The evolution of Microsoft Threat Protection, June update
Presently, efficient and effective response to identity threats is crucial, and Microsoft Threat Protection is built on the industry’s most widely used and comprehensive identity security service. As more organizations adopt hybrid environments, data is spread across multiple applications, is on-premises and in the cloud, and is accessed by multiple devices (often personal devices) and users. Most organizations no longer have a defined network perimeter, making traditional security tools obsolete. Identity is the control plane that is consistent across all elements of the modern organization.
At RSA, we announced a new unified Identity Threat Investigation experience between Azure Active Directory (Azure AD) Identity Protection, Azure Advanced Threat Protection (ATP), and Microsoft Cloud App Security. This experience will go into public preview this month.
Part of the new experience is enabled through Azure AD’s new integration with Azure ATP. Also, integration between Azure AD and Microsoft Cloud App Security enables continuous monitoring of user behavior from sign-in through the entire session. Microsoft Threat Protection’s identity services leverage user behavior analytics to create a dynamic investigation priority score (Figure 1) based off signal from Azure AD, Microsoft Cloud App Security, and Azure ATP. The investigation priority is calculated by assessing security alerts, abnormal activities, and potential business and asset impact related to each user. This score can help Security Operations (SecOps) teams focus and respond to the top user threats in the organization.