker
I’ll preface with the fact that this talk focused on a lot of points, and the slides progressed very quickly. The content was engaging and relevant to many of the current discussions around the future of information security, as well as offering some profound points on the necessity of hackers and hacker culture for the continued health of the Internet.
Jeremiah Grossman – Founder and CEO, Bit Discovery, and CSS, SentinelOne
I’m not sure what the focus or main topic of this segment was, and I think that’s unfortunate. Jeremiah has an impressive list of accomplishments and accolades, but large portions of this content were more of a retelling of parts of his life story and career path. While fascinating and definitely a “good for you” kind of moment, I was left wanting at the end and wishing I could have heard more from him about his perspective of the current threat landscape.
Alex Stamos – Former Chief Security Officer of Facebook; Professor at Stanford University
Very entertaining and relevant content with a great perspective on collateral damage from threats that are not directly targeting your company. He used Maersk (global shipping provider) as an example of an attack from another target propagating to their infrastructure and causing millions of dollars in damage. One specific point he made that really stood out to me was the idea that sometimes focusing solely on threat prevention is less effective than spending the time to have a good backup and recovery strategy in your toolbox. Frankly, having Alex come last really saved this whole session. I was disappointed that due to the other speakers running long, he had to sprint through his content.
At this point, there were 10 minutes remaining before the lunch break, so the 30 minute panel discussion was rushed, cut short, and still ran over time. This wouldn’t have normally been an issue, except that lunch was only for an hour… and the lunch room was a .48mi /.77km walk each way from the Summit rooms. I was not the only person who opted to skip lunch in favor of not missing the afternoon content. Based on how many other people had this same feedback, I would expect that Microsoft is already working on a better meal solution for next year.
Early Afternoon Time Slot
Jumping into the early afternoon block, I’ll preface with the fact that it was impossible to hit every session. There were two early afternoon time slots, with a total of four possible session choices. So right out of the gate, you’re going to be missing half of the available content, no matter how you slice it. I didn’t see that any of these sessions were going to be recorded or available after the event, either. Assuming that this format remains the same for next year, my suggestion would be to maybe bring along a colleague and share notes if you don’t want to miss anything.
The sessions choices were:
1. A World Without Passwords – Sarah Scott
Anyone who uses the internet knows the hassles of using a login name and password to access their own information. The username/password paradigm is more than a hassle, it’s a true security challenge, which keeps many security professionals up at night. Learn how the security experts in Microsoft Core Services Engineering and Operations (CSEO) team are closing their journey to eliminate passwords for employees and walk away with a framework to do the same in your own organization using capabilities of Azure Active Directory. This framework will include steps to take for building a banned password list, setting a password renewal time rotation (as in never!), how to employ multi-factor authentication (MFA), advice for modernizing your hardware, and tackling challenges in eliminating legacy authentication. This talk will also share tips to promoting user benefits to drive effective adoption.
2. Keeping it Reel with Microsoft’s Phishing Team – Blythe Price & Homa Hayatyfar
Find out what’s in Microsoft’s tacklebox… from technology and data insights to end-user education and awareness. We’ll cover the lessons we’ve learned along the way and our goals for the future.
3. Defending Microsoft: Approaches & Learnings from Microsoft’s Cyber Defense Operations Center – Dustin Ingalls
There’s a saying in the cloud services world – all your customers bring their adversaries with them. Needless to say, protecting Microsoft’s corporate environment from attack is a task guaranteed to be “boredom free.” Hear about some of our strategies and tools for protecting our large multi-platform hybrid enterprise environment, some of the cool tricks we have learned being early adopters of tools like Azure Sentinel and Microsoft Defender Advanced Threat Protection, and some of the tough decisions we have made about how we prioritize our investments in this constantly evolving cyber threat environment.
4. Microsoft’s Security Team Changes the Training Playbook – Ken Sexsmith
People don’t like to take training. It feels like a chore and another thing on an already growing list of to-dos. Unfortunately, with cyber-attacks on the rise, we have to help our Microsoft employees be more vigilant than ever before. The only way to ensure employees know what to watch for and do in the event of a cyber-attack is to drive awareness through training. But training alone has limitations—helping employees understand the “why” and changing fixed behaviors is critical to reducing an organization’s security risk. In this session, Ken Sexsmith, Director of Security Education and Awareness at Microsoft will share the unconventional approach his team has taken to train employees on the importance of being everyday vigilantes in helping to protect one of the most valuable companies in the world.
My choices were #2 and #3.
For the Phishing talk, there wasn’t a lot of technical depth. Blythe and Homa had great presence and delivery in the room. They definitely knew their content (and offering the Swedish Fish as a reward for good questions and answers was really clever)… BUT there was also a sobering indicator at the beginning when the presenters did a hand-raise poll and were noticeably surprised at how many audience members were already far down the path with advanced Phishing prevention techniques. Based on the audience engagement and questions, I think this talk could have easily been more valuable as a 300-level talk, versus the 100-ish level that it was. I also think that a technically deeper dive would have allowed the presenters to really showcase their product and its capabilities.
The Defending Microsoft session was admittedly the single most valuable of the day for me. This content could have easily taken up more than the 30-40 minutes it was given. This was also another session with a rare amount of transparency and technical depth. I would be beyond thrilled if Microsoft would do more sessions like these and really highlighted mistakes made, lessons learned, and the path for the future. In my opinion, content like this builds trust with your customer and partner base.
Late Afternoon Time Slot:
Choice #1: A Two-Part Expert Series
Part 1: Microsoft Intelligent Security Association (MISA) Experts Talk
Learn security insights and best practices from Industry experts that partner with Microsoft
- “Go Passwordless with Fingerprint Biometrics for More Security”
Speaker: Michael Gwynn, Director of Strategic Projects, Feitian Technologies
- “Unifying Data Protection in a Hybrid IT World”
Speaker: Nicholas Fishbach, Global CTO, Forcepoint
- “Mobile Threat Landscape in 2019”
Speaker: Sneha Sachidananda, Senior Product Manager, Lookout
- “An ATT&CK Tactic Approach to Measuring Security and Risk”
Speaker: Michael Gorelick, Chief Technology Officer, Morphisec
- “SOAR to the Clouds: Tackling Cloud Security in Your SOC”
Speaker: Neelima Rustagi, Sr Director, Product Management, Palo Alto Networks
Part 2: Call Sign DART: Stories from the Incident Response Trenches (Panel Discussion)
Microsoft’s customer-facing Incident Response team (aka DART – the Detection and Response Team) has been helping customers and partners for years to overcome some of the most difficult and complicated cyber-attacks, data breaches, and other related issues. This session enables audience members to hear from the team directly and to understand how DART operates, which tools we use, the types of trends we’re currently seeing in the market, as well as speculate about what the future might bring.
- Joram Borenstein, General Manager Cybersecurity, Microsoft (Moderator)
- Chelsie Thompson – Consultant Cybersecurity, Microsoft
- Dan Taylor – Director Detection and Response Team, Microsoft
- Eric Olson – Senior Consultant Cybersecurity, Microsoft
Choice #2: Into the Breach: A Microsoft Cyber Defense Experience
Gain firsthand experience identifying attacks using Microsoft Security solutions. You will be a member of the blue team tasked with investigating and resolving attacks throughout all phases of the kill-chain in a hybrid environment. You will also leverage countermeasures to remediate and harden the environment based on your investigation to thwart future attacks. This is a hands-on technical exercise and all attendees should bring their own laptop to fully participate
I made the unfortunate decision to go with the Cyber Defense Experience. This is a bespoke Microsoft version of Circadence’s “Project Ares“. But… between the Wi-Fi outages and the fact that they didn’t scale the Azure environment for the number of participants, the session was a total bust. I gave it an hour of repeated attempts before giving up and moving on. Had the technology worked, I think the experience would have been groundbreaking. Assuming they got the kinks worked out, Microsoft also planned to offer a modified version of this experience on a walk-in basis all week in the Security area of the Ignite Hub.
In conclusion, while there were some definite logistical and content hiccups, I also think it’s important to note that any “1.0” attempt at something will have kinks and areas of improvement to be considered. That being said, I firmly believe that Microsoft has really got something here with this concept, and I look forward to how they hone and refine the experience in years to come. I could easily see this evolving into its own conference, as there are certainly that many opportunities within Microsoft’s portfolio for content.