Back

How Microsoft Prepares for Emerging Security Threats

By now, we've all heard the scary stories of hackers that have been circulating the last few months.  Luckily, Microsoft is proactive about security threats and ensuring that your data in the cloud is as safe as safe can be.  As a Microsoft Gold Partner, Agile...

3 min read
Published on Nov 18, 2014
How Microsoft Prepares for Emerging Security Threats

By now, we’ve all heard the scary stories of hackers that have been circulating the last few months.  Luckily, Microsoft is proactive about security threats and ensuring that your data in the cloud is as safe as safe can be.  As a Microsoft Gold Partner, Agile IT is proud to move our customers into the Microsoft Cloud, knowing that Microsoft is always one step ahead.  Contact us today to make the move to Office 365, where you can securely, safely access your data from anywhere.

 

If you have been following the From Inside the Cloud series, we regularly bring you an insider’s view on how we operate and manage the Office 365 service for security, privacy and compliance directly from the people behind the service.

 

Recently, there have been a number of cyber security related news articles about vulnerabilities and exploits. If you are wondering if the Cloud increases your data risk, in this week’s episode we focus on the measures that our engineering team has in place to prepare for emerging security threats to the Office 365 service.

 

As we explain in this short video, we operate under the assumption that no computer system is perfectly secure, so we invest heavily in the “Assume Breach” approach.

 

Our colleague, Vivek Sharma, in his discussion on whether your data is safe at rest, highlighted the role of the Red and Blue teams as part of our “Assume Breach” approach.

 

And as core strategists of this approach for Office 365, today’s post focuses further on explaining the role of our Red team, an internal dedicated team of “white hat” hackers from varied industry backgrounds such as broader technology industry, defense and government, who conduct penetration testing on our system.

 

As a team, we push ourselves to creatively anticipate and simulate attacks from real-world adversaries using Tactics, Techniques and Procedures (TTP) that we know from ongoing research on emerging threats and trends. This then leads to the proactive exploration of vulnerabilities during a phase we call “reconnaissance” followed by “exploitation” where we try to bypass protections that may be in place and then lastly attempts to “access” the data. We in fact offer a number of examples of how we may go about this in this video.

 

Of course, as we do this there are clear rules of engagement to ensure that as we test the system we do not target customer data, impact service availability or compromise existing in place security.

 

Further, balancing the Red team is the Blue team whose role it is to monitor activities within the system to detect anomalous behavior and take action. As hard as the Red team is trying to find and exploit vulnerabilities the Blue team is trying to detect, investigate and mitigate security events.

 

Our red and blue teams work together within engineering to fix and harden the service. You can see and hear more on the Blue team’s work in our next post on Office Blogs, with lead engineer Matt Swann, who takes us behind the scenes of intrusion detection.

 

The combined efforts of our teams go toward improving detection by evolving our machine learning algorithms for the detection of anomalous activity as well as incident response.

 

We hope that today’s explanation offers a useful overview of how we prepare and plan for emerging security threats to keep your data safe.

 

Let us know what else you would like us to cover in this series—send us your comments and questions—and of course you can find more by visiting the Office 365 Trust Center.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

CMMC compliance for DoD contractors

CMMC Compliance Requirements for DoD Contractors and Subcontractors in the Defense Industry

CMMC compliance is mandatory for DoD contractors and subcontractors. Learn about certification levels, requirements, and the consequences of failing to meet compliance.

Apr 24, 2025
6 min read
How to prepare for a CMMC compliance audit

CMMC Compliance Audit Preparation: A Complete Checklist for Small Businesses

Preparing for a CMMC compliance audit is critical for DoD contractors. Use this checklist to perform a gap analysis, assess CMMC readiness, and prepare for a Level 2 assessment.

Apr 23, 2025
8 min read
FAR CUI vs CMMC Understanding

FAR CUI vs CMMC Understanding the Differences and Overlaps

FAR CUI and CMMC both focus on protecting sensitive federal data, but they have key differences. Learn how they work together and whether FAR CUI compliance aligns with CMMC.

Apr 15, 2025
10 min read
What Is a POAM?

What Is a POAM?

Learn how a Plan of Action and Milestones (POAM) helps meet NIST 800-171 & DFARS compliance. Understand its role in FedRAMP, security categorization, and risk mitigation.

Apr 8, 2025
8 min read
Best Cybersecurity Practices for Achieving CMMC Compliance

Best Cybersecurity Practices for Achieving CMMC Compliance

Achieving CMMC cybersecurity compliance requires strong security controls. Learn best practices for securing your IT environment, protecting CUI, and implementing MFA.

Apr 7, 2025
6 min read
8 Pranks for Windows 11 - Happy April Fools!

8 Pranks for Windows 11 - Happy April Fools!

Happy April Fools Day The day of the year when some IT staff think it might be humorous to do something to generate hundreds of support tickets for ...

Apr 1, 2025
3 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation