Learn more about this topic in our on-demand webinar.
Microsoft and Data Protection: What’s the Story?
Today, Microsoft has become a true leader in the data protection space, offering a robust suite of tools and technologies that aim to help organizations achieve their data protection needs and business goals.
As a Microsoft Silver Partner in Security, InteliSecure is proud to help our Microsoft-based clients make the most of the tools they likely already have access to in their existing Office 365 licensing. Our decades of experience in the information security technology space means we can help you navigate the Microsoft ecosystem. And with our new platform, Aperture, we can help you create a truly effective, comprehensive data protection program.
A Tentative Start with DLP
Back in 2017, a client asked InteliSecure to evaluate Microsoft 0ffice 365 Email Data Loss Prevention (DLP) as a replacement for their traditional DLP system. At the time, we weren’t sure how well the Microsoft product would perform against the industry standards. Our approach was to highlight the areas in which it couldn’t perform and the possible gaps that using the product might create.
That initial testing resulted in a presentation we dubbed “Exploiting Microsoft DLP.” From the title, you might guess that the product as it was then didn’t compare well against the standards we expected from a data loss prevention system. Due to the limitations of the detection engine, triage capabilities, and reporting—our core areas of focus for a DLP service—we could not recommend the product to the enterprise at large. For a time, that presentation became the standard of how we spoke to clients who were curious about utilizing Microsoft DLP as a replacement for other available DLP solutions.
Shifting the Focus to Robust Data Protection
In mid-2019, something changed. At that year’s Microsoft Ignite conference, the company showcased a vast array of additions and enhancements to its data protection ecosystem. Microsoft had recently released Microsoft Cloud App Security (MCAS). We caught the excitement that was growing around Microsoft’s Exact Data Matching (EDM), fingerprinting, and customized data identifiers. In addition, the company now had the ability to leverage Azure Information Protection (AIP) in cloud repositories. Microsoft was making big changes in their compliance space.
These changes required us to take a fresh look and ask, “Are we wrong about Microsoft now?” The answer was yes. The company’s data protection solutions were almost ready to meet enterprise demands.
InteliSecure went back to the drawing board to look at Microsoft with a new understanding. How well did it perform?
During the evaluation we analyzed many of the same feature sets that we tested back in 2017. To our surprise, the new solutions are now passing our core tests with flying colors. Examples include:
- Pre- and post-character validations
- The ability to create customized data sets
- New data protection capabilities in Teams
- Vast Cloud Application Security Broker (CASB) capabilities in CAS
InteliSecure saw an opportunity to take this information out to our clients. In October of 2019, I presented these findings at our Global Client Summit in Denver.
The level of questions and interest really prompted us to look at Microsoft as not just an emerging DLP player. Today, Microsoft is becoming one of the premier data protection companies in the information security space. Gartner’s 2019 Magic Quadrants agreed.
But was it the complete solution?
What Was Still Missing?
After the Ignite conference, InteliSecure leadership met to discuss our innovation and offerings plan for 2020. As a vendor-neutral provider of managed data protection services and professional services, these discussions are an ongoing part of our commitment to provide complete and current information to our clients.
As a recently assigned R&D lead, my initial thought was to add Microsoft to our list of strategic partners as a data protection solution. Our company leaders agreed that the prospect would be promising. But we still had one roadblock to clear. Although Microsoft’s security offerings and methods had improved, the overall interaction with the product had not. Users struggled with essential activities such as referencing an event by a number, adding comments to an event, or easily and quickly escalating the event to another person.
InteliSecure builds successful data protection programs not just on technology but also on communication. When we recommend technologies, we ask:
- Does this feature set enable us to communicate, classify, and categorize the events that occur?
- Can we report events to the client to provide an understanding of the value of the data protection service?
Ultimately, in the case of Microsoft, we did not agree. But we didn’t stop with that. Instead, we used those questions as a starting point for the development of an interface that would provide our Microsoft-based clients with usability, capability, and reporting similar to the tools provided by other industry-leading DLP vendors.
This was the creation of project Aperture.
The Aperture Platform
In any organization, time and information are the primary challenges to an effective data protection strategy. Information security teams must be able to get and respond to information quickly.
Over many years, InteliSecure has focused on providing that essential combination. For every client, we create a funnel of events and filter them. This enables clients to focus on the events that have a grave or direct impact on the company’s risk. Every moment of time saved improves their ability to investigate and response to those events that have a weighted importance.
This was the goal of Aperture. The platform reduces the time and complexity of event management across the ecosystem of Microsoft data protection products. Aperture displays the wealth of information that Microsoft provides in a single pane.
If you were into star gazing or photography growing up (or still are), aperture is a familiar term. It’s how much light is allowed into the lens. The more light, the more you can see and capture. We are taking the wonderful advancements Microsoft has made and capturing all the information. Then we focus in to enable teams to display, interact, classify, and respond to those events in a single console.
How does it work?
Aperture works by utilizing what you already have:
- A Microsoft license
- The Security Graph API
- A permission set that allows Aperture to connect to Microsoft 365 cloud
The platform provides a full set of contextual information about an alert and displays it in the console. Aperture brings in alerts across CAS, 0ffice 365 DLP, and AIP. It also leverages integrations with Microsoft security tools such as Microsoft Defender ATP, Azure ATP, InTune. It uses conditional application access to provide the data loss and security implications to your critical assets.
Aperture helps clients understand and react to events that are processed broadly across the Microsoft platform. Many of the enhanced features of other security platforms are part of Aperture, including:
- Role-based access control (RBAC)
- Data loss and threat detection
- Comments and notes
- Assignment of incidents
- Machine learning
All these capabilities are powered and supported by InteliSecure’s proven managed data protection services. These services provide efficiency, custom workflows, reporting, and ease of management for all Microsoft data protection solutions.
When and Where?
This is just the beginning. As Microsoft has continuously improves their security standards, InteliSecure will be right alongside, adding enhancements into our platform as a Microsoft Silver Partner in Security.
Aperture will be released August 1, 2020.
The platform will be generally available for any current client or any new client who is utilizing Microsoft as a part of their data protection strategy.
Please contact us if you are interested, have any questions, or would like to see the product in a demonstration to determine whether Microsoft and InteliSecure are right for your organization.
To learn more, please view the on-demand webinar.