When systems are attacked, we must respond. But how much better would it be if we could anticipate attacks before they hit and stop them with effective defenses?
Faced with today’s computer security challenges, that is no easy task.
“It’s a cat-and-mouse situation. AI is changing the speed and sophistication of attacks, and AI is making phishing and social engineering attacks, because of deep lies, harder to detect,” said Kevin McCall, director, cybersecurity, risk, and control at PwC US, speaking during a webcast titled, “From Risk to Building a Smart Security Cloud: A Smart Security Strategy.”
McCall also warns of a “supply chain” of cybercrime that includes ransomware-as-a-service, and threats embedded in developer tools.
“Once an attack has occurred, the average time to mitigate exposure is 58 days,” notes co-editor Nidhu Nalin, principal, cybersecurity, risk, and control at PwC US. A lot of bad things can happen during the roughly two months when malware is no longer active and cyber-thieves gain access to corporate systems. That’s why proactiveness — detecting and preventing threats, rather than reacting to them — is so important.
“Diligence requires effective automation. It also requires an integrated platform that provides a single pane-of-glass view of the environment, with well-designed, tested, and improved processes for response and recovery,” said Nalin.
Automation is also important to help overcome the chronic cybersecurity talent gap. “As AI fuels faster and more sophisticated attacks, relying solely on human resources can increase the time to detect and prevent threats,” Nalin said.
Being proactive sounds good, but it doesn’t happen overnight. Many disciplines are needed, and they must work together. Littus Dsouza, senior product manager at Microsoft, said cybersecurity leaders should focus on these priorities:
- Protection in depth with layered security controls
- Unreliability, using access controls to never trust but always verify
- Multicloud infrastructure to reduce risk and provide redundancy
- Safety with a “left switch” design to start and stay secure
- Exposure management and attack path mapping to reduce risk by understanding vulnerabilities and vulnerabilities
What is the answer?
Microsoft Defender for Cloud is a suite of security products, integrated with other Microsoft products and third-party applications, that help businesses achieve these goals. Because it automates investigation and response, it helps organizations respond quickly while reducing the need for large, highly trained staff.
Dsouza noted that Defender for Cloud draws on Microsoft Threat Intelligence, analyzing more than 80 billion signals every day — information that tells cybersecurity leaders what’s coming. “Microsoft Defender for Cloud transforms security from operational to operational by helping organizations anticipate and prevent attacks with continuous monitoring and automated response,” said Dsouza. Defender for Cloud isn’t just for Azure – it can protect workloads across AWS, Google Cloud, and on-premises from a single dashboard.
PwC is working with Microsoft to help organizations implement Defender for Cloud. “PwC helps businesses design and implement consistent security architectures, develop multicloud environments, and align security with business objectives,” said Dsouza.
Those efforts paid off at one Fortune 500 company. PwC helped roll out Defender for Cloud across the organization, during a data center migration. Integration with Microsoft 365 and centralized Azure endpoint policy configuration to ensure consistent security across the organization, Nalin said.
As bad actors arm themselves with AI, Defender for Cloud and PwC aim to keep you ahead. McCall said, “If you’re not using automation, you’re falling behind.”
Watch the full webcast. For a deeper dive into Microsoft Defender for the Cloud, PwC resources, and leading cybersecurity practices, visit: www.pwc.com/us/microsoftcyber
