Highlights from Microsoft’s Virtual Security Summit

I joined a “security summit” held this week by Microsoft, to learn more about the state of security from some of their top practitioners. I couldn’t attend the entire event, but I did capture some highlights, which I’ll share here.

• I didn’t realize that the Peta/NotPetya malware was introduced in an unusual way. Someone infected computer devices in a target company’s supply chain. That was a new one for me.
• Malware is all about monetization—how to make money. That’s not news. What is new, however, is that some malware takes place to enable cryptocurrency mining.
• One quote I picked up: “Security is not a binary choice.” Security shouldn’t be thought of as a “do it/don’t do it” choice. It’s about making your organization a less attractive target for hacking than the next organization. You remember the quote about avoiding the bear: “I don’t have to run faster than the bear. I just have to run faster than you.”
• A new term to me: “the Defender’s Dilemma.” First, you figure out what to do. Then, you do it. Then, you demonstrate that you did the right thing. The last part is critical!
• There was talk about eventually using Artificial Intelligence to make full remediation decisions. That sounds far in the future. But then, that’s what I used to think about autonomously driven trucks as well.
• I didn’t understand the value of Windows as a Service when it first came out, other than as a rent-vs-buy choice. But there is an interesting use case: automated patch application, as well as automated operating system updates. We’ve all heard stories about organizations who were hit with malware or viruses and could have avoided the situation had they been up to date on OS patches.

Interesting insights from a space that’s evolving rapidly!