November 4, 2023 at 12:30PM
Microsoft is launching a new ‘Secure Future Initiative’ to address recent hacks and improve security. The initiative includes faster cloud patches, better management of identity signing keys, and shipping software with a higher default security level. Microsoft plans to revamp the Software Development Lifecycle (SDL) and use AI to automate threat modeling. They will also implement stronger identity protections, reduce vulnerability mitigation time, and advocate for transparency in vulnerability disclosures. The move comes in response to a major hack of the M365 cloud platform.
Meeting Takeaways:
– Microsoft is launching the Secure Future Initiative in response to recent hacks and security breaches.
– The initiative aims to prioritize security by default and revamp the Software Development Lifecycle to address current cyberattack trends.
– Microsoft plans to implement new identity protections, such as moving identity signing keys to an encrypted and secure Azure HSM and confidential computing infrastructure.
– Key rotation will be automated with no human access to prevent potential exploits.
– Microsoft will utilize AI for threat modeling and adopt memory safe languages like Rust to eliminate software vulnerabilities.
– Azure tenant baseline controls will be implemented by default across internal tenants to enhance cloud security.
– Microsoft aims to reduce the time it takes to mitigate cloud vulnerabilities by 50%.
– The company will advocate for transparency and encourage other cloud providers to adopt the same approach.
– Microsoft is addressing criticism regarding third-party vulnerability research, faulty patches, and Windows zero-day attacks.
– Plans include expanding logging defaults for M365 customers and increasing retention duration for threat-hunting data.