Protect / Detect / Respond

I tell ya, you can't take your eyes off the ball for even a second in this game.

While we were busy packing and prepping (and playing our awesome new Hololens game) for next week's DC Tech Summit, Microsoft went and upped the game on the security front for users AGAIN.

In the span of no less than a week, 3 major new technologies dropped:

  • OneDrive recovery
  • Azure Advanced Threat Protection

  • Office 365 Advanced Threat Protection Anti-Phishing

It's pretty wild when three things that bear on user security come so close together, but even wilder when they all inter-weave to provide a better overall security experience for the user.

I was all set to tell you about the new Azure ATP & Office 365 ATP expansions, but I had to hit the brakes hard when a friend forwarded an article demonstrating OneDrive recovery.

This new capability is rolling out, so if you don't see it yet, don't worry: it's coming. The basic idea here is that recovering files one-at-a-time gets tedious if you've suffered a major data loss, say in a ransomware attack. Now, though, you can choose to recover your entire OneDrive to one of 3 pre-determined restore points:

  • yesterday

  • 1 week ago

  • 3 weeks ago

While you can also select a custom time, having defaults is really handy, and you're unlikely to need to pick anything more granular than that. In particular, the 3 week option is really nice if you've been on vacation and have no idea when your data went kerplooey.

So that's pretty cool, but maybe not worthy of a stomp on the brake pedal...until you realize that these 3 new capabilities are real-world examples of the cloud security posture of protect / detect / respond! How cool is that?

  • PROTECT: With O365 ATP anti-phishing, we can new create explicit anti-phishing rules and scope them to our sensitive (or vulnerable) users

  • DETECT: Azure ATP takes the power of Advanced Threat Analytics to the cloud, actively profiling your users and all of their network actions and only alerting when activities are contextually abnormal or match known attack vectors.

  • RESPOND: Get your data back quickly and easily in the event of a successful attack.

With that, it's time to pack the Hololens and get ready for next week. Stop by and see us at the Tech Summit if you're in DC!