Back

How Microsoft Prepares for Emerging Security Threats

By now, we've all heard the scary stories of hackers that have been circulating the last few months.  Luckily, Microsoft is proactive about security threats and ensuring that your data in the cloud is as safe as safe can be.  As a Microsoft Gold Partner, Agile...

3 min read
Published on Nov 18, 2014
what-does-microsoft-do-to-prepare-for-emerging-security-threats-to-office-365

 By now, we’ve all heard the scary stories of hackers that have been circulating the last few months.  Luckily, Microsoft is proactive about security threats and ensuring that your data in the cloud is as safe as safe can be.  As a Microsoft Gold Partner, Agile IT is proud to move our customers into the Microsoft Cloud, knowing that Microsoft is always one step ahead.  Contact us today to make the move to Office 365, where you can securely, safely access your data from anywhere.

 

If you have been following the From Inside the Cloud series, we regularly bring you an insider’s view on how we operate and manage the Office 365 service for security, privacy and compliance directly from the people behind the service.

 

Recently, there have been a number of cyber security related news articles about vulnerabilities and exploits. If you are wondering if the Cloud increases your data risk, in this week’s episode we focus on the measures that our engineering team has in place to prepare for emerging security threats to the Office 365 service.

 

As we explain in this short video, we operate under the assumption that no computer system is perfectly secure, so we invest heavily in the “Assume Breach” approach.

 

Our colleague, Vivek Sharma, in his discussion on whether your data is safe at rest, highlighted the role of the Red and Blue teams as part of our “Assume Breach” approach.

 

And as core strategists of this approach for Office 365, today’s post focuses further on explaining the role of our Red team, an internal dedicated team of “white hat” hackers from varied industry backgrounds such as broader technology industry, defense and government, who conduct penetration testing on our system.

 

As a team, we push ourselves to creatively anticipate and simulate attacks from real-world adversaries using Tactics, Techniques and Procedures (TTP) that we know from ongoing research on emerging threats and trends. This then leads to the proactive exploration of vulnerabilities during a phase we call “reconnaissance” followed by “exploitation” where we try to bypass protections that may be in place and then lastly attempts to “access” the data. We in fact offer a number of examples of how we may go about this in this video.

 

Of course, as we do this there are clear rules of engagement to ensure that as we test the system we do not target customer data, impact service availability or compromise existing in place security.

 

Further, balancing the Red team is the Blue team whose role it is to monitor activities within the system to detect anomalous behavior and take action. As hard as the Red team is trying to find and exploit vulnerabilities the Blue team is trying to detect, investigate and mitigate security events.

 

Our red and blue teams work together within engineering to fix and harden the service. You can see and hear more on the Blue team’s work in our next post on Office Blogs, with lead engineer Matt Swann, who takes us behind the scenes of intrusion detection.

 

The combined efforts of our teams go toward improving detection by evolving our machine learning algorithms for the detection of anomalous activity as well as incident response.

 

We hope that today’s explanation offers a useful overview of how we prepare and plan for emerging security threats to keep your data safe.

 

Let us know what else you would like us to cover in this series—send us your comments and questions—and of course you can find more by visiting the Office 365 Trust Center.

 

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

GCC High Vs GCC for Protecting CUI with CMMC

Learn the key differences between GCC and GCC High for handling CUI under CMMC, DFARS, and NIST 800-171. Find out which cloud meets your compliance needs.

Mar 31, 2025
4 min read
Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation